× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3fa1c6eefbd663817aa7dc20d02001bc48164b59754e9cc8d1196f5ad37a65c5
Detection ratio: 18 / 66
Analysis date: 2018-04-04 12:16:36 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180404
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180404
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.302191 20180225
Cylance Unsafe 20180404
eGambit Unsafe.AI_Score_84% 20180404
Endgame malicious (high confidence) 20180403
Fortinet W32/GenKryptik.BMLF!tr 20180404
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180404
MAX malware (ai score=93) 20180404
McAfee Artemis!43C1903980E1 20180404
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180404
Microsoft Trojan:Win32/Azden.B!cl 20180404
Palo Alto Networks (Known Signatures) generic.ml 20180404
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Gen.NPE.2 20180404
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180404
Ad-Aware 20180404
AhnLab-V3 20180404
Alibaba 20180404
ALYac 20180404
Antiy-AVL 20180404
Arcabit 20180404
Avast 20180404
Avast-Mobile 20180404
AVG 20180404
Avira (no cloud) 20180404
AVware 20180404
BitDefender 20180404
Bkav 20180404
CAT-QuickHeal 20180404
ClamAV 20180404
CMC 20180404
Comodo 20180404
Cyren 20180404
DrWeb 20180404
Emsisoft 20180404
ESET-NOD32 20180404
F-Prot 20180404
F-Secure 20180404
GData 20180404
Ikarus 20180404
Jiangmin 20180404
K7AntiVirus 20180404
K7GW 20180404
Kingsoft 20180404
Malwarebytes 20180404
eScan 20180404
NANO-Antivirus 20180404
nProtect 20180404
Panda 20180403
Qihoo-360 20180404
Rising 20180404
Sophos AV 20180404
SUPERAntiSpyware 20180404
Symantec Mobile Insight 20180401
Tencent 20180404
TheHacker 20180330
TrendMicro 20180404
TrendMicro-HouseCall 20180404
Trustlook 20180404
VBA32 20180404
VIPRE 20180404
ViRobot 20180404
WhiteArmor 20180403
Yandex 20180403
Zillya 20180403
Zoner 20180403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows® Internet Explorer
Original name iesysprep.dll
Internal name iesysprep
File version 8.00.7601.17514 (win7sp1_rtm.101119-1850)
Description IE Sysprep Provider
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-04 15:58:17
Entry Point 0x00002C87
Number of sections 5
PE sections
PE imports
RegEnumValueW
ImageList_Destroy
GetWindowOrgEx
GetSystemDefaultLangID
GlobalDeleteAtom
GetConsoleOutputCP
GetConsoleCP
GetConsoleWindow
GetOEMCP
GetSystemDefaultLCID
GetThreadLocale
FreeConsole
GetACP
GetProcAddress
LoadLibraryA
VarBstrFromUI1
SysStringLen
GetRecordInfoFromGuids
RasFreeEapUserIdentityA
NdrInterfacePointerMarshall
RpcMgmtWaitServerListen
StrCatW
GetWindowTextA
GetShellWindow
EnableScrollBar
SendDriverMessage
AddPrinterConnectionW
Ord(30)
fclose
iswupper
memcpy
CoGetTreatAsClass
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IE Sysprep Provider

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
141824

EntryPoint
0x2c87

OriginalFileName
iesysprep.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
8.00.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:04:04 16:58:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iesysprep

ProductVersion
8.00.7601.17514

SubsystemVersion
5.0

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
18432

ProductName
Windows Internet Explorer

ProductVersionNumber
8.0.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 43c1903980e115241aba809969aa911a
SHA1 7ad4bc3302191c2e820167b42251664bffc5de5f
SHA256 3fa1c6eefbd663817aa7dc20d02001bc48164b59754e9cc8d1196f5ad37a65c5
ssdeep
3072:fA/F8jt8+ERH0bqPIgKC1WALYB5Vdqcvb5I9fSphCG4:fRS+UyqbKCPWqctcG

authentihash 46edbfe4770d786ef8c56e64d5985ca670f094617d91fb5bb983015970619c7d
imphash fbc7864431406573cd06ae2e7d1c2544
File size 157.5 KB ( 161280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-04 10:19:52 UTC ( 10 months, 3 weeks ago )
Last submission 2018-10-01 11:00:29 UTC ( 4 months, 3 weeks ago )
File names 53d8b48baf77c4193ee7ee145e931153a92a2786
iesysprep
urlref_httpadam-grant.comYtrBvc095801.exe
iesysprep.dll
YtrBvc095801.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs