× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6868aa9b5c0bda8b790459693d3430e5b761f9f1d5f08ea05cea0f0f7b97ced8
File name: iMW7K4ibjN5a.exe
Detection ratio: 15 / 67
Analysis date: 2018-07-17 02:57:39 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180716
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180716
Bkav HW32.Packed.D135 20180716
Comodo Obfuscated.GEN 20180716
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180717
Endgame malicious (high confidence) 20180710
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180717
Microsoft Trojan:Win32/Cloxer.D!cl 20180717
Qihoo-360 HEUR/QVM20.1.8E1F.Malware.Gen 20180717
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgLrDBAK0onPww) 20180717
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180716
VBA32 BScope.TrojanBanker.Emotet 20180716
Ad-Aware 20180717
AegisLab 20180717
AhnLab-V3 20180716
Alibaba 20180713
ALYac 20180716
Antiy-AVL 20180716
Arcabit 20180717
Avast 20180716
Avast-Mobile 20180716
Avira (no cloud) 20180716
AVware 20180717
Babable 20180406
BitDefender 20180716
CAT-QuickHeal 20180716
ClamAV 20180716
CMC 20180716
Cybereason 20180225
Cyren 20180716
DrWeb 20180717
eGambit 20180717
Emsisoft 20180717
ESET-NOD32 20180717
F-Prot 20180716
F-Secure 20180716
Fortinet 20180716
GData 20180716
Ikarus 20180716
Jiangmin 20180717
K7AntiVirus 20180717
K7GW 20180716
Kaspersky 20180716
Kingsoft 20180717
Malwarebytes 20180717
MAX 20180717
McAfee 20180716
eScan 20180717
NANO-Antivirus 20180717
Palo Alto Networks (Known Signatures) 20180717
Panda 20180716
Sophos AV 20180717
SUPERAntiSpyware 20180717
TACHYON 20180717
Tencent 20180717
TheHacker 20180716
TotalDefense 20180716
TrendMicro 20180717
TrendMicro-HouseCall 20180717
Trustlook 20180717
VIPRE 20180717
ViRobot 20180717
Webroot 20180717
Yandex 20180716
ZoneAlarm by Check Point 20180717
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdur1.dll
Internal name kbdur1 (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Ukrainian (Enhanced) Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-17 02:32:36
Entry Point 0x0001210A
Number of sections 6
PE sections
PE imports
CryptDecrypt
CryptDecodeObjectEx
JetRetrieveKey
JetMakeKey
GetThreadId
lstrlenA
GetBinaryTypeA
VarCyCmp
RasRenameEntryW
DdeDisconnectList
ShowCursor
GetClipboardOwner
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Ukrainian (Enhanced) Keyboard Layout

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
10752

EntryPoint
0x1210a

OriginalFileName
kbdur1.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:07:16 19:32:36-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdur1 (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
74240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 01b9360ceca50541af3336d90bf9a4be
SHA1 62901f960aa4ce7895bb8ccbfd35d163aaddd2f4
SHA256 6868aa9b5c0bda8b790459693d3430e5b761f9f1d5f08ea05cea0f0f7b97ced8
ssdeep
1536:mPWL0Gf2lhmKy09Qlzxmzx1GCnzJzn+P:mPW4Gf825szDGezJ8

authentihash 616df8d39c7e240c070a95d054747348f327a9866cb04feaa31f9b135c4dcdbf
imphash 8600804ceacc95ae0be5e733979a0a9a
File size 80.0 KB ( 81920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-17 02:57:39 UTC ( 7 months, 1 week ago )
Last submission 2018-10-01 11:04:50 UTC ( 4 months, 3 weeks ago )
File names 22.exe
76.exe
3753.exe
kbdur1.dll
94530.exe
iMW7K4ibjN5a.exe
lookplugins.exe
556.exe
80034.exe
5.exe
16080326.exe
35.exe
9.exe
7472.exe
kbdur1 (3.13)
660.exe
57128270.exe
24691.exe
6859.exe
339600.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!