× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46964ecd691522fea9f428197ea5a42e39148de384d50b89b39971dd4cb5fb2a
File name: 12d88d7b7c5a71a3d2ebeff33d6ae454ebe541a6
Detection ratio: 31 / 57
Analysis date: 2016-12-22 03:34:10 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3945602 20161222
AegisLab Heur.Advml.Gen!c 20161221
AhnLab-V3 Trojan/Win32.Razy.R192143 20161221
Arcabit Trojan.Generic.D3C3482 20161222
Avira (no cloud) TR/Crypt.Xpack.yjklj 20161221
AVware Trojan.Win32.Generic!BT 20161222
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Trojan.GenericKD.3945602 20161222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Emsisoft Trojan.Dridex (A) 20161222
ESET-NOD32 a variant of Win32/Kryptik.FLXC 20161222
F-Secure Trojan.GenericKD.3945602 20161222
GData Trojan.GenericKD.3945602 20161222
Ikarus Trojan.Win32.Dridex 20161221
Sophos ML backdoor.win32.vawtrak.f 20161216
K7AntiVirus Trojan ( 00500f351 ) 20161221
K7GW Trojan ( 00500f351 ) 20161222
Kaspersky Trojan.Win32.Razy.fyr 20161222
Malwarebytes Trojan.Injector 20161221
McAfee RDN/Generic.grp 20161222
McAfee-GW-Edition BehavesLike.Win32.Virut.nc 20161222
Microsoft PWS:Win32/Dyzap.X 20161222
eScan Trojan.GenericKD.3945602 20161222
Panda Trj/Injector.AV 20161221
Qihoo-360 HEUR/QVM19.1.F48B.Malware.Gen 20161222
Rising Malware.Generic!E44jBNPOCTI@2 (thunder) 20161222
Sophos AV Troj/Dridex-WT 20161222
Symantec Trojan Horse 20161222
TrendMicro TROJ_GEN.R047C0DLL16 20161222
TrendMicro-HouseCall TROJ_GEN.R047C0DLL16 20161222
VIPRE Trojan.Win32.Generic!BT 20161222
Alibaba 20161221
ALYac 20161222
Antiy-AVL 20161222
Avast 20161222
AVG 20161222
Bkav 20161221
CAT-QuickHeal 20161221
ClamAV 20161222
CMC 20161221
Comodo 20161222
Cyren 20161222
DrWeb 20161222
F-Prot 20161222
Fortinet 20161222
Jiangmin 20161222
Kingsoft 20161222
NANO-Antivirus 20161222
nProtect 20161222
SUPERAntiSpyware 20161222
Tencent 20161222
TheHacker 20161219
TotalDefense 20161221
Trustlook 20161222
VBA32 20161221
ViRobot 20161221
WhiteArmor 20161221
Yandex 20161221
Zillya 20161220
Zoner 20161222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name ws2help.dll
Internal name ws2help.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Socket 2.0 Helper for Windows NT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-13 01:00:30
Entry Point 0x00019080
Number of sections 10
PE sections
PE imports
SetTextColor
WaitCommEvent
TerminateProcess
GetModuleHandleA
GetOverlappedResult
GetCurrentDirectoryA
GetProcAddress
SetComputerNameA
Shell_NotifyIconA
GetThreadDesktop
InsertMenuW
sprintf
strncpy
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterArrayW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x19080

OriginalFileName
ws2help.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:13 02:00:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ws2help.dll

ProductVersion
6.1.7600.16385

FileDescription
Windows Socket 2.0 Helper for Windows NT

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24064

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 efabd146ed7d604c2f90ca59ef1da81a
SHA1 091e5ef29e2bb276085c32018c40ebbfd9d539fe
SHA256 46964ecd691522fea9f428197ea5a42e39148de384d50b89b39971dd4cb5fb2a
ssdeep
3072:mT6a9RDu9knlQHnJjA8hYtnKq1TXcq3Ksggvx:264h8J882zcq3KsXp

authentihash ea38214c715acdc8bc498e32646d07263d79232c4f0200361f3db8e982bc909c
imphash e4aca4e84e2c46208916a314cada9f43
File size 97.7 KB ( 100068 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-20 12:55:45 UTC ( 2 years, 1 month ago )
Last submission 2016-12-31 21:19:22 UTC ( 2 years, 1 month ago )
File names ws2help.dll
12d88d7b7c5a71a3d2ebeff33d6ae454ebe541a6
4ecd691522fea9f428197ea5a42e39148de384d50b89b39971dd4cb5fb2a.bin
ui-icons.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!