× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5ccf5235c8ef93b769fddbf2a4814baf082c3ba15a62237b305d2fef2d334e49
File name: 5ccf5235c8ef93b769fddbf2a4814baf082c3ba15a62237b305d2fef2d334e49
Detection ratio: 46 / 68
Analysis date: 2017-12-18 22:39:55 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Agent.ABYM 20171218
AegisLab Filerepmalware.Gen!c 20171218
AhnLab-V3 Trojan/Win32.Emotet.R215649 20171218
ALYac Backdoor.Agent.ABYM 20171218
Antiy-AVL Trojan/Win32.TSGeneric 20171218
Arcabit Backdoor.Agent.ABYM 20171218
Avast FileRepMalware 20171218
AVG FileRepMalware 20171218
Avira (no cloud) TR/Crypt.ZPACK.xrmmy 20171218
AVware Trojan.Win32.Generic!BT 20171218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171218
BitDefender Backdoor.Agent.ABYM 20171218
Bkav HW32.Packed.C1A9 20171218
CAT-QuickHeal Trojan.Multi 20171218
ClamAV Win.Trojan.Emotet-6401287-0 20171218
Comodo UnclassifiedMalware 20171218
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cybereason malicious.b32e5d 20171103
Cylance Unsafe 20171218
Cyren W32/Trojan.DSCG-1978 20171218
eGambit Unsafe.AI_Score_88% 20171218
Emsisoft Backdoor.Agent.ABYM (B) 20171218
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.LSMTXDP 20171218
F-Secure Backdoor.Agent.ABYM 20171218
Fortinet W32/Kryptik.FZTF!tr 20171218
GData Win32.Trojan-Spy.Emotet.HX 20171218
Ikarus Trojan.Win32.Dovs 20171218
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00520df41 ) 20171218
K7GW Trojan ( 00520df41 ) 20171218
Kaspersky Trojan.Win32.Dovs.dys 20171218
Malwarebytes Trojan.Emotet 20171218
McAfee Artemis!3F331508D857 20171218
McAfee-GW-Edition BehavesLike.Win32.Virut.nc 20171218
eScan Backdoor.Agent.ABYM 20171218
Palo Alto Networks (Known Signatures) generic.ml 20171218
Panda Trj/RnkBend.A 20171218
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171218
Symantec Trojan.Gen.2 20171218
TrendMicro TROJ_GEN.R002C0WLI17 20171218
TrendMicro-HouseCall TROJ_GEN.R002C0WLI17 20171218
VIPRE Trojan.Win32.Generic!BT 20171218
Webroot W32.Trojan.Emotet 20171218
ZoneAlarm by Check Point Trojan.Win32.Dovs.dys 20171218
Alibaba 20171218
Avast-Mobile 20171218
CMC 20171218
DrWeb 20171218
F-Prot 20171218
Jiangmin 20171218
Kingsoft 20171218
MAX 20171218
Microsoft 20171218
NANO-Antivirus 20171218
nProtect 20171218
Qihoo-360 20171218
Rising 20171218
SUPERAntiSpyware 20171218
Symantec Mobile Insight 20171215
Tencent 20171218
TheHacker 20171210
TotalDefense 20171218
Trustlook 20171218
VBA32 20171218
ViRobot 20171218
WhiteArmor 20171204
Yandex 20171216
Zillya 20171218
Zoner 20171218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006 - 2016 Nir Sofer

Product USBDeview
Original name USBDeview.exe
Internal name USBDeview
File version 2.52
Description Lists USB Devices
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-12-20 20:50:11
Entry Point 0x00001640
Number of sections 5
PE sections
PE imports
GetCharABCWidthsA
QueryDepthSList
lstrcpyW
ReleaseSemaphore
GetSystemInfo
WaitForSingleObject
CreateSemaphoreW
Sleep
CloseHandle
GetCurrentThread
ColorRGBToHLS
PathAddExtensionW
PathMakePrettyW
GetCapture
FindWindowA
GetSystemMetrics
SetTimer
LookupIconIdFromDirectoryEx
timeGetSystemTime
memcpy
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.5.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
88064

EntryPoint
0x1640

OriginalFileName
USBDeview.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2006 - 2016 Nir Sofer

FileVersion
2.52

TimeStamp
1993:12:20 21:50:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
USBDeview

ProductVersion
2.52

FileDescription
Lists USB Devices

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
0

ProductName
USBDeview

ProductVersionNumber
2.5.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3f331508d85762736f20c073911b7cb8
SHA1 c8bc2edb32e5dbb00f52034ce4faaac5eae38fe3
SHA256 5ccf5235c8ef93b769fddbf2a4814baf082c3ba15a62237b305d2fef2d334e49
ssdeep
1536:4zoJlHdQi4kCTcBk8Jhan9ZKfQIdOfoAk7xrtdPRz4qJ4tiaQmhAte3J:48JddQitby9B6tvJ4tLWw

authentihash a12d58030ac8f7297ab3212c75da80e340ea8f4a933b660be4a03b5c4e993d61
imphash 9c0f2f0ccdaafcf6af6fc1d5174c5d98
File size 96.5 KB ( 98816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-16 21:04:13 UTC ( 6 months, 1 week ago )
Last submission 2018-05-25 17:50:23 UTC ( 1 month ago )
File names USBDeview
19917272.exe
USBDeview.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows