× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44d613468ff087899103e2a0cd9b12f1759b77112c760f550442b7c868d3fa83
File name: ssuk.exe
Detection ratio: 9 / 56
Analysis date: 2017-01-20 11:15:14 UTC ( 2 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170120
CAT-QuickHeal (Suspicious) - DNAScan 20170120
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML generic.a 20170111
K7GW Trojan ( 700001211 ) 20170120
Malwarebytes Spyware.PasswordStealer 20170120
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20170120
Rising Malware.Generic!6e4XAAEia9J@2 (thunder) 20170120
Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170119
Ad-Aware 20170120
AegisLab 20170120
AhnLab-V3 20170120
Alibaba 20170120
ALYac 20170120
Antiy-AVL 20170120
Arcabit 20170120
Avast 20170120
AVG 20170119
Avira (no cloud) 20170120
AVware 20170120
BitDefender 20170120
ClamAV 20170120
CMC 20170120
Comodo 20170119
Cyren 20170120
DrWeb 20170120
Emsisoft 20170120
ESET-NOD32 20170120
F-Prot 20170120
F-Secure 20170120
Fortinet 20170120
GData 20170120
Ikarus 20170120
Jiangmin 20170120
K7AntiVirus 20170120
Kaspersky 20170120
Kingsoft 20170120
McAfee 20170120
McAfee-GW-Edition 20170120
Microsoft 20170120
eScan 20170120
NANO-Antivirus 20170120
nProtect 20170120
Panda 20170119
Sophos AV 20170120
SUPERAntiSpyware 20170120
Tencent 20170120
TheHacker 20170117
TotalDefense 20170120
TrendMicro 20170120
TrendMicro-HouseCall 20170120
Trustlook 20170120
VBA32 20170120
VIPRE 20170120
ViRobot 20170120
WhiteArmor 20170119
Yandex 20170119
Zillya 20170120
Zoner 20170120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Rtfg Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name ws2help.dll
Internal name ws2help.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Socket 2.0 Helper for Windows NT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-14 05:32:41
Entry Point 0x0001E8F0
Number of sections 18
PE sections
PE imports
CancelWaitableTimer
ConnectNamedPipe
GetCurrentDirectoryA
GetStringTypeA
GetModuleHandleA
ReadConsoleOutputAttribute
CreateEventA
lstrcpyA
GetStartupInfoA
QueryDosDeviceW
CloseHandle
SetThreadPriorityBoost
GetProcAddress
WriteConsoleOutputCharacterW
WriteProfileStringW
DnsHostnameToComputerNameA
MprAdminMIBBufferFree
ExtractIconExA
calloc
wcstod
labs
islower
sprintf
isdigit
strcmp
strncpy
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
6144

LinkerVersion
197.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Socket 2.0 Helper for Windows NT

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1e8f0

OriginalFileName
ws2help.dll

MIMEType
application/octet-stream

LegalCopyright
Rtfg Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:14 06:32:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ws2help.dll

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Rtfg Corporation

CodeSize
28160

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 a7976f9d1c95f8591c1cc36ddbc47031
SHA1 f195e515a9f88f84e680022ac8d564efff4189bc
SHA256 44d613468ff087899103e2a0cd9b12f1759b77112c760f550442b7c868d3fa83
ssdeep
1536:MQI+5mnNtMdYMAzEdlOT1hLBm0gdo4NRBf+L8ha5vyFKtx74oPNe8wasdDvrCbBd:MQMMd1AIiT1XmF508h1Fgx74oPqdXCb3

authentihash 84f7d1765d00e212ca3c5225dd9c70b7b259ac91fb2044f14ec53da3adecd819
imphash e982691c1f8e7f5ff2907e32593368e9
File size 114.8 KB ( 117536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-20 11:15:14 UTC ( 2 years ago )
Last submission 2017-01-20 11:15:14 UTC ( 2 years ago )
File names ws2help.dll
ssuk.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!