× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80
File name: hjg6657
Detection ratio: 44 / 61
Analysis date: 2017-03-18 22:47:40 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4601380 20170318
AegisLab Ml.Attribute.Gen!c 20170318
AhnLab-V3 Trojan/Win32.Agent.C1861298 20170318
ALYac Trojan.Dridex.A 20170318
Arcabit Trojan.Generic.D463624 20170318
AVG BackDoor.Generic19.BEMR 20170318
Avira (no cloud) TR/Crypt.Xpack.ojohu 20170318
AVware Trojan.Win32.Generic!BT 20170318
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170318
BitDefender Trojan.GenericKD.4601380 20170318
CAT-QuickHeal Backdoor.Dridex 20170318
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.EHDU-1481 20170318
DrWeb Trojan.PWS.Siggen1.63078 20170318
Emsisoft Trojan.Dridex (A) 20170318
Endgame malicious (moderate confidence) 20170317
ESET-NOD32 Win32/Dridex.AX 20170318
F-Prot W32/Trojan2.PTMI 20170318
F-Secure Trojan.GenericKD.4601380 20170318
Fortinet W32/Dridex.CGEJDEM!tr.bdr 20170318
GData Trojan.GenericKD.4601380 20170318
Ikarus Trojan.SuspectCRC 20170318
Sophos ML backdoor.win32.prosti.l 20170203
K7AntiVirus Trojan ( 004fe5cb1 ) 20170318
K7GW Trojan ( 700001211 ) 20170317
Kaspersky Backdoor.Win32.Dridex.cy 20170318
Malwarebytes Trojan.Dridex 20170318
McAfee RDN/Generic BackDoor 20170318
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170318
Microsoft Trojan:Win32/Dynamer!ac 20170318
eScan Trojan.GenericKD.4601380 20170318
NANO-Antivirus Trojan.Win32.Dridex.emnohe 20170318
nProtect Backdoor/W32.Dridex.120656 20170318
Palo Alto Networks (Known Signatures) generic.ml 20170318
Panda Trj/Dridex.C 20170318
Rising Malware.Generic.2!tfe (thunder:2:dri7fhXtOiD) 20170318
Sophos AV Mal/Generic-S 20170318
Symantec Trojan.Cridex 20170318
Tencent Win32.Backdoor.Dridex.Dwje 20170318
TrendMicro BKDR_DRIDEX.YYSSN 20170318
TrendMicro-HouseCall BKDR_DRIDEX.YYSSN 20170318
VIPRE Trojan.Win32.Generic!BT 20170318
Webroot W32.Trojan.Gen 20170318
ZoneAlarm by Check Point Backdoor.Win32.Dridex.cy 20170318
Alibaba 20170228
Antiy-AVL 20170318
Avast 20170318
Bkav 20170318
ClamAV 20170318
CMC 20170317
Comodo 20170318
Jiangmin 20170318
Kingsoft 20170318
Qihoo-360 20170318
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170318
TheHacker 20170318
Trustlook 20170318
VBA32 20170317
ViRobot 20170318
WhiteArmor 20170315
Yandex 20170318
Zillya 20170317
Zoner 20170318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PDH.DLL
Internal name PDH.DLL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Performance Data Helper DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2023-08-22 21:28:18
Entry Point 0x0001E2C0
Number of sections 10
PE sections
PE imports
AreFileApisANSI
GetVolumePathNameW
LoadLibraryW
GetDriveTypeA
DeleteTimerQueueEx
GetThreadLocale
QueueUserAPC
FindFirstChangeNotificationW
GetWindowsDirectoryW
VirtualFreeEx
WaitForMultipleObjects
GetConsoleTitleW
GetCurrentDirectoryA
GetStartupInfoW
FindVolumeMountPointClose
GetProcAddress
AddAtomW
OpenMutexA
lstrcpynW
EraseTape
GetDiskFreeSpaceW
SetTimerQueueTimer
GlobalAddAtomA
GlobalMemoryStatusEx
FindFirstFileExW
GetModuleHandleW
GetBinaryTypeA
SetEnvironmentVariableA
EnumDateFormatsW
FindAtomA
GetLongPathNameA
SetVolumeLabelA
GetPrivateProfileSectionA
PrepareTape
FindFirstVolumeMountPointA
VarCyFromI1
SHFreeNameMappings
wnsprintfW
ReleaseDC
GetThreadDesktop
TabbedTextOutW
mbtowc
clearerr
memset
_sprintf_l
wcscmp
putchar
sscanf
isupper
iswgraph
strncpy
PdhGetDefaultPerfCounterA
CreateAsyncBindCtx
CoInternetCombineUrl
CoInternetGetSecurityUrl
FaultInIEFeature
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
0

ImageVersion
1.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
197.0

FileTypeExtension
exe

OriginalFileName
PDH.DLL

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2023:08:22 22:28:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDH.DLL

ProductVersion
6.1.7601.17514

FileDescription
Windows Performance Data Helper DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
23552

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x1e2c0

ObjectFileType
Dynamic link library

File identification
MD5 802eb0928efd197e78afb1c6a5aa1915
SHA1 8881a514f5db6049a593c43a191b375aa1a17f06
SHA256 6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80
ssdeep
3072:yWe/mqvldi8OA0IgOgSSUohbtwzS1uNt9XTZv:kPNd5OA0IrNEwDN39

authentihash 89abb29ebd9f880592a842995a0ae54c7377d38ac5964d0a6c824adf02db3cff
imphash d8f592aed0100a83b4617282a4a14168
File size 117.8 KB ( 120656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-15 10:21:15 UTC ( 1 year, 11 months ago )
Last submission 2017-08-19 01:21:33 UTC ( 1 year, 6 months ago )
File names YqaAKsm1.exe
PDH.DLL
6a1cd455f09b4317a52c34527c2b5ab76d7e8735464a1d91811e1dbc0bce3d80.bin.exe
hjg6657.exe
hjg6657
YqaAKsm2.exe
aa
5geh.bin
vo5_8.ini
hjg6657.exe
YqaAKsm1.exe
VirusShare_802eb0928efd197e78afb1c6a5aa1915
hjg6657.exe
YqaAKsm1.exe
hjg6657.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!