× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41eab1c139eda5740b44ea1dcf82cc427526027a60ada2c6f887a2e74b761c4e
File name: 11.exe
Detection ratio: 5 / 57
Analysis date: 2015-05-21 08:31:11 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150521
Norman Dridex.K 20150521
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150521
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150520
Tencent Trojan.Win32.YY.Gen.2 20150521
Ad-Aware 20150521
AegisLab 20150521
Yandex 20150520
AhnLab-V3 20150520
Alibaba 20150521
ALYac 20150521
Antiy-AVL 20150521
Avast 20150521
AVG 20150521
Avira (no cloud) 20150521
AVware 20150521
Baidu-International 20150521
BitDefender 20150521
Bkav 20150520
ByteHero 20150521
CAT-QuickHeal 20150520
ClamAV 20150521
CMC 20150520
Comodo 20150521
Cyren 20150521
DrWeb 20150521
Emsisoft 20150521
ESET-NOD32 20150521
F-Prot 20150521
F-Secure 20150521
Fortinet 20150521
GData 20150521
Ikarus 20150521
Jiangmin 20150519
K7AntiVirus 20150521
K7GW 20150521
Kingsoft 20150521
Malwarebytes 20150521
McAfee 20150521
McAfee-GW-Edition 20150521
Microsoft 20150520
eScan 20150521
NANO-Antivirus 20150521
nProtect 20150520
Panda 20150520
Sophos AV 20150521
SUPERAntiSpyware 20150521
Symantec 20150521
TheHacker 20150520
TotalDefense 20150520
TrendMicro 20150521
TrendMicro-HouseCall 20150521
VBA32 20150520
VIPRE 20150521
ViRobot 20150521
Zillya 20150520
Zoner 20150520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft(R) Windows(R) Operating System
Original name dmcompos.dll
Internal name Microsoft DirectMusic Composer
File version 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft DirectMusic Composer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-21 07:15:08
Entry Point 0x00001078
Number of sections 6
PE sections
PE imports
GetSystemWow64DirectoryW
SetProcessWorkingSetSize
LocalLock
LCMapStringW
TlsGetValue
GetThreadIOPendingFlag
TerminateThread
AttachConsole
MoveFileWithProgressW
HeapWalk
SearchPathA
IsDBCSLeadByteEx
GetFullPathNameW
VirtualLock
SetComputerNameExW
SetConsoleOutputCP
RemoveVectoredExceptionHandler
Process32FirstW
VarR4FromCy
VarCyFromUI2
SetupGetLineTextA
Shell_NotifyIconA
GetProcessWindowStation
wcstod
iswcntrl
putchar
putc
mblen
_chkstk
sin
atol
FindMimeFromData
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.3.2600.2180

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x1078

OriginalFileName
dmcompos.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2015:05:21 08:15:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Microsoft DirectMusic Composer

ProductVersion
5.3.2600.2180

FileDescription
Microsoft DirectMusic Composer

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36864

ProductName
Microsoft(R) Windows(R) Operating System

ProductVersionNumber
5.3.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 f5aee45ce06f6d9f9210ae28545a14c6
SHA1 0426086aeda67ac5fb71313b445803aaf2008741
SHA256 41eab1c139eda5740b44ea1dcf82cc427526027a60ada2c6f887a2e74b761c4e
ssdeep
3072:qZp15+bubaueCunYIlLotFk+6r0VkHoe:qZQubazVnYIlotJMSm

authentihash 81f98559a44694de17d7096ab419d2e65b5b673329f756a294ea47c7545d9eaa
imphash 2a1c7ed0b4814bf4cae73390f9914bfe
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-21 07:56:26 UTC ( 2 years, 2 months ago )
Last submission 2015-05-22 17:36:46 UTC ( 2 years, 2 months ago )
File names Microsoft DirectMusic Composer
ribasiml.exe
HTTP-FO5nNs5s12Uh9bIKg.txt
11.exe.malware
11.exe
11.exe
41eab1c139eda5740b44ea1dcf82cc427526027a60ada2c6f887a2e74b761c4e.bin
dmcompos.dll
11_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections