× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 625a7ae76142b1c47e6118c49c48223fb02e03f769d1fc85211eb17fd49cbb3c
File name: T4jVQ.exe
Detection ratio: 23 / 68
Analysis date: 2017-12-26 12:02:10 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Virus.W32.Mdeclass!c 20171226
Avast FileRepMalware 20171226
AVG FileRepMalware 20171226
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9737 20171226
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171226
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.AGMS 20171226
Fortinet W32/GenKryptik.AWVI!tr 20171226
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171226
McAfee RDN/Generic.grp 20171226
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20171226
Palo Alto Networks (Known Signatures) generic.ml 20171226
Qihoo-360 HEUR/QVM20.1.1969.Malware.Gen 20171226
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171226
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-ANR 20171226
Symantec Trojan.Emotet 20171225
Tencent Suspicious.Heuristic.Gen.b.0 20171226
Webroot W32.Trojan.Emotet 20171226
WhiteArmor Malware.HighConfidence 20171204
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171226
Ad-Aware 20171225
AhnLab-V3 20171226
Alibaba 20171226
ALYac 20171226
Antiy-AVL 20171226
Arcabit 20171226
Avast-Mobile 20171226
Avira (no cloud) 20171226
AVware 20171226
BitDefender 20171226
Bkav 20171226
CAT-QuickHeal 20171226
ClamAV 20171226
CMC 20171226
Comodo 20171226
Cybereason 20171103
Cyren 20171226
DrWeb 20171226
eGambit 20171226
Emsisoft 20171226
F-Prot 20171226
F-Secure 20171226
GData 20171226
Ikarus 20171226
Jiangmin 20171226
K7AntiVirus 20171226
K7GW 20171226
Kingsoft 20171226
Malwarebytes 20171226
MAX 20171226
Microsoft 20171226
eScan 20171226
NANO-Antivirus 20171226
nProtect 20171226
Panda 20171225
SUPERAntiSpyware 20171226
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171226
TrendMicro 20171226
TrendMicro-HouseCall 20171226
Trustlook 20171226
VBA32 20171222
VIPRE 20171226
ViRobot 20171226
Yandex 20171225
Zillya 20171225
Zoner 20171226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name D3D8THK.dll
Internal name D3D8THK.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft Direct3D OS Thunk Layer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-26 08:42:52
Entry Point 0x000032B0
Number of sections 12
PE sections
PE imports
RegEnumKeyExA
CryptEncodeObject
GetDeviceCaps
GetClipRgn
SetColorSpace
FloodFill
BuildCommDCBA
GetAtomNameA
SetCriticalSectionSpinCount
AreFileApisANSI
SetLocaleInfoA
GetCommandLineW
SetEvent
GetThreadLocale
LoadLibraryA
FlsFree
VarR4FromDate
VarUdateFromDate
SafeArrayAllocData
IsPwrShutdownAllowed
IsPwrSuspendAllowed
RasGetProjectionInfoA
NdrUserMarshalMarshall
RpcBindingInqAuthInfoExW
NdrUserMarshalBufferSize
SetupSetPlatformPathOverrideW
CM_Free_Res_Des_Handle
SetupDiRegisterCoDeviceInstallers
Ord(526)
PathRemoveBackslashA
PathSetDlgItemPathW
SHRegSetPathW
QuerySecurityPackageInfoW
GetOpenClipboardWindow
CopyRect
IsWindowVisible
MessageBoxA
GetMessagePos
CheckDlgButton
DeletePortW
DeletePrinterDriverExW
inet_addr
WSACleanup
SCardListReadersW
Ord(31)
Ord(30)
Ord(160)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
126976

EntryPoint
0x32b0

OriginalFileName
D3D8THK.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:12:26 09:42:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D3D8THK.dll

ProductVersion
6.1.7600.16385

FileDescription
Microsoft Direct3D OS Thunk Layer

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
40960

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 bec18aa1e595f1c09c69b7ec41d9cacb
SHA1 3aa217422d82d2baf170075f6e170502535c0cea
SHA256 625a7ae76142b1c47e6118c49c48223fb02e03f769d1fc85211eb17fd49cbb3c
ssdeep
1536:DFLOk1lHzqZODalTn3ouxaxN7MF9wKGCo27bUMi+5NRP6kSs3Su81FJZEDUW3aRD:5L31leRYyafpK9/w83eFJZE3aR6c44

authentihash 6ad070d948b2b2cdd5c016cb153ed6be90ba57c73bdfcb18d731dbb66d9977ac
imphash 83af83f337ab1d92403fc7d9c12d2b99
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-26 08:56:17 UTC ( 11 months, 3 weeks ago )
Last submission 2018-05-26 17:42:20 UTC ( 6 months, 3 weeks ago )
File names 1002-3aa217422d82d2baf170075f6e170502535c0cea
D3D8THK.dll
T4jVQ.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!