× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39978ff923e47c8c0c08ee78ce1f93c398b798cd08162fe7c7beed641ddbac01
File name: f4a1dc79ce4f32dfbd0c323c7dabde0c
Detection ratio: 30 / 66
Analysis date: 2018-08-25 21:13:10 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.382466 20180825
ALYac Gen:Variant.Razy.382466 20180825
Arcabit Trojan.Razy.D5D602 20180825
Avast Win32:Malware-gen 20180825
AVG Win32:Malware-gen 20180825
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180820
BitDefender Gen:Variant.Razy.382466 20180825
CAT-QuickHeal Trojan.Emotet.X4 20180825
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Emsisoft Gen:Variant.Razy.382466 (B) 20180825
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJWB 20180825
F-Secure Gen:Variant.Razy.382466 20180825
Fortinet W32/Kryptik.GJWB!tr 20180825
GData Gen:Variant.Razy.382466 20180825
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Emotet.bbmo 20180825
Malwarebytes Trojan.Emotet 20180825
MAX malware (ai score=82) 20180825
McAfee Emotet-FIG!F4A1DC79CE4F 20180825
McAfee-GW-Edition BehavesLike.Win32.Emotet.fm 20180825
Microsoft Trojan:Win32/Cloxer.D!cl 20180825
Panda Trj/GdSda.A 20180825
Qihoo-360 HEUR/QVM20.1.6DD1.Malware.Gen 20180825
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180825
Symantec ML.Attribute.HighConfidence 20180825
TrendMicro TSPY_EMOTET.THHBDAH 20180825
TrendMicro-HouseCall TSPY_EMOTET.THHBDAH 20180825
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bbmo 20180825
AegisLab 20180825
AhnLab-V3 20180825
Alibaba 20180713
Antiy-AVL 20180825
Avast-Mobile 20180824
Avira (no cloud) 20180825
AVware 20180823
Babable 20180822
Bkav 20180824
ClamAV 20180825
CMC 20180825
Comodo 20180825
Cyren 20180825
DrWeb 20180825
eGambit 20180825
F-Prot 20180825
Ikarus 20180825
Jiangmin 20180825
K7AntiVirus 20180825
K7GW 20180825
Kingsoft 20180825
eScan 20180825
NANO-Antivirus 20180825
Palo Alto Networks (Known Signatures) 20180825
Rising 20180825
SUPERAntiSpyware 20180825
Symantec Mobile Insight 20180822
TACHYON 20180825
Tencent 20180825
TheHacker 20180824
TotalDefense 20180825
Trustlook 20180825
VBA32 20180824
VIPRE 20180825
ViRobot 20180825
Webroot 20180825
Yandex 20180824
Zillya 20180824
Zoner 20180824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name dmsynth.dll
Internal name Microsoft DirectMusic Software Synthesizer
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft DirectMusic Software Synthesizer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-23 22:32:15
Entry Point 0x00012BD4
Number of sections 6
PE sections
PE imports
BackupEventLogW
AddAuditAccessAceEx
RegDisablePredefinedCache
QueryUsersOnEncryptedFile
SetTextAlign
GetTextCharsetInfo
GetAspectRatioFilterEx
GetDCPenColor
DeleteIpForwardEntry
ExitThread
GetLogicalProcessorInformation
GetBinaryTypeW
WriteConsoleOutputAttribute
GetModuleHandleA
GetVersionExW
GetWindowsDirectoryA
WriteFile
UnlockFileEx
GetCommandLineA
GetACP
GetSystemPowerStatus
GetNumberFormatW
GetProcessHeap
DrawDibClose
DsListSitesW
VarUI2FromBool
VarTokenizeFormatString
PathIsDirectoryA
PathIsDirectoryEmptyW
EndDialog
midiOutUnprepareHeader
mixerMessage
CoCreateGuid
OleBuildVersion
PdhEnumObjectItemsW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft DirectMusic Software Synthesizer

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
262656

EntryPoint
0x12bd4

OriginalFileName
dmsynth.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:08:23 15:32:15-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Microsoft DirectMusic Software Synthesizer

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
79872

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f4a1dc79ce4f32dfbd0c323c7dabde0c
SHA1 b0c13897ecb87fbbfa5649073b492cc44290194f
SHA256 39978ff923e47c8c0c08ee78ce1f93c398b798cd08162fe7c7beed641ddbac01
ssdeep
6144:+qc96R4SlOnzk4Bu39d99d991zlUzAbdBv4kJ6C:Tcg85BkeEzdAC

authentihash 2438ab97d509e8e6ec84eb264ced0bb8d15942717b551aa60e5aac8cca0c208d
imphash a21b67da2d9522f91de12ce0ae33fbba
File size 330.5 KB ( 338432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-25 21:13:10 UTC ( 6 months ago )
Last submission 2018-08-25 21:13:10 UTC ( 6 months ago )
File names dmsynth.dll
Microsoft DirectMusic Software Synthesizer
17295760.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs