× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e46d920c3a093587ec5544a8032856b31189e84967e92a988be77b3c5e10480
File name: 643a1f9e7b6699a63dd5b9719078c63c
Detection ratio: 43 / 68
Analysis date: 2017-12-22 12:50:58 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.84221 20171222
AegisLab Tspy.Emotet.Smd19!c 20171222
AhnLab-V3 Trojan/Win32.Dovs.R216217 20171222
Arcabit Trojan.Johnnie.D148FD 20171222
Avast FileRepMalware 20171222
AVG FileRepMalware 20171222
Avira (no cloud) TR/Crypt.ZPACK.gagaa 20171222
AVware Trojan.Win32.Generic!BT 20171222
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Gen:Variant.Johnnie.84221 20171222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.30d36c 20171103
Cylance Unsafe 20171222
Cyren W32/Trojan.FOJA-0283 20171222
Emsisoft Gen:Variant.Johnnie.84221 (B) 20171222
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BJPN 20171222
F-Secure Gen:Variant.Johnnie.84221 20171222
Fortinet W32/Kryptik.FYVK!tr 20171222
GData Win32.Trojan-Spy.Emotet.II 20171222
Ikarus Win32.Outbreak 20171222
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005214381 ) 20171222
K7GW Trojan ( 005214381 ) 20171222
Kaspersky Trojan.Win32.Dovs.eja 20171222
Malwarebytes Trojan.Emotet 20171222
MAX malware (ai score=89) 20171222
McAfee RDN/Generic.grp 20171222
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20171222
eScan Gen:Variant.Johnnie.84221 20171222
Palo Alto Networks (Known Signatures) generic.ml 20171222
Panda Trj/RnkBend.A 20171222
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171222
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171222
Symantec Trojan.Emotet 20171222
Tencent Suspicious.Heuristic.Gen.b.0 20171222
TrendMicro TSPY_EMOTET.SMD19 20171222
TrendMicro-HouseCall TSPY_EMOTET.SMD19 20171222
VIPRE Trojan.Win32.Generic!BT 20171222
ViRobot Trojan.Win32.Agent.115712.AG 20171222
Webroot W32.Trojan.Emotet 20171222
ZoneAlarm by Check Point Trojan.Win32.Dovs.eja 20171222
Alibaba 20171222
ALYac 20171222
Antiy-AVL 20171222
Avast-Mobile 20171222
Bkav 20171222
CAT-QuickHeal 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
DrWeb 20171222
eGambit 20171222
F-Prot 20171222
Jiangmin 20171221
Kingsoft 20171222
Microsoft 20171222
NANO-Antivirus 20171222
nProtect 20171222
Qihoo-360 20171222
SUPERAntiSpyware 20171222
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171222
Trustlook 20171222
VBA32 20171222
WhiteArmor 20171204
Yandex 20171221
Zillya 20171221
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdsl1.dll
Internal name kbdsl1 (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Slovak(QWERTY) Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-22 09:31:39
Entry Point 0x00002D40
Number of sections 7
PE sections
PE imports
GetSidSubAuthorityCount
RegOpenKeyA
AVIStreamRelease
CreateToolbarEx
CryptEncodeObject
JetSetColumns
JetEscrowUpdate
GetGlyphOutlineA
GetCharWidthW
GetOEMCP
BuildCommDCBA
GetACP
FlsFree
GlobalFindAtomW
VarUdateFromDate
RpcBindingFromStringBindingW
RpcErrorEndEnumeration
SetupDiRegisterCoDeviceInstallers
SetupOpenLog
SetupDiCreateDeviceInterfaceRegKeyW
Ord(526)
PathRemoveBackslashA
SHRegSetPathW
QuerySecurityPackageInfoW
SetParent
GetCursor
GetMessagePos
SetCaretPos
GetPrinterDataW
inet_addr
WSACleanup
SCardListReadersW
OpenColorProfileA
Ord(30)
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Slovak(QWERTY) Keyboard Layout

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
101888

EntryPoint
0x2d40

OriginalFileName
kbdsl1.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:12:22 10:31:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdsl1 (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
210944

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 643a1f9e7b6699a63dd5b9719078c63c
SHA1 7074e1630d36c4586e5e18919968e2e1589f39e4
SHA256 2e46d920c3a093587ec5544a8032856b31189e84967e92a988be77b3c5e10480
ssdeep
1536:fosdaSM3ZyoLaTYoMQv7A3UQfaZbIcJm4TpXBQaweLFCexyy/SDSPXIze1XrfBNK:fosdUuIn4luaweLYuyvOPXIzibK

authentihash a93b873847ef920afea9f5e4e20d599774e14aec62bd80ddd220b19dcab08d5e
imphash 7dad708534fea9a7c2f36876c43166b4
File size 113.0 KB ( 115712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-22 00:39:24 UTC ( 11 months, 3 weeks ago )
Last submission 2018-05-26 17:39:28 UTC ( 6 months, 3 weeks ago )
File names sz4ddCEWRYxzOFJnQA.exe
kbdsl1.dll
kbdsl1 (3.13)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!