× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4748eb93e8bf41f68800bca52f31b31e8f67f186ff9d2f7e7ab01b5a9f298059
File name: output.114636648.txt
Detection ratio: 50 / 69
Analysis date: 2018-12-11 04:24:00 UTC ( 9 hours, 48 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40819980 20181210
AhnLab-V3 Trojan/Win32.Infostealer.C2875821 20181210
ALYac Trojan.Ransom.Shade 20181210
Antiy-AVL Trojan[Ransom]/Win32.Shade 20181210
Arcabit Trojan.Generic.D26EDD0C 20181210
Avast Win32:Malware-gen 20181210
AVG Win32:Malware-gen 20181210
BitDefender Trojan.GenericKD.40819980 20181210
Bkav HW32.Packed. 20181210
CAT-QuickHeal Trojan.Troldesh 20181210
Comodo Malware@#xx1ynjuih7dw 20181210
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.88bebe 20180225
Cylance Unsafe 20181211
Cyren W32/Ransom.KQ.gen!Eldorado 20181211
DrWeb Trojan.Encoder.26847 20181211
eGambit Unsafe.AI_Score_88% 20181211
Emsisoft Trojan.GenericKD.40819980 (B) 20181211
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.ED 20181211
F-Prot W32/Ransom.KQ.gen!Eldorado 20181211
F-Secure Trojan.GenericKD.40819980 20181211
Fortinet W32/Kryptik.GNDQ!tr 20181211
GData Trojan.GenericKD.40819980 20181211
Ikarus Trojan-Ransom.Crypted007 20181211
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 004b8aa51 ) 20181211
K7GW Trojan ( 004b8aa51 ) 20181211
Kaspersky Trojan-Ransom.Win32.Shade.pep 20181211
Malwarebytes Ransom.Troldesh 20181211
McAfee GenericRXGQ-KI!05C18C388BEB 20181211
McAfee-GW-Edition GenericRXGQ-KI!05C18C388BEB 20181210
Microsoft Trojan:Win32/CryptInject 20181211
eScan Trojan.GenericKD.40819980 20181211
NANO-Antivirus Trojan.Win32.Shade.fkvleu 20181211
Palo Alto Networks (Known Signatures) generic.ml 20181211
Panda Trj/GdSda.A 20181210
Qihoo-360 Win32/Trojan.Ransom.97d 20181211
Rising Ransom.Troldesh!8.5D1 (CLOUD) 20181211
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-L 20181211
Symantec Packed.Generic.459 20181211
Tencent Win32.Trojan.Shade.Gll 20181211
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00L418 20181211
TrendMicro-HouseCall TROJ_GEN.F0C2C00L418 20181211
VBA32 BScope.Trojan.Encoder 20181210
ViRobot Trojan.Win32.S.Agent.1394440 20181210
Webroot W32.Trojan.Gen 20181211
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pep 20181210
AegisLab 20181210
Alibaba 20180921
Avast-Mobile 20181210
Avira (no cloud) 20181210
Babable 20180918
Baidu 20181207
ClamAV 20181210
CMC 20181210
Jiangmin 20181211
Kingsoft 20181211
MAX 20181211
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181211
TheHacker 20181210
TotalDefense 20181210
Trustlook 20181211
Yandex 20181207
Zillya 20181208
Zoner 20181210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name WUDFHost.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Driver Foundation - User-mode Driver Framework Host Process
Signature verification The digital signature of the object did not verify.
Signing date 5:21 AM 12/11/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-03 17:19:04
Entry Point 0x00001320
Number of sections 4
PE sections
Overlays
MD5 7b5d27798185746b15610184a8e53a71
File type data
Offset 1391104
Size 3336
Entropy 7.34
PE imports
RegOpenKeyExW
CreatePatternBrush
SwapBuffers
CloseFigure
CreateHalftonePalette
GdiGetBatchLimit
GetLayout
SaveDC
GetPolyFillMode
EndDoc
CreateSolidBrush
GetDCPenColor
GetGraphicsMode
GetEnhMetaFileW
GetFontLanguageInfo
UpdateColors
GetBkColor
RealizePalette
DeleteMetaFile
WidenPath
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetCaretBlinkTime
GetOpenClipboardWindow
GetInputState
GetWindowContextHelpId
GetListBoxInfo
GetSystemMetrics
OpenIcon
VkKeyScanA
LoadCursorFromFileA
GetMessageExtraInfo
DestroyCursor
EndMenu
LoadCursorFromFileW
VkKeyScanW
GetClipboardSequenceNumber
GetDC
CreatePopupMenu
ShowCaret
AnyPopup
GetLastActivePopup
IsCharLowerA
GetMessageTime
DrawMenuBar
IsIconic
InSendMessage
CreateMenu
IsCharUpperA
CountClipboardFormats
CloseDesktop
GetDialogBaseUnits
GetFocus
Number of PE resources by type
RT_RCDATA 2
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Driver Foundation - User-mode Driver Framework Host Process

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1383424

EntryPoint
0x1320

MIMEType
application/octet-stream

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:12:03 18:19:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WUDFHost.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
6656

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 05c18c388bebea2b3f2463b2a5932b71
SHA1 1335834224d275bdccfcd0921bb22221e14bda9d
SHA256 4748eb93e8bf41f68800bca52f31b31e8f67f186ff9d2f7e7ab01b5a9f298059
ssdeep
12288:XhBpIwAR/kkMD/thCtMybHDYmCTO8f9QdQ0qqA28tHbgPXv5uT8rsOJLnM27GZea:R7Iw8cjhSHDY3XQ2WzC7guYrNJDM26r

authentihash 840ad5046e87b7510e80e7baea19964c630ab4f3f172bbbcf9e9957e7e054aa3
imphash ac38d5c425cd7300e3edeea13472c9f6
File size 1.3 MB ( 1394440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-03 17:34:08 UTC ( 1 week ago )
Last submission 2018-12-11 04:24:00 UTC ( 9 hours, 48 minutes ago )
File names output.114636648.txt
csrss.exe
sserv.jpg
output.114653508.txt
csrss.exe
csrss.exe
output.114644720.txt
csrss(56).gxe
WUDFHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
TCP connections