× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 644b0841a378c434b3cee60be4d148a34a36e1ec032f40fb4484b819f82b4850
File name: 30e48cea-5a8e-11e8-8192-00ffbe9a247c
Detection ratio: 21 / 66
Analysis date: 2018-05-18 11:30:31 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.429071 20180518
ALYac Gen:Variant.Graftor.429071 20180518
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180518
BitDefender Gen:Variant.Graftor.429071 20180518
Bkav W32.eHeur.Malware12 20180518
Cylance Unsafe 20180518
Emsisoft Gen:Variant.Graftor.429071 (B) 20180518
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Graftor.429071 20180518
GData Gen:Variant.Graftor.429071 20180518
Sophos ML heuristic 20180503
MAX malware (ai score=83) 20180518
Microsoft Trojan:Win32/Fuerboos.A!cl 20180518
eScan Gen:Variant.Graftor.429071 20180518
Qihoo-360 HEUR/QVM20.1.3EB5.Malware.Gen 20180518
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180518
Symantec ML.Attribute.HighConfidence 20180518
TrendMicro TSPY_HPEMOTET.SMAL3 20180518
TrendMicro-HouseCall TSPY_HPEMOTET.SMAL3 20180518
VBA32 BScope.Trojan.Cloxer 20180517
AegisLab 20180518
AhnLab-V3 20180518
Alibaba 20180518
Antiy-AVL 20180518
Arcabit 20180518
Avast 20180518
Avast-Mobile 20180518
AVG 20180518
Avira (no cloud) 20180518
AVware 20180518
Babable 20180406
CAT-QuickHeal 20180518
ClamAV 20180518
CMC 20180518
Comodo 20180518
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180518
DrWeb 20180518
eGambit 20180518
ESET-NOD32 20180518
F-Prot 20180518
Fortinet 20180518
Ikarus 20180518
Jiangmin 20180518
K7AntiVirus 20180518
K7GW 20180518
Kaspersky 20180518
Kingsoft 20180518
Malwarebytes 20180518
McAfee 20180518
McAfee-GW-Edition 20180518
NANO-Antivirus 20180518
nProtect 20180518
Palo Alto Networks (Known Signatures) 20180518
Panda 20180518
Rising 20180518
SUPERAntiSpyware 20180518
Symantec Mobile Insight 20180517
Tencent 20180518
TheHacker 20180516
TotalDefense 20180518
Trustlook 20180518
VIPRE 20180518
ViRobot 20180518
Webroot 20180518
Yandex 20180518
Zillya 20180516
ZoneAlarm by Check Point 20180518
Zoner 20180517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DRVSTORE.DLL
Internal name drvstore.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Driver Store API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00002614
Number of sections 6
PE sections
PE imports
DeleteAce
RegSetKeySecurity
GetColorSpace
FlsFree
GetProcAddress
GetTickCount
FlsGetValue
GetModuleHandleW
VarI4FromCy
VkKeyScanExW
IsCharAlphaW
GetQueueStatus
SetWindowContextHelpId
RegisterRawInputDevices
GetClipboardData
InternetGetConnectedState
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x2614

OriginalFileName
DRVSTORE.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
drvstore.dll

ProductVersion
6.1.7601.17514

FileDescription
Driver Store API

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ecc5c94789250105c5e779623c0aff49
SHA1 054a8ab7d6eca52eaaef1122224f8c338545fa9b
SHA256 644b0841a378c434b3cee60be4d148a34a36e1ec032f40fb4484b819f82b4850
ssdeep
1536:tEVh6D9rPIMx8XV10YT/aenXi9umot10bogzn/lsliEfyt0ZU7lv:+h6BPXTjUJt10h/2iEq7l

authentihash 95382a68713cf35778a2d4540e6d7041b123371baaab4052b4139351e4d34733
imphash bee480ea01d3309877fd0cff4b8898ed
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-18 11:30:31 UTC ( 9 months, 1 week ago )
Last submission 2018-05-25 05:35:37 UTC ( 9 months ago )
File names drvstore.dll
30e48cea-5a8e-11e8-8192-00ffbe9a247c
DRVSTORE.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!