× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51c5b0c6008197cd7c9a9fcd7e0be8534578f2e5ec4f0b48501b09e427825fd7
File name: a.exe
Detection ratio: 44 / 56
Analysis date: 2016-10-17 05:11:20 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.186434 20161017
AegisLab Uds.Dangerousobject.Multi!c 20161017
AhnLab-V3 Backdoor/Win32.Etso.R17333 20161016
ALYac Gen:Variant.Kazy.186434 20161017
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161017
Arcabit Trojan.Kazy.D2D842 20161017
Avast Win32:Malware-gen 20161017
AVG BackDoor.Xdoor.G 20161016
Avira (no cloud) TR/AD.Pirpi.aavkf 20161016
AVware LooksLike.Win32.Uruasy.b!ag (v) 20161017
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161015
BitDefender Gen:Variant.Kazy.186434 20161017
Bkav W32.eHeur.Malware08 20161015
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.KRTF-2705 20161017
Emsisoft Gen:Variant.Kazy.186434 (B) 20161017
ESET-NOD32 a variant of Win32/Korplug.J 20161017
F-Secure Gen:Variant.Kazy.186434 20161017
GData Gen:Variant.Kazy.186434 20161017
Ikarus Trojan.Win32.Agent 20161016
Sophos ML generic.a 20160928
Jiangmin Trojan.Generic.abndy 20161017
K7AntiVirus Trojan ( 004e68cf1 ) 20161016
K7GW Trojan ( 004e68cf1 ) 20161017
Kaspersky UDS:DangerousObject.Multi.Generic 20161017
Malwarebytes Trojan.KorPlug 20161016
McAfee Artemis!E297538FD11E 20161017
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch 20161017
Microsoft Backdoor:Win32/Pirpi.F!dha 20161017
eScan Gen:Variant.Kazy.186434 20161017
NANO-Antivirus Trojan.Win32.ZPACK.czjrin 20161017
Panda Generic Malware 20161016
Qihoo-360 Win32/Trojan.0dd 20161017
Rising Malware.Generic!sKMoY0CGM7E@3 (thunder) 20161017
Sophos AV Mal/Generic-S 20161017
Symantec Trojan.Gen 20161017
Tencent Win32.Trojan.Kazy.Ajlf 20161017
TrendMicro TROJ_GEN.R047C0DJB16 20161017
TrendMicro-HouseCall TROJ_GEN.R047C0DJB16 20161017
VBA32 BScope.Trojan.Agent 20161014
VIPRE LooksLike.Win32.Uruasy.b!ag (v) 20161017
ViRobot Trojan.Win32.Z.Kazy.192512.BJ[h] 20161017
Yandex Trojan.Agent!d5+2444gWUU 20161016
Zillya Trojan.Korplug.Win32.780 20161016
Alibaba 20161017
CAT-QuickHeal 20161015
ClamAV 20161017
CMC 20161016
Comodo 20161017
DrWeb 20161017
F-Prot 20161017
Fortinet 20161017
Kingsoft 20161017
nProtect 20161017
SUPERAntiSpyware 20161016
TheHacker 20161016
Zoner 20161017
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Product SafeSvc
Original name SafeSvc.exe
Internal name SafeSvc.exe
File version 1.0.0.1
Description SafeSvc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-09 14:40:14
Entry Point 0x00001880
Number of sections 5
PE sections
Overlays
MD5 b4202f7fe985b9648b4676e6f70832bd
File type ASCII text
Offset 188928
Size 3584
Entropy 0.00
PE imports
LookupPrivilegeNameW
SetKernelObjectSecurity
LogonUserW
AreAllAccessesGranted
IsValidSid
QueryServiceConfigA
OpenBackupEventLogW
RegEnumKeyW
FileEncryptionStatusW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
LookupPrivilegeNameA
InitiateSystemShutdownExW
ReadEventLogW
RegEnumKeyExA
RegDisablePredefinedCache
SetSecurityDescriptorSacl
RegOpenUserClassesRoot
PlayMetaFileRecord
GetWindowExtEx
GetMiterLimit
DeleteDC
CloseFigure
SetBitmapBits
GetBitmapBits
SetColorSpace
SetICMProfileA
SelectPalette
GetEnhMetaFileHeader
SetICMMode
SetDeviceGammaRamp
CreateEnhMetaFileA
GetPixel
SetTextColor
LPtoDP
GetLastError
TryEnterCriticalSection
CreateMailslotW
SetConsoleActiveScreenBuffer
HeapAlloc
LoadLibraryA
GetDevicePowerState
GetShortPathNameA
UpdateResourceA
HeapCompact
EnumTimeFormatsW
OpenWaitableTimerA
CompareFileTime
ClearCommBreak
GetTickCount
Sleep
GetProcAddress
GetCalendarInfoA
InitializeSListHead
GetPrivateProfileStringW
EnumResourceNamesW
FindResourceExA
GlobalAddAtomW
SetFilePointer
IsSystemResumeAutomatic
GlobalFix
WriteFile
SetConsoleTitleA
CloseHandle
EnumSystemCodePagesA
EnumResourceTypesW
PeekConsoleInputA
MoveFileA
SetCurrentDirectoryW
FindResourceW
CreateFileW
WriteProfileSectionW
IsBadStringPtrA
TlsSetValue
GetSystemWindowsDirectoryW
DrawAnimatedRects
SetWindowRgn
SetPropA
HideCaret
LoadCursorFromFileA
ClipCursor
ArrangeIconicWindows
GetClassInfoExW
DlgDirSelectComboBoxExA
GetKBCodePage
ScrollWindowEx
RegisterClipboardFormatA
PostMessageA
ShowWindowAsync
IsWindowEnabled
GetDlgItemInt
SystemParametersInfoA
UnregisterClassA
LoadStringW
CharLowerBuffA
GetClipboardFormatNameA
AnimateWindow
SendMessageTimeoutA
OemToCharA
IsDialogMessageW
FillRect
DefDlgProcA
UnregisterDeviceNotification
IsWindowUnicode
ExitWindowsEx
PE exports
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
472576

EntryPoint
0x1880

OriginalFileName
SafeSvc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
1.0.0.1

TimeStamp
2011:12:09 15:40:14+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
SafeSvc.exe

ProductVersion
1.0.0.1

FileDescription
SafeSvc

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SafeSvc

CodeSize
156672

ProductName
SafeSvc

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 e297538fd11e88f35c51d59361579625
SHA1 f083c244220424b40d90046003e02f4281d5a5ce
SHA256 51c5b0c6008197cd7c9a9fcd7e0be8534578f2e5ec4f0b48501b09e427825fd7
ssdeep
3072:HqPO7C6IiSX2hI/rmE8PjguXRY7ArrCEmguU1DNlFJa34kg:HSOu6i2hI/rXGg4RLmED5B

authentihash eda4409a330e38d13c6d23fb5aa1c2b75f33c38bfb1bcd25f292ba319b9ae4d7
imphash a87240b873c1a5b2b17c559a4ce533e7
File size 188.0 KB ( 192512 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-10-10 19:57:56 UTC ( 2 years, 2 months ago )
Last submission 2017-01-26 09:31:43 UTC ( 1 year, 10 months ago )
File names a.exe
test.dll
SafeSvc.exe
file.None.0xfffffa8003791f10.test.DLL.dat
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!