× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d079bbd380e5b768c3aca30628d2f4a07a8d038ab8923d0e88723a3453cf77e
File name: 06956.exe
Detection ratio: 18 / 66
Analysis date: 2018-03-24 04:54:07 UTC ( 11 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180324
AVG FileRepMalware 20180324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180324
eGambit Unsafe.AI_Score_75% 20180324
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/GenKryptik.BUNZ 20180324
Sophos ML heuristic 20180121
K7GW Trojan ( 700001211 ) 20180323
Kaspersky UDS:DangerousObject.Multi.Generic 20180324
Malwarebytes Trojan.Emotet 20180324
McAfee-GW-Edition BehavesLike.Win32.Expiro.ch 20180323
Palo Alto Networks (Known Signatures) generic.ml 20180324
Qihoo-360 HEUR/QVM20.1.077A.Malware.Gen 20180324
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180323
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180324
Ad-Aware 20180324
AegisLab 20180324
AhnLab-V3 20180323
Alibaba 20180323
ALYac 20180324
Antiy-AVL 20180323
Arcabit 20180324
Avast-Mobile 20180323
Avira (no cloud) 20180323
AVware 20180324
BitDefender 20180324
Bkav 20180322
CAT-QuickHeal 20180323
ClamAV 20180323
CMC 20180324
Comodo 20180324
Cybereason None
Cyren 20180324
DrWeb 20180324
Emsisoft 20180324
F-Prot 20180324
F-Secure 20180324
Fortinet 20180324
GData 20180324
Ikarus 20180323
Jiangmin 20180324
K7AntiVirus 20180324
Kingsoft 20180324
MAX 20180324
McAfee 20180324
Microsoft 20180324
eScan 20180324
NANO-Antivirus 20180324
nProtect 20180324
Panda 20180323
Rising 20180324
Sophos AV 20180324
SUPERAntiSpyware 20180324
Symantec Mobile Insight 20180311
Tencent 20180324
TheHacker 20180319
TrendMicro 20180324
TrendMicro-HouseCall 20180324
Trustlook 20180324
VBA32 20180323
VIPRE 20180324
ViRobot 20180324
WhiteArmor 20180223
Yandex 20180323
Zillya 20180323
Zoner 20180324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name TsUsbRedirectionGroupPolicyControl.exe
Internal name TsUsbRedirectionGroupPolicyControl
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Remote Desktop USB Redirection GP Extension Control
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-24 03:50:38
Entry Point 0x0001B9D0
Number of sections 4
PE sections
PE imports
DeleteAce
CryptDestroyHash
RegNotifyChangeKeyValue
CertCloseStore
CryptMsgControl
SelectPalette
CreatePolygonRgn
LPtoDP
AngleArc
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetCurrentDirectoryW
GetBinaryTypeW
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
ProcessIdToSessionId
FlsGetValue
ReadConsoleOutputW
GetCommandLineA
GetModuleFileNameA
FlsFree
LocalUnlock
GetProcessHeap
MprConfigTransportGetInfo
DrawDibClose
DsCrackNamesW
DispCallFunc
VarUI2FromStr
SysReAllocString
glTexImage2D
RasGetProjectionInfoW
RasGetCustomAuthDataW
NdrGetUserMarshalInfo
UuidCreate
NdrConformantArrayUnmarshall
SetupDiRemoveDevice
CM_Get_Device_ID_List_ExW
StrDupA
StrRChrA
StrCpyNW
PathMakePrettyW
SHRegGetValueW
QuerySecurityPackageInfoW
SetFocus
DdeDisconnectList
MenuItemFromPoint
GetActiveWindow
EndDialog
LoadCursorW
TileWindows
EnumDesktopWindows
UnpackDDElParam
RegisterDeviceNotificationW
TrackMouseEvent
GetClipboardOwner
SetCursorPos
IsCharLowerW
EnableMenuItem
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
mixerGetID
CryptCATStoreFromHandle
g_rgSCardRawPci
SCardListReaderGroupsA
Ord(30)
iswlower
ReleaseStgMedium
StgIsStorageILockBytes
HICON_UserMarshal
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:24 04:50:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
0.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1b9d0

InitializedDataSize
16384

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 99d7dc525172ddfc83686180e1e317fc
SHA1 2b1bd7c244e9e61cf19f84a92b332da9f5af1a02
SHA256 3d079bbd380e5b768c3aca30628d2f4a07a8d038ab8923d0e88723a3453cf77e
ssdeep

authentihash 156b648de5a6c0e0d0081bcfa483117862739f0b93951f6541a3969ff76da053
imphash cdca2bfbf0ad4e81976540923112e695
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 04:54:07 UTC ( 11 months ago )
Last submission 2018-05-26 01:32:00 UTC ( 8 months, 3 weeks ago )
File names 69170.exe
TsUsbRedirectionGroupPolicyControl
9662.exe
06956.exe
41404.exe
TsUsbRedirectionGroupPolicyControl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!