× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ed24b15a1eec3a8c67a7a78064fcf54e62eeff6a93044a286c1383402970821
File name: a9fdd4348ae4c1e9a8489305fe705dbbe1e38a82
Detection ratio: 21 / 53
Analysis date: 2016-02-02 14:33:33 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.9309 20160202
Yandex Trojan.Kryptik!lS7RLrl/tj8 20160202
ALYac Gen:Variant.Razy.9309 20160202
Arcabit Trojan.Razy.D245D 20160202
Avast Win32:Malware-gen 20160202
Avira (no cloud) TR/Crypt.XPACK.Gen 20160202
BitDefender Gen:Variant.Razy.9309 20160202
Emsisoft Gen:Variant.Razy.9309 (B) 20160202
ESET-NOD32 a variant of Win32/Kryptik.CMRI 20160202
F-Secure Gen:Variant.Razy.9309 20160202
GData Gen:Variant.Razy.9309 20160202
K7AntiVirus Trojan ( 004d95a81 ) 20160202
K7GW Trojan ( 004d95a81 ) 20160202
McAfee-GW-Edition BehavesLike.Win32.Fujacks.ch 20160202
Microsoft Trojan:Win32/Ramdo!rfn 20160202
eScan Gen:Variant.Razy.9309 20160202
Panda Generic Suspicious 20160201
Qihoo-360 QVM20.1.Malware.Gen 20160202
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160202
Sophos AV Mal/Generic-S 20160202
VIPRE Trojan.Win32.Generic!BT 20160202
AegisLab 20160202
AhnLab-V3 20160202
Alibaba 20160202
Antiy-AVL 20160202
AVG 20160202
Baidu-International 20160202
Bkav 20160202
ByteHero 20160202
CAT-QuickHeal 20160202
ClamAV 20160202
Comodo 20160202
Cyren 20160202
DrWeb 20160202
F-Prot 20160129
Fortinet 20160202
Ikarus 20160202
Jiangmin 20160202
Kaspersky 20160202
Malwarebytes 20160202
McAfee 20160202
NANO-Antivirus 20160202
nProtect 20160201
SUPERAntiSpyware 20160202
Symantec 20160202
TheHacker 20160130
TotalDefense 20160201
TrendMicro 20160202
TrendMicro-HouseCall 20160202
VBA32 20160202
ViRobot 20160202
Zillya 20160201
Zoner 20160202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2013 Preview
Original name pdmproxy100.dll
Internal name pdmproxy100.dll
File version 12.0.20712.1 built by: MAIN
Description Microsoft Process Debug Manager Proxy/Stub v10.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-31 16:20:27
Entry Point 0x00012EA0
Number of sections 7
PE sections
PE imports
GetUserNameA
GdiFlush
LineTo
MoveToEx
DeleteDC
GetLastError
ReleaseMutex
WaitForSingleObject
FreeLibrary
LocalAlloc
ExitProcess
GetThreadLocale
GetVersionExA
LoadLibraryA
ExitThread
FreeEnvironmentStringsA
GetCurrentProcess
SizeofResource
GetWindowsDirectoryA
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
UnhandledExceptionFilter
GetLogicalDrives
SuspendThread
CreateMutexA
GetTempPathA
CreateSemaphoreA
SetUnhandledExceptionFilter
ResetEvent
GetComputerNameA
GetSystemDirectoryA
GetCurrentThreadId
TerminateProcess
ResumeThread
GetVersion
LoadResource
FatalExit
VirtualFree
CreateEventA
IsDebuggerPresent
CreateFileA
OutputDebugStringA
FindResourceA
GetFileSize
CloseHandle
DuplicateIcon
SHReleaseThreadRef
GetMessageA
GetCaretBlinkTime
GetForegroundWindow
GetParent
UpdateWindow
SetCapture
BeginPaint
GetCapture
FindWindowA
ShowWindow
GetSystemMetrics
IsWindow
InSendMessageEx
PostMessageA
ReleaseCapture
MessageBoxA
GetMessageTime
GetWindow
GetProcessWindowStation
GetSysColor
GetDC
ReleaseDC
DestroyIcon
EndMenu
IsWindowVisible
IsZoomed
SetDoubleClickTime
CloseWindow
CreateDialogParamA
InSendMessage
CopyIcon
wsprintfA
CreateWindowExA
LoadIconA
SendMessageA
GetDesktopWindow
GetCursor
GetFocus
CloseClipboard
IsChild
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
timeGetTime
OpenPrinterA
ClosePrinter
_chkstk
CoFreeAllLibraries
OleUninitialize
CoUninitialize
CoInitialize
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
85504

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2013 Preview

FileVersionNumber
12.0.20712.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Process Debug Manager Proxy/Stub v10.0

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
pdmproxy100.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0.20712.1 built by: MAIN

TimeStamp
2016:01:31 17:20:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pdmproxy100.dll

ProductVersion
12.0.20712.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
78848

FileSubtype
0

ProductVersionNumber
12.0.20712.1

EntryPoint
0x12ea0

ObjectFileType
Dynamic link library

File identification
MD5 9cf65f4b8724de6808331f6a6c429fed
SHA1 246f7f8abe6d4d61e6bbf5e58cad5fafefb11010
SHA256 4ed24b15a1eec3a8c67a7a78064fcf54e62eeff6a93044a286c1383402970821
ssdeep
3072:IgYSeVgxB5av5O9dsZsg05s5qncFUnQkp3VxFbw7ePddBCYf9CoPZJRNM3UDj0we:xzeVuFds2g05s2jQO9PZCu9CiZNewn

authentihash 449b17053b479d4489ffdf62fcff21cb41d9b7b7f35695f95ead70b40c001adf
imphash f9acebcf4ed82e5da4ddd642208c3fe0
File size 161.5 KB ( 165376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-02 14:33:33 UTC ( 3 years ago )
Last submission 2016-02-02 14:33:33 UTC ( 3 years ago )
File names a9fdd4348ae4c1e9a8489305fe705dbbe1e38a82
pdmproxy100.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Runtime DLLs
UDP communications