× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ec56a633f59009eb432a0c74434318ac3eecc59e5cf65aa0c3dc5b10b3115c0
File name: 271543a2e8ecb8d5fe9abf73441a982e
Detection ratio: 24 / 66
Analysis date: 2018-05-31 14:31:26 UTC ( 6 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.80318 20180531
AhnLab-V3 Malware/Win64.Generic.C2434383 20180531
ALYac Gen:Variant.Mikey.80318 20180531
Avira (no cloud) HEUR/AGEN.1003891 20180531
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9595 20180531
BitDefender Gen:Variant.Mikey.80318 20180531
Cylance Unsafe 20180531
Emsisoft Gen:Variant.Mikey.80318 (B) 20180531
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/Kryptik.BJB 20180531
F-Secure Gen:Variant.Mikey.80318 20180531
Fortinet W64/Kryptik.BHM!tr 20180531
GData Gen:Variant.Mikey.80318 20180531
Ikarus Trojan.Win64.Crypt 20180531
Sophos ML heuristic 20180504
Kaspersky HEUR:Trojan.Win32.Generic 20180531
MAX malware (ai score=81) 20180531
McAfee Drixed-FHJ!271543A2E8EC 20180530
McAfee-GW-Edition Drixed-FHJ!271543A2E8EC 20180531
Microsoft Backdoor:Win32/Dridex 20180531
eScan Gen:Variant.Mikey.80318 20180531
Sophos AV Mal/Dridex-G 20180531
Webroot W32.Infostealer.Dridex 20180531
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180531
AegisLab 20180531
Alibaba 20180530
Antiy-AVL 20180531
Arcabit 20180531
Avast 20180531
Avast-Mobile 20180531
AVG 20180531
AVware 20180531
Babable 20180406
Bkav 20180531
CAT-QuickHeal 20180531
ClamAV 20180531
CMC 20180529
Comodo 20180531
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180531
DrWeb 20180531
eGambit 20180531
F-Prot 20180531
Jiangmin 20180531
K7AntiVirus 20180530
K7GW 20180531
Kingsoft 20180531
Malwarebytes 20180531
NANO-Antivirus 20180531
nProtect 20180531
Palo Alto Networks (Known Signatures) 20180531
Panda 20180531
Qihoo-360 20180531
Rising 20180531
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180531
Symantec 20180531
Symantec Mobile Insight 20180525
Tencent 20180531
TheHacker 20180531
TotalDefense 20180531
TrendMicro 20180531
TrendMicro-HouseCall 20180531
Trustlook 20180531
VBA32 20180531
VIPRE 20180531
ViRobot 20180531
Yandex 20180529
Zillya 20180530
Zoner 20180531
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft®
Original name wshbth.dll
Internal name wshbt
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description IE plugin image decoder support DLL
PE header basic information
Target machine x64
Compilation timestamp 2018-03-14 21:36:57
Entry Point 0x00001540
Number of sections 8
PE sections
PE imports
GetOldestEventLogRecord
RegOpenUserClassesRoot
GetBinaryTypeW
GetModuleFileNameW
ExitProcess
GetCurrentThreadId
GetSystemPowerStatus
GetModuleHandleW
GetMenuState
EndDeferWindowPos
KillTimer
waveInAddBuffer
HWND_UserSize
GetHGlobalFromILockBytes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
17.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.0.9600.17416

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
614400

EntryPoint
0x1540

OriginalFileName
wshbth.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:03:14 22:36:57+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
wshbt

ProductVersion
6.1.7601.17514

FileDescription
IE plugin image decoder support DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft

ProductVersionNumber
11.0.9600.17416

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 271543a2e8ecb8d5fe9abf73441a982e
SHA1 75c3c9385b21423a9b56e9a2ee27ebcf0612bd65
SHA256 3ec56a633f59009eb432a0c74434318ac3eecc59e5cf65aa0c3dc5b10b3115c0
ssdeep
6144:8c0/C9twyCkoOGT9Zi5CdVrvB2YdwIF4fU+TP9VZGQb/ma0zF2cdIpMNGRud8:G/yEDO4weFMxlTGumfFDdIpMNGc

authentihash 63e22e49bb00238f34d48e89cb9786fcddf1313325c36559eba5e08568f48729
imphash ec4b4003bcf780a93ec09f4c1dfc23b9
File size 616.0 KB ( 630784 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-05-31 14:31:26 UTC ( 6 months, 1 week ago )
Last submission 2018-05-31 14:31:26 UTC ( 6 months, 1 week ago )
File names wshbth.dll
wshbt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!