× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80
File name: 6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80....
Detection ratio: 8 / 61
Analysis date: 2017-03-15 10:21:15 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170315
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170222
Sophos ML backdoor.win32.prosti.l 20170203
K7GW Trojan ( 700001211 ) 20170315
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20170315
Rising Malware.Generic.2!tfe (thunder:2:dri7fhXtOiD) 20170315
Symantec ML.Attribute.HighConfidence 20170314
Ad-Aware 20170315
AegisLab 20170315
AhnLab-V3 20170314
Alibaba 20170228
ALYac 20170315
Antiy-AVL 20170315
Arcabit 20170315
Avast 20170315
AVG 20170315
Avira (no cloud) 20170315
AVware 20170315
BitDefender 20170315
Bkav 20170314
CAT-QuickHeal 20170314
ClamAV 20170315
CMC 20170315
Comodo 20170315
Cyren 20170315
DrWeb 20170315
Emsisoft 20170315
ESET-NOD32 20170315
F-Prot 20170315
F-Secure 20170315
Fortinet 20170315
GData 20170315
Ikarus 20170315
Jiangmin 20170315
K7AntiVirus 20170315
Kaspersky 20170315
Kingsoft 20170315
Malwarebytes 20170315
McAfee 20170315
McAfee-GW-Edition 20170315
Microsoft 20170315
eScan 20170315
NANO-Antivirus 20170315
nProtect 20170315
Palo Alto Networks (Known Signatures) 20170315
Panda 20170314
Sophos AV 20170315
SUPERAntiSpyware 20170315
Symantec Mobile Insight 20170315
Tencent 20170315
TheHacker 20170315
TotalDefense 20170315
TrendMicro 20170315
TrendMicro-HouseCall 20170315
Trustlook 20170315
VBA32 20170315
VIPRE 20170315
ViRobot 20170315
Webroot 20170315
WhiteArmor 20170303
Yandex 20170312
Zillya 20170314
ZoneAlarm by Check Point 20170315
Zoner 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PDH.DLL
Internal name PDH.DLL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Performance Data Helper DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2023-08-22 21:28:18
Entry Point 0x0001E2C0
Number of sections 10
PE sections
PE imports
AreFileApisANSI
GetVolumePathNameW
LoadLibraryW
GetDriveTypeA
DeleteTimerQueueEx
GetThreadLocale
QueueUserAPC
FindFirstChangeNotificationW
GetWindowsDirectoryW
VirtualFreeEx
WaitForMultipleObjects
GetConsoleTitleW
GetCurrentDirectoryA
GetStartupInfoW
FindVolumeMountPointClose
GetProcAddress
AddAtomW
OpenMutexA
lstrcpynW
EraseTape
GetDiskFreeSpaceW
SetTimerQueueTimer
GlobalAddAtomA
GlobalMemoryStatusEx
FindFirstFileExW
GetModuleHandleW
GetBinaryTypeA
SetEnvironmentVariableA
EnumDateFormatsW
FindAtomA
GetLongPathNameA
SetVolumeLabelA
GetPrivateProfileSectionA
PrepareTape
FindFirstVolumeMountPointA
VarCyFromI1
SHFreeNameMappings
wnsprintfW
ReleaseDC
GetThreadDesktop
TabbedTextOutW
mbtowc
clearerr
memset
_sprintf_l
wcscmp
putchar
sscanf
isupper
iswgraph
strncpy
PdhGetDefaultPerfCounterA
CreateAsyncBindCtx
CoInternetCombineUrl
CoInternetGetSecurityUrl
FaultInIEFeature
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
0

ImageVersion
1.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
197.0

FileTypeExtension
exe

OriginalFileName
PDH.DLL

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2023:08:22 22:28:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDH.DLL

ProductVersion
6.1.7601.17514

FileDescription
Windows Performance Data Helper DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
23552

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x1e2c0

ObjectFileType
Dynamic link library

File identification
MD5 802eb0928efd197e78afb1c6a5aa1915
SHA1 8881a514f5db6049a593c43a191b375aa1a17f06
SHA256 6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80
ssdeep
3072:yWe/mqvldi8OA0IgOgSSUohbtwzS1uNt9XTZv:kPNd5OA0IrNEwDN39

authentihash 89abb29ebd9f880592a842995a0ae54c7377d38ac5964d0a6c824adf02db3cff
imphash d8f592aed0100a83b4617282a4a14168
File size 117.8 KB ( 120656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-15 10:21:15 UTC ( 2 years, 1 month ago )
Last submission 2017-08-19 01:21:33 UTC ( 1 year, 8 months ago )
File names YqaAKsm1.exe
PDH.DLL
6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80.bin.exe
hjg6657.exe
hjg6657
YqaAKsm2.exe
aa
5geh.bin
vo5_8.ini
hjg6657.exe
YqaAKsm1.exe
VirusShare_802eb0928efd197e78afb1c6a5aa1915
hjg6657.exe
YqaAKsm1.exe
hjg6657.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!