× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c6dd438b0f03f3ea26cded04fbf5f59fe26191e902f03d17f5e120d0005ab7e
File name: 4a01f28657d7f5a031d5b7afdc890a94
Detection ratio: 28 / 57
Analysis date: 2016-05-31 11:03:03 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3274466 20160531
AegisLab Troj.W32.Yakes!c 20160531
AhnLab-V3 Trojan/Win32.Yakes 20160531
Arcabit Trojan.Generic.D31F6E2 20160531
Avast Win32:Malware-gen 20160531
AVG Inject_s.HW 20160531
Avira (no cloud) TR/Crypt.Xpack.ncxr 20160531
Baidu Win32.Trojan.WisdomEyes.151026.9950.9971 20160530
BitDefender Trojan.GenericKD.3274466 20160531
CAT-QuickHeal (Suspicious) - DNAScan 20160531
DrWeb Trojan.Dridex.423 20160531
Emsisoft Trojan.GenericKD.3274466 (B) 20160531
ESET-NOD32 Win32/Dridex.AM 20160531
F-Secure Trojan.GenericKD.3274466 20160531
GData Trojan.GenericKD.3274466 20160531
Ikarus Trojan.Win32.Dridex 20160531
K7GW Trojan ( 004ef9861 ) 20160531
Kaspersky Trojan.Win32.Yakes.ptdq 20160531
Malwarebytes Trojan.Dridex 20160531
eScan Trojan.GenericKD.3274466 20160531
nProtect Trojan/W32.Yakes.159940 20160531
Panda Generic Suspicious 20160531
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160531
Rising Malware.XPACK-LNR/Heur!1.5594 20160531
Sophos AV Troj/Dridex-US 20160531
Symantec Trojan.Cridex 20160531
TrendMicro TSPY_DRIDEX.FO 20160531
TrendMicro-HouseCall TSPY_DRIDEX.FO 20160531
Alibaba 20160531
ALYac 20160531
Antiy-AVL 20160531
AVware 20160531
Baidu-International 20160531
Bkav 20160531
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
F-Prot 20160531
Fortinet 20160531
Jiangmin 20160531
K7AntiVirus 20160531
Kingsoft 20160531
McAfee 20160531
McAfee-GW-Edition 20160530
Microsoft 20160531
NANO-Antivirus 20160531
SUPERAntiSpyware 20160531
Tencent 20160531
TheHacker 20160530
TotalDefense 20160531
VBA32 20160531
VIPRE 20160531
ViRobot 20160531
Yandex 20160530
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wtsapi32.dll
Internal name wtsapi32.dll
File version 6.3.9600.17415 (winblue_r4.141028-1500)
Description Windows Remote Desktop Session Host Server SDK APIs
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2036-06-01 15:15:52
Entry Point 0x00023AD0
Number of sections 14
PE sections
PE imports
RaiseException
GetModuleHandleExW
DebugSetProcessKillOnExit
GetConsoleCP
GlobalFix
DebugBreak
FreeConsole
IsBadCodePtr
CreateMutexW
lstrcmpW
CommConfigDialogA
GetProcessHeap
GetWindowLongA
IsWindow
URLOpenBlockingStreamA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x23ad0

OriginalFileName
wtsapi32.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9600.17415 (winblue_r4.141028-1500)

TimeStamp
2036:06:01 16:15:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wtsapi32.dll

ProductVersion
6.3.9600.17415

FileDescription
Windows Remote Desktop Session Host Server SDK APIs

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36864

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4a01f28657d7f5a031d5b7afdc890a94
SHA1 a795124d2421a89ffdd48ef5bdd3cd7c308ad728
SHA256 3c6dd438b0f03f3ea26cded04fbf5f59fe26191e902f03d17f5e120d0005ab7e
ssdeep
3072:U23A74Mu2kkYeEyIk8AZQLU86SUEb6Ji1jVkZq9v:k7BulmZQg8p92JcjVku

authentihash d88d725d861d33fc6cb964950555b633926706295f62abfe73c92a6f89e91277
imphash 62af8261d9ccffc2f11f46f22a2eeb81
File size 156.2 KB ( 159940 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-30 10:26:01 UTC ( 2 years, 8 months ago )
Last submission 2016-12-15 17:48:45 UTC ( 2 years, 2 months ago )
File names chelseanthem.mp3
chelseanthem.exe
chelseanthem.exe
chelseanthem.ex_.gz.bin
wtsapi32.dll
arab.pif
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Runtime DLLs