× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f3f81c4f6c7520952b8326d8b21c21895a5b300a605edfdc48401e7e8aa1e5b
File name: 5f3f81c4f6c7520952b8326d8b21c21895a5b300a605edfdc48401e7e8aa1e5b
Detection ratio: 16 / 71
Analysis date: 2018-12-19 18:10:37 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Bkav HW32.Packed. 20181219
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.a76abf 20180225
Cylance Unsafe 20181219
eGambit Unsafe.AI_Score_99% 20181219
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee GenericRXGR-QC!0AE612D280F2 20181219
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181219
Microsoft Trojan:Win32/Fuerboos.A!cl 20181219
Qihoo-360 HEUR/QVM20.1.F961.Malware.Gen 20181219
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazqDuYRGs7aqZ01lUNeirAeB) 20181219
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181219
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181219
AegisLab 20181219
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181219
Antiy-AVL 20181219
Arcabit 20181219
Avast 20181219
Avast-Mobile 20181219
AVG 20181219
Avira (no cloud) 20181219
Babable 20180918
Baidu 20181207
BitDefender 20181219
CAT-QuickHeal 20181219
ClamAV 20181219
CMC 20181218
Comodo 20181219
Cyren 20181219
DrWeb 20181219
Emsisoft 20181219
ESET-NOD32 20181219
F-Prot 20181219
F-Secure 20181219
Fortinet 20181219
GData 20181219
Ikarus 20181219
Jiangmin 20181219
K7AntiVirus 20181219
K7GW 20181219
Kaspersky 20181219
Kingsoft 20181219
Malwarebytes 20181219
MAX 20181219
eScan 20181219
NANO-Antivirus 20181219
Palo Alto Networks (Known Signatures) 20181219
Panda 20181219
Sophos AV 20181219
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181219
Tencent 20181219
TheHacker 20181216
TotalDefense 20181219
TrendMicro 20181219
TrendMicro-HouseCall 20181219
Trustlook 20181219
VBA32 20181219
VIPRE 20181219
ViRobot 20181219
Webroot 20181219
Yandex 20181219
Zillya 20181219
ZoneAlarm by Check Point 20181219
Zoner 20181219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Microsoft®
Original name kbdth3.dll
Internal name TCPSVCS.EXE
Description TCP/IP Services Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x00002940
Number of sections 9
PE sections
PE imports
RemoveUsersFromEncryptedFile
GetSecurityDescriptorRMControl
OffsetClipRgn
GetEnvironmentStrings
GetNamedPipeServerProcessId
GetThreadLocale
GetThreadTimes
GlobalMemoryStatusEx
GetBinaryTypeA
GetCurrentThread
Ord(29)
DlgDirListW
GetLastInputInfo
SendMessageA
GetMenuContextHelpId
CopyIcon
GetKeyState
g_rgSCardT1Pci
memmove
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:07:18 04:23:20+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
2.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2940

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
5.1

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 0ae612d280f2ad1f73837dc853d3c0bc
SHA1 d8102eba76abfd27e54f064747330df137fa9f41
SHA256 5f3f81c4f6c7520952b8326d8b21c21895a5b300a605edfdc48401e7e8aa1e5b
ssdeep
3072:2Kw8iG5ctoxsWV2u+v43m0lMD0ZiBUwrMag2:BiG5cta2TvGm0lM4o6Gg

authentihash c47e12521b049bba65371a99edbac47868641f4914212f1428a016bffce03ef5
imphash f19ea249b23e5c517b1d3ff2fed2925b
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 18:10:37 UTC ( 2 months ago )
Last submission 2018-12-31 14:58:29 UTC ( 1 month, 3 weeks ago )
File names tQEf0.exe
output.114743092.txt
eularestore.exe
g2DLOnMJ0R4.exe
eularestore.exe
kbdth3.dll
porttoandroid.exe
995.exe
TCPSVCS.EXE
3SSw7kuJuJ.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!