× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 326d9bf458c589d7988886d111b6933db21efc950bfa1b44b1814c9dfdcb674b
File name: 326d9bf458c589d7988886d111b6933db21efc950bfa1b44b1814c9dfdcb674b
Detection ratio: 38 / 57
Analysis date: 2017-01-03 15:06:43 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.115288 20170103
AegisLab Troj.W32.Razy!c 20170103
AhnLab-V3 Trojan/Win32.Razy.R192143 20170103
ALYac Gen:Variant.Razy.115288 20170103
Arcabit Trojan.Razy.D1C258 20170103
Avast Win32:Malware-gen 20170103
AVG Crypt6.AKIZ 20170103
Avira (no cloud) TR/Crypt.Xpack.htuwr 20170103
AVware Trojan.Win32.Generic!BT 20170103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170103
BitDefender Gen:Variant.Razy.115288 20170103
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Emsisoft Trojan.Dridex (A) 20170103
ESET-NOD32 a variant of Win32/Kryptik.FLXC 20170103
F-Secure Gen:Variant.Razy.115288 20170103
GData Gen:Variant.Razy.115288 20170103
Ikarus Trojan.Win32.Dridex 20170103
Sophos ML backdoor.win32.prosti.l 20161216
K7AntiVirus Trojan ( 005012001 ) 20170103
K7GW Trojan ( 005012001 ) 20170103
Kaspersky Trojan.Win32.Razy.fzm 20170103
Malwarebytes Trojan.Injector 20170103
McAfee Artemis!3635AC6099BA 20170103
McAfee-GW-Edition BehavesLike.Win32.Virut.nc 20170103
Microsoft PWS:Win32/Dyzap.X 20170103
eScan Gen:Variant.Razy.115288 20170103
NANO-Antivirus Trojan.Win32.Razy.ejwhol 20170103
Panda Trj/Genetic.gen 20170102
Qihoo-360 HEUR/QVM19.1.056A.Malware.Gen 20170103
Rising Trojan.Razy!8.73AD-2hUC1mzzlhF (cloud) 20170103
Sophos AV Troj/Dridex-WU 20170103
SUPERAntiSpyware Trojan.Agent/Gen-MSFake 20170103
Symantec Trojan.Gen 20170103
Tencent Win32.Trojan.Kryptik.Ligr 20170103
TrendMicro TROJ_GEN.R0EAC0DLM16 20170103
TrendMicro-HouseCall TROJ_GEN.R0EAC0DLM16 20170103
VIPRE Trojan.Win32.Generic!BT 20170103
Yandex Trojan.Razy! 20170103
Alibaba 20170103
Antiy-AVL 20170103
Bkav 20170103
CAT-QuickHeal 20170103
ClamAV 20170103
CMC 20170103
Comodo 20170103
Cyren 20170103
DrWeb 20170103
F-Prot 20170103
Fortinet 20170103
Jiangmin 20170103
Kingsoft 20170103
nProtect 20170103
TheHacker 20170102
TotalDefense 20170103
Trustlook 20170103
VBA32 20161229
ViRobot 20170103
WhiteArmor 20161221
Zillya 20170102
Zoner 20170103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name ws2help.dll
Internal name ws2help.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Socket 2.0 Helper for Windows NT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-14 07:43:22
Entry Point 0x00018EE0
Number of sections 10
PE sections
PE imports
SetTextColor
WaitCommEvent
TerminateProcess
GetModuleHandleA
GetOverlappedResult
GetCurrentDirectoryA
GetProcAddress
SetComputerNameA
Shell_NotifyIconA
GetThreadDesktop
InsertMenuW
sprintf
strncpy
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x18ee0

OriginalFileName
ws2help.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:14 08:43:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ws2help.dll

ProductVersion
6.1.7600.16385

FileDescription
Windows Socket 2.0 Helper for Windows NT

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
23552

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 3635ac6099baedae893b3991f730652c
SHA1 cd08cc349459f99be7d00c046f6b9e5203c0f110
SHA256 326d9bf458c589d7988886d111b6933db21efc950bfa1b44b1814c9dfdcb674b
ssdeep
3072:VPiGccJRTQmAYQ+zkf+2iH8fmtpFhtFhB:5i2JRMXGy9fmtp7

authentihash ad2042fc942677eff4923cc821ed9b5f0adcd320ae85bc55f70aa3d5d8d0635b
imphash e4aca4e84e2c46208916a314cada9f43
File size 97.7 KB ( 100068 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-03 12:47:15 UTC ( 2 years, 1 month ago )
Last submission 2018-05-22 09:04:21 UTC ( 9 months ago )
File names ws2help.dll
326d9bf458c589d7988886d111b6933db21efc950bfa1b44b1814c9dfdcb674b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!