× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f4d09d0857c8b6486932ce3d210b29ffce27d07b0a920c9d0bfde44d885560b
File name: GTqJ7z8.exe
Detection ratio: 12 / 66
Analysis date: 2017-10-18 09:57:39 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171018
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171018
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/Kryptik.FXWK 20171018
Sophos ML heuristic 20170914
Malwarebytes Trojan.Emotet 20171018
McAfee-GW-Edition BehavesLike.Win32.Expiro.nc 20171018
Qihoo-360 HEUR/QVM20.1.95CA.Malware.Gen 20171018
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171018
Symantec ML.Attribute.HighConfidence 20171018
Ad-Aware 20171018
AegisLab 20171018
AhnLab-V3 20171018
Alibaba 20170911
ALYac 20171017
Antiy-AVL 20171018
Arcabit 20171017
Avast 20171018
Avast-Mobile 20171018
AVG 20171018
Avira (no cloud) 20171018
AVware 20171018
BitDefender 20171018
Bkav 20171017
CAT-QuickHeal 20171018
ClamAV 20171018
CMC 20171018
Comodo 20171017
Cyren 20171018
eGambit 20171018
Emsisoft 20171018
F-Prot 20171018
F-Secure 20171018
Fortinet 20171018
GData 20171018
Ikarus 20171018
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kaspersky 20171018
Kingsoft 20171018
MAX 20171018
McAfee 20171018
Microsoft 20171018
eScan 20171018
NANO-Antivirus 20171018
nProtect 20171018
Palo Alto Networks (Known Signatures) 20171018
Panda 20171017
Rising 20171018
SUPERAntiSpyware 20171018
Symantec Mobile Insight 20171011
Tencent 20171018
TheHacker 20171017
TotalDefense 20171018
TrendMicro 20171018
TrendMicro-HouseCall 20171018
Trustlook 20171018
VBA32 20171017
VIPRE 20171018
ViRobot 20171018
Webroot 20171018
WhiteArmor 20171016
Yandex 20171017
Zillya 20171018
ZoneAlarm by Check Point 20171018
Zoner 20171018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdsw09.dll
Internal name kbdsw09 (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Sinhala - Wij 9 Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-18 18:41:31
Entry Point 0x000019E0
Number of sections 8
PE sections
PE imports
CloseServiceHandle
OpenSCManagerW
RegOpenKeyExW
RegCreateKeyW
QueryServiceConfigW
IsTextUnicode
GetDeviceCaps
DeleteObject
CreateFontW
SetAbortProc
AreFileApisANSI
ConvertFiberToThread
RaiseException
GetConsoleAliasA
LocalAlloc
RemoveDirectoryW
GetLastError
FreeLibrary
UnregisterApplicationRestart
RegisterApplicationRestart
LocalFree
GenerateConsoleCtrlEvent
InterlockedExchange
GetProcAddress
LoadLibraryA
QueryPathOfRegTypeLib
RpcServerInqCallAttributesW
ExtractAssociatedIconA
SHGetFileInfoW
CryptCATAdminReleaseCatalogContext
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53504

EntryPoint
0x19e0

OriginalFileName
kbdsw09.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:10:18 19:41:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdsw09 (3.13)

ProductVersion
6.1.7600.16385

FileDescription
Sinhala - Wij 9 Keyboard Layout

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
17920

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 503791f3728b6bd03d464b3d6ecefcd2
SHA1 4e31983f927260087c45875cdd4cf52fbc600b91
SHA256 2f4d09d0857c8b6486932ce3d210b29ffce27d07b0a920c9d0bfde44d885560b
ssdeep
1536:7QzGKX/0nwXl4IBEaHp3J8PZOm7xiW1HAjkqj:s9X/gwXl4IB9J8owxiWNAIqj

authentihash 349af42c0be5e25d8d292f522a05334b8722e2c34cda30fe196f5e8bc8bcb7e3
imphash 3c8cb32fa13d2a0ebfa8be582dcadb1b
File size 96.5 KB ( 98816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-18 09:57:39 UTC ( 8 months, 1 week ago )
Last submission 2017-11-17 19:26:30 UTC ( 7 months, 1 week ago )
File names kbdsw09 (3.13)
GTqJ7z8.exe
kbdsw09.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications