× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ab9bf773f8928ac314340e8aed771d63e6c2abd4939d47748bffbef722e297f
File name: edg1.exe
Detection ratio: 3 / 57
Analysis date: 2015-02-19 12:01:23 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
McAfee Downloader-FAPS!AB34E59FDFF3 20150219
McAfee-GW-Edition BehavesLike.Win32.Virut.mh 20150219
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150218
Ad-Aware 20150219
AegisLab 20150219
Yandex 20150218
AhnLab-V3 20150219
Alibaba 20150219
ALYac 20150219
Antiy-AVL 20150219
Avast 20150219
AVG 20150219
Avira (no cloud) 20150219
AVware 20150219
Baidu-International 20150219
BitDefender 20150219
Bkav 20150213
ByteHero 20150219
CAT-QuickHeal 20150219
ClamAV 20150219
CMC 20150214
Comodo 20150219
Cyren 20150219
DrWeb 20150219
Emsisoft 20150219
ESET-NOD32 20150219
F-Prot 20150219
F-Secure 20150219
Fortinet 20150219
GData 20150219
Ikarus 20150219
Jiangmin 20150216
K7AntiVirus 20150219
K7GW 20150219
Kaspersky 20150219
Kingsoft 20150219
Malwarebytes 20150219
Microsoft 20150219
eScan 20150219
NANO-Antivirus 20150219
Norman 20150219
nProtect 20150218
Panda 20150219
Qihoo-360 20150219
Sophos 20150219
SUPERAntiSpyware 20150219
Symantec 20150219
Tencent 20150219
TheHacker 20150218
TotalDefense 20150219
TrendMicro 20150219
TrendMicro-HouseCall 20150219
VBA32 20150219
VIPRE 20150219
ViRobot 20150219
Zillya 20150218
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DynaMon.dll
Internal name DynaMon.dll
File version 5.1.2630.5512 (xpsp.080413-0852)
Description Standard Dynamic Printing Port Monitor DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-10 10:14:15
Entry Point 0x00005EC0
Number of sections 6
PE sections
PE imports
JetGetLock
JetTruncateLog
JetRestore2
JetTerm2
ExitProcess
FreeConsole
SetupGetLineTextW
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInfoListDetailA
GetForegroundWindow
MessageBoxW
IsWindow
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
6.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2630.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
63488

EntryPoint
0x5ec0

OriginalFileName
DynaMon.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2630.5512 (xpsp.080413-0852)

TimeStamp
2012:11:10 11:14:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DynaMon.dll

ProductVersion
5.1.2630.5512

FileDescription
Standard Dynamic Printing Port Monitor DLL

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2630.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 ab34e59fdff3ca1e63009fbe1d3c9f0f
SHA1 d686028bdcff9e37fb344af9215d3da34c429ef9
SHA256 2ab9bf773f8928ac314340e8aed771d63e6c2abd4939d47748bffbef722e297f
ssdeep
768:5RyrvtDyob0zvWsU4rmFIkXVQhD22EfFUr6KtOGqPpsKV1yzV/JpfMnLnhJMrQRP:5QztbMesU4eFQh+fFZpGq2im/Jp87B

authentihash d637608c3f126ad623360e27e3d0f8c590fa18fd0708aee6cec65c3a97396e58
imphash 86db3783a5f1a823b6fdf678adffe263
File size 80.0 KB ( 81920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-19 12:01:23 UTC ( 2 years, 4 months ago )
Last submission 2015-02-19 21:47:52 UTC ( 2 years, 4 months ago )
File names edg6.exe
DynaMon.dll
edg1.exe
edg65ED.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections