× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a219c99c1ff657bd3b8051d071703d6b79d8a0c344de8f5bfbe8dd1fb3f60e1
Detection ratio: 43 / 65
Analysis date: 2018-05-23 15:13:42 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.80318 20180523
AhnLab-V3 Malware/Win64.Generic.C2434383 20180523
ALYac Gen:Variant.Mikey.80318 20180523
Antiy-AVL Trojan/Win32.TSGeneric 20180523
Arcabit Trojan.Mikey.D139BE 20180523
Avast Win64:Malware-gen 20180523
AVG Win64:Malware-gen 20180523
Avira (no cloud) HEUR/AGEN.1003891 20180523
AVware Trojan.Win32.Generic!BT 20180523
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9646 20180523
BitDefender Gen:Variant.Mikey.80318 20180523
CAT-QuickHeal Backdoor.Dridex 20180522
Comodo .UnclassifiedMalware 20180523
Cylance Unsafe 20180523
Cyren W64/Trojan.SXVM-8913 20180523
Emsisoft Gen:Variant.Mikey.80318 (B) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/Kryptik.BJB 20180523
F-Secure Gen:Variant.Mikey.80318 20180523
Fortinet W64/Kryptik.BHM!tr 20180523
GData Gen:Variant.Mikey.80318 20180523
Ikarus Trojan.Win64.Crypt 20180523
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052ac8f1 ) 20180523
K7GW Trojan ( 0052ac8f1 ) 20180523
Kaspersky HEUR:Trojan.Win32.Generic 20180523
MAX malware (ai score=96) 20180523
McAfee Drixed-FHJ!7EE2FBFEE262 20180523
McAfee-GW-Edition Drixed-FHJ!7EE2FBFEE262 20180523
Microsoft Backdoor:Win32/Dridex 20180523
eScan Gen:Variant.Mikey.80318 20180523
NANO-Antivirus Trojan.Win64.Kryptik.ezerbl 20180523
Palo Alto Networks (Known Signatures) generic.ml 20180523
Panda Trj/CI.A 20180523
Qihoo-360 Win32/Trojan.d16 20180523
Sophos AV Mal/Dridex-G 20180523
Symantec Trojan.Gen.2 20180523
Tencent Win32.Trojan.Agent.Angc 20180523
TrendMicro TROJ_GEN.R002C0DCP18 20180523
TrendMicro-HouseCall TROJ_GEN.R002C0DCP18 20180523
VIPRE Trojan.Win32.Generic!BT 20180523
Webroot W32.Infostealer.Dridex 20180523
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180523
AegisLab 20180523
Alibaba 20180523
Avast-Mobile 20180523
Babable 20180406
Bkav 20180523
ClamAV 20180521
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180523
eGambit 20180523
F-Prot 20180523
Jiangmin 20180523
Kingsoft 20180523
Malwarebytes 20180523
nProtect 20180523
Rising 20180523
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
Trustlook 20180523
VBA32 20180523
ViRobot 20180523
Yandex 20180522
Zillya 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft®
Original name wshbth.dll
Internal name wshbt
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description IE plugin image decoder support DLL
PE header basic information
Target machine x64
Compilation timestamp 2018-03-14 21:36:57
Entry Point 0x00001540
Number of sections 8
PE sections
PE imports
GetOldestEventLogRecord
RegOpenUserClassesRoot
GetBinaryTypeW
GetModuleFileNameW
ExitProcess
GetCurrentThreadId
GetSystemPowerStatus
GetModuleHandleW
GetMenuState
EndDeferWindowPos
KillTimer
waveInAddBuffer
HWND_UserSize
GetHGlobalFromILockBytes
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
17.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.0.9600.17416

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
614400

EntryPoint
0x1540

OriginalFileName
wshbth.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:03:14 22:36:57+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
wshbt

ProductVersion
6.1.7601.17514

FileDescription
IE plugin image decoder support DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft

ProductVersionNumber
11.0.9600.17416

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 7ee2fbfee2623de1bc5b7ae3a0633891
SHA1 7dc368e599408f07f8263bcb7293ce60dcff6b32
SHA256 5a219c99c1ff657bd3b8051d071703d6b79d8a0c344de8f5bfbe8dd1fb3f60e1
ssdeep
6144:Mc0/C9twyCkoOGT9Zi5CdVrvB2YdwIF4fU+TPcfUma0zF2cdIpMNGRud8:S/yEDO4weFMx0fUmfFDdIpMNGc

authentihash 80ef20b051126e237a01a89361021708314ef18d00be560693a700106524e4e8
imphash ec4b4003bcf780a93ec09f4c1dfc23b9
File size 616.0 KB ( 630784 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-25 19:16:25 UTC ( 8 months, 2 weeks ago )
Last submission 2018-05-23 15:13:42 UTC ( 6 months, 3 weeks ago )
File names 7ee2fbfee2623de1bc5b7ae3a0633891
wshbth.dll
wshbt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!