× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c561d2a2e74b2a38655903d7420fe007ca7fa63f5c149c1c61a5e4a4b2b7d25
File name: sfdfdsf.exe
Detection ratio: 35 / 55
Analysis date: 2016-04-08 11:45:17 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.178259 20160408
AegisLab Dangerousobject.Multi.Generic!c 20160408
ALYac Gen:Variant.Zusy.178259 20160408
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160408
Arcabit Trojan.Zusy.D2B853 20160408
Avast Win32:Ddostf-B [Trj] 20160408
AVG Luhe.Fiha.A 20160408
Avira (no cloud) HEUR/Malware 20160408
Baidu Win32.Trojan.ServStart.ax 20160408
BitDefender Gen:Variant.Zusy.178259 20160408
Cyren W32/Heuristic-131!Eldorado 20160408
DrWeb Trojan.DownLoader18.16955 20160408
Emsisoft Gen:Variant.Zusy.178259 (B) 20160408
ESET-NOD32 a variant of Win32/Agent.RMM 20160408
F-Prot W32/Heuristic-131!Eldorado 20160408
Fortinet W32/Staser.AD!tr 20160404
GData Gen:Variant.Zusy.178259 20160408
Ikarus Trojan.Win32.Agent 20160408
Jiangmin Trojan.Generic.ojiw 20160408
K7AntiVirus Trojan ( 0040f8a91 ) 20160407
K7GW Trojan ( 0040f8a91 ) 20160404
Kaspersky HEUR:Trojan.Win32.Generic 20160408
Malwarebytes Trojan.FakeMS.EDGen 20160408
McAfee Artemis!71CA1E594C64 20160408
McAfee-GW-Edition BehavesLike.Win32.Downloader.nm 20160407
Microsoft TrojanDownloader:Win32/Yemrok.A 20160408
eScan Gen:Variant.Zusy.178259 20160408
Panda Trj/GdSda.A 20160407
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160408
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160408
Tencent Win32.Trojan.Lapka.Ahos 20160408
TrendMicro WORM_NITOL.SMB0 20160408
TrendMicro-HouseCall WORM_NITOL.SMB0 20160408
Yandex Trojan.Agent!cjAluC1mPks 20160406
Zillya Trojan.Agent.Win32.670178 20160408
AhnLab-V3 20160408
Alibaba 20160408
AVware 20160408
Baidu-International 20160408
Bkav 20160408
CAT-QuickHeal 20160407
ClamAV 20160408
CMC 20160407
Comodo 20160408
Kingsoft 20160408
NANO-Antivirus 20160408
nProtect 20160408
Sophos AV 20160408
SUPERAntiSpyware 20160408
Symantec 20160408
TheHacker 20160408
VBA32 20160407
VIPRE 20160408
ViRobot 20160408
Zoner 20160408
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
? Microsoft Corporation. All rights reserved.

Product Microsoft? Windows? Operating System
Original name EhStorAuthn.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Enhanced Storage Password Authentication Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-28 09:51:38
Entry Point 0x00006E32
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegOpenKeyA
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
StartServiceA
ChangeServiceConfig2A
RegOpenKeyExA
OpenSCManagerA
UnlockServiceDatabase
RegisterServiceCtrlHandlerA
GetLastError
GetSystemInfo
lstrlenA
WaitForSingleObject
CopyFileA
GetTickCount
GetModuleFileNameA
LoadLibraryA
WinExec
GetStartupInfoA
GetCurrentProcessId
lstrcatA
GetProcAddress
GetTempPathA
CreateThread
GetModuleHandleA
GetSystemDefaultUILanguage
lstrcpyA
GetCurrentProcess
CloseHandle
GetComputerNameA
ExitThread
MoveFileExA
MoveFileA
CreateProcessA
Sleep
strncmp
rand
_acmdln
_ftol
memset
strcat
__dllonexit
fprintf
printf
strlen
_except_handler3
??2@YAPAXI@Z
_onexit
exit
sprintf
__setusermatherr
_local_unwind2
__p__commode
localtime
__CxxFrameHandler
srand
_exit
_adjust_fdiv
??3@YAXPAX@Z
free
atoi
__getmainargs
memcpy
_XcptFilter
strstr
strcpy
__p__fmode
time
_initterm
_controlfp
__set_app_type
_iob
wsprintfA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
setsockopt
WSASocketA
htonl
socket
__WSAFDIsSet
WSAIoctl
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
select
sendto
htons
recv
WSAGetLastError
connect
GetIfTable
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x6e32

OriginalFileName
EhStorAuthn.exe

MIMEType
application/octet-stream

LegalCopyright
? Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2016:02:28 09:51:38+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600.16385

FileDescription
Windows Enhanced Storage Password Authentication Program

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft? Windows? Operating System

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 71ca1e594c64145248e9550838499605
SHA1 a029b599477f4530d5521ada22cb65a68013e184
SHA256 4c561d2a2e74b2a38655903d7420fe007ca7fa63f5c149c1c61a5e4a4b2b7d25
ssdeep
384:1379LW1aBEUdw8g//kh3U5T6NGtHH17Z4U2j15CzCLmtShfs9K3vAx6CKTp7j1SP:h7RBXwvstUtKSZ4j1PuSnvPCOJJTh

authentihash fecfe6478c2a455a93faed4bd83efe55ff668d3bd8d5188060ce5d9ef13b89da
imphash 456b5b8799ebe35dd30db1676ec81bdf
File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-08 11:45:17 UTC ( 3 years, 1 month ago )
Last submission 2017-06-14 09:23:09 UTC ( 1 year, 11 months ago )
File names sfdfdsf.exe
a029b599477f4530d5521ada22cb65a68013e184_sfdfdsf.ex
EhStorAuthn.exe
sfdfdsf.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications