× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
File name: Sysinternals installer
Detection ratio: 48 / 63
Analysis date: 2018-07-04 06:39:17 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.Duqu.F 20180704
AegisLab Troj.W32.Duqu2.gen!c 20180704
AhnLab-V3 Trojan/Win32.Duqu.C881970 20180703
ALYac Trojan.Agent.duqu 20180704
Antiy-AVL Trojan/Win32.Duqu2 20180704
Arcabit Trojan.Duqu.F 20180704
Avast Win32:Duqu-M [Trj] 20180704
AVG Win32:Duqu-M [Trj] 20180704
Avira (no cloud) TR/Spy.A.2446 20180703
AVware Win32.Malware!Drop 20180704
BitDefender Trojan.Duqu.F 20180704
Bkav W32.RuswinupLTU.Trojan 20180703
CAT-QuickHeal TrojanAPT.Duqu.A2 20180703
Comodo .UnclassifiedMalware 20180704
Cyren W32/Duqu.WTIS-9011 20180704
DrWeb Trojan.Duqu.4 20180704
Emsisoft Trojan.Duqu.F (B) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Duqu.D 20180704
F-Prot W32/Duqu2.E 20180704
Fortinet W32/Duqu.A!tr 20180704
GData Win32.Trojan.Duqu.C 20180704
Ikarus Trojan.Win32.Duqu 20180703
K7AntiVirus Trojan ( 004c57c41 ) 20180704
K7GW Trojan ( 004c57c41 ) 20180704
Kaspersky HEUR:Trojan.Win32.Duqu2.gen 20180704
Malwarebytes Backdoor.Duqu.VT 20180704
MAX malware (ai score=100) 20180704
McAfee PWS-Duqu.b 20180704
McAfee-GW-Edition PWS-Duqu.b 20180704
Microsoft Trojan:Win32/Duqu2.H!dha 20180704
eScan Trojan.Duqu.F 20180704
NANO-Antivirus Trojan.Win32.Duqu2.dsrgup 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Panda Trj/GdSda.A 20180703
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20180704
Sophos AV Troj/Duqu-I 20180704
Symantec W32.Duqu.B 20180704
TACHYON Trojan/W32.Duqu2.14336 20180704
Tencent Win32.Trojan.Duqu2.Infh 20180704
TheHacker Trojan/Duqu.d 20180628
VBA32 OScope.Trojan.Duqu2 20180629
VIPRE Win32.Malware!Drop 20180704
ViRobot Trojan.Win32.Duqu.14336 20180704
Webroot W32.Trojan.Duqu 20180704
Yandex Trojan.Duqu2! 20180703
Zillya Trojan.Duqu2.Win32.6 20180703
ZoneAlarm by Check Point HEUR:Trojan.Win32.Duqu2.gen 20180704
Avast-Mobile 20180704
Babable 20180406
Baidu 20180704
ClamAV 20180704
CMC 20180703
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180704
F-Secure 20180704
Sophos ML 20180601
Jiangmin 20180703
Kingsoft 20180704
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180704
TotalDefense 20180704
Trustlook 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2014 Mark Russinovich

Product Process Explorer
Original name svcmsi_32.dll
Internal name Sysinternals installer
File version 16.0
Description Sysinternals Process Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-25 10:28:43
Entry Point 0x00002ED3
Number of sections 5
PE sections
PE imports
RegQueryValueExW
CreateThread
RtlUnwind
TerminateThread
WaitForSingleObject
VirtualFree
CloseHandle
VirtualProtect
VirtualAlloc
SetLastError
wsprintfW
Ord(120)
Ord(74)
Ord(114)
Ord(159)
Ord(49)
Ord(32)
Ord(26)
Ord(8)
Ord(160)
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Copyright (C) 1998-2014 Mark Russinovich

SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
16.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Sysinternals Process Explorer

CharacterSet
Windows, Latin1

InitializedDataSize
5120

EntryPoint
0x2ed3

OriginalFileName
svcmsi_32.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2014 Mark Russinovich

FileVersion
16.0

TimeStamp
2004:01:25 11:28:43+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Sysinternals installer

ProductVersion
16.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
8192

ProductName
Process Explorer

ProductVersionNumber
16.0.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 089a14f69a31ea5e9a5b375dc0c46e45
SHA1 b120620b5d82b05fee2c2153ceaf305807fa9f79
SHA256 6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
ssdeep
192:wC0Uy0gtm4uLgCikFxuqGMzSaYy4P79HqaDlA9aIDiyKguKuMu8:9y0c4LxurMzSaYy4P43IIey5uMu8

authentihash fdc22bbdc5c52dfef634768422b51288b26113255c0d9791c7b42ba675943886
imphash 7389da603f01fb559be22a6c5ef7799a
File size 14.0 KB ( 14336 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2015-06-10 07:16:56 UTC ( 3 years, 1 month ago )
Last submission 2018-05-01 17:40:35 UTC ( 2 months, 2 weeks ago )
File names qSJNQ.lnk
Sysinternals installer
svcmsi_32.dll
089a14f69a31ea5e9a5b375dc0c46e45
089a14f69a31ea5e9a5b375dc0c46e45
089a14f69a31ea5e9a5b375dc0c46e45
dll_startAction_6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
089a14f69a31ea5e9a5b375dc0c46e45
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f.infected
089A14F69A31EA5E9A5B375DC0C46E45
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!