× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40ac1d2d6ea9492a2e8479bfc4abfb8978d1c30bc858c8c932a0c2b85ad74102
File name: bc1f6cbe27b7072e5f892a5714592766
Detection ratio: 31 / 57
Analysis date: 2016-05-07 10:59:50 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.49675 20160507
AhnLab-V3 Trojan/Win32.Cerber 20160506
ALYac Gen:Variant.Razy.49675 20160507
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160507
Arcabit Trojan.Razy.DC20B 20160507
Avast Win32:Trojan-gen 20160507
AVG Generic_r.IZV 20160507
Avira (no cloud) TR/Crypt.Xpack.khui 20160507
AVware Trojan.Win32.Generic!BT 20160507
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160506
BitDefender Gen:Variant.Razy.49675 20160507
Cyren W32/Trojan.ZFAH-7034 20160507
DrWeb Trojan.Encoder.4471 20160507
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160507
F-Secure Gen:Variant.Razy.49675 20160507
Fortinet W32/Kryptik.EWOI!tr 20160507
GData Gen:Variant.Razy.49675 20160507
Kaspersky Backdoor.Win32.Androm.jpkz 20160507
Malwarebytes Ransom.CryptoMix 20160507
McAfee Artemis!BC1F6CBE27B7 20160507
McAfee-GW-Edition BehavesLike.Win32.Downloader.hh 20160507
Microsoft Ransom:Win32/Teerac.A 20160507
eScan Gen:Variant.Razy.49675 20160507
Panda Trj/GdSda.A 20160507
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160507
Rising Malware.XPACK-HIE/Heur!1.9C48 20160507
Sophos AV Mal/Generic-S 20160507
Symantec Trojan Horse 20160507
Tencent Win32.Backdoor.Androm.Pfjj 20160507
TrendMicro TROJ_GEN.R0E9C0DE616 20160507
VIPRE Trojan.Win32.Generic!BT 20160507
AegisLab 20160507
Alibaba 20160506
Baidu-International 20160507
Bkav 20160506
CAT-QuickHeal 20160507
ClamAV 20160507
CMC 20160506
Comodo 20160507
Emsisoft 20160503
F-Prot 20160507
Ikarus 20160507
Jiangmin 20160507
K7AntiVirus 20160507
K7GW 20160507
Kingsoft 20160507
NANO-Antivirus 20160507
nProtect 20160504
SUPERAntiSpyware 20160507
TheHacker 20160505
TotalDefense 20160507
TrendMicro-HouseCall 20160507
VBA32 20160505
ViRobot 20160507
Yandex 20160506
Zillya 20160507
Zoner 20160507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product DSConfig
Original name dsconfig.exe
Internal name dsconfig.exe
File version 1.0.0.1
Description DSConfig
Comments DSConfig
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-06 19:03:08
Entry Point 0x00001070
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
SetDIBits
ExtFloodFill
GetDIBColorTable
CreatePolygonRgn
GetTextMetricsW
Polygon
TextOutW
CreateFontIndirectW
CreateHalftonePalette
GetTextExtentPoint32W
CreatePen
GetBkMode
SaveDC
ResizePalette
CreateICW
CreateRectRgnIndirect
LPtoDP
PtVisible
PlayMetaFile
GetPixel
Rectangle
SetMapMode
GetDeviceCaps
TranslateCharsetInfo
LineTo
OffsetRgn
DeleteDC
RestoreDC
SetBkMode
EnumFontFamiliesW
SetPixel
SelectObject
GetObjectW
CreateDCW
CreateDIBSection
RealizePalette
SetTextColor
CreatePatternBrush
GetCurrentObject
FillRgn
ExtTextOutW
SetPaletteEntries
CreateBitmap
BitBlt
CreatePalette
EnumFontFamiliesExW
CreateDIBitmap
GetPolyFillMode
SelectPalette
UnrealizeObject
GetDIBits
RoundRect
SetTextAlign
SetROP2
RectVisible
CreateCompatibleDC
StretchBlt
GetNearestColor
StretchDIBits
SetStretchBltMode
PolyBezier
SetBrushOrgEx
CloseFigure
DeleteObject
GetNearestPaletteIndex
PatBlt
GetPaletteEntries
SetDIBColorTable
Ellipse
SetDIBitsToDevice
GetTextColor
CreateSolidBrush
Polyline
GetStockObject
Escape
SetBkColor
BeginPath
SetViewportExtEx
CreateCompatibleBitmap
MoveToEx
VirtualAlloc
GetModuleHandleW
CharLowerA
GetDlgCtrlID
GetMessagePos
LoadIconA
IsCharLowerA
IsClipboardFormatAvailable
CloseDesktop
GetClipboardSequenceNumber
Number of PE resources by type
RT_ICON 9
RT_GROUP_CURSOR 6
RT_CURSOR 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SLOVAK DEFAULT 23
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
DSConfig

InitializedDataSize
185344

ImageVersion
0.0

ProductName
DSConfig

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
dsconfig.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.1

TimeStamp
2016:05:06 20:03:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dsconfig.exe

ProductVersion
1.0.0.1

FileDescription
DSConfig

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MONOGRAM Multimedia, s.r.o.

CodeSize
413696

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x1070

ObjectFileType
Executable application

File identification
MD5 bc1f6cbe27b7072e5f892a5714592766
SHA1 574b4272c0e3151f668b5a3c629bb31573a754c5
SHA256 40ac1d2d6ea9492a2e8479bfc4abfb8978d1c30bc858c8c932a0c2b85ad74102
ssdeep
12288:7h7dfnhdi6EBFAnh2oI+zHBozhcUW4YSZ:7NdfDrEBFAPhozhc6

authentihash d6aed3bd8ef534de0225983ecb6c0a9615a4790ff8b6392a5efb20e5ae6b2de3
imphash ef79bea695d8e385a5682932a81ce0e8
File size 586.0 KB ( 600064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-07 10:59:50 UTC ( 2 years, 9 months ago )
Last submission 2016-05-07 10:59:50 UTC ( 2 years, 9 months ago )
File names dsconfig.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications