× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
File name: Sysinternals installer
Detection ratio: 52 / 68
Analysis date: 2018-08-10 13:16:57 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Duqu.F 20180810
AegisLab Trojan.Win32.Generic.4!c 20180810
AhnLab-V3 Trojan/Win32.Duqu.C881970 20180810
ALYac Trojan.Agent.duqu 20180810
Antiy-AVL Trojan/Win32.Duqu2 20180810
Arcabit Trojan.Duqu.F 20180810
Avast Win32:Duqu-M [Trj] 20180810
AVG Win32:Duqu-M [Trj] 20180810
Avira (no cloud) TR/SPY.A.2446 20180810
AVware Win32.Malware!Drop 20180810
BitDefender Trojan.Duqu.F 20180810
Bkav W32.RuswinupLTU.Trojan 20180810
CAT-QuickHeal TrojanAPT.Duqu.A2 20180810
Cylance Unsafe 20180810
Cyren W32/Duqu.WTIS-9011 20180810
DrWeb Trojan.Duqu.4 20180810
Emsisoft Trojan.Duqu.F (B) 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Duqu.D 20180810
F-Prot W32/Duqu2.E 20180810
F-Secure Trojan:W32/DuquLoader.A 20180810
Fortinet W32/Duqu.A!tr 20180810
GData Win32.Trojan.Duqu.C 20180810
Ikarus Trojan.Win32.Duqu 20180810
K7AntiVirus Trojan ( 004c57c41 ) 20180810
K7GW Trojan ( 004c57c41 ) 20180810
Kaspersky HEUR:Trojan.Win32.Duqu2.gen 20180810
Malwarebytes Backdoor.Duqu.VT 20180810
MAX malware (ai score=100) 20180810
McAfee PWS-Duqu.b 20180810
McAfee-GW-Edition PWS-Duqu.b 20180810
Microsoft Trojan:Win32/Duqu2.H!dha 20180810
eScan Trojan.Duqu.F 20180810
NANO-Antivirus Trojan.Win32.Duqu2.dsrgup 20180810
Palo Alto Networks (Known Signatures) generic.ml 20180810
Panda Trj/Duqu.C 20180810
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20180810
Rising Trojan.Win64.Duqu2.w (CLASSIC) 20180810
Sophos AV Troj/Duqu-I 20180810
Symantec W32.Duqu.B 20180810
TACHYON Trojan/W32.Duqu2.14336 20180810
Tencent Win32.Trojan.Duqu2.Infh 20180810
TheHacker Trojan/Duqu.d 20180807
TrendMicro TROJ_DUQU.SV 20180810
TrendMicro-HouseCall TROJ_DUQU.SV 20180810
VBA32 OScope.Trojan.Duqu2 20180810
VIPRE Win32.Malware!Drop 20180810
ViRobot Trojan.Win32.Duqu.14336 20180810
Webroot W32.Trojan.Duqu 20180810
Yandex Trojan.Duqu2! 20180810
Zillya Trojan.Duqu2.Win32.6 20180809
ZoneAlarm by Check Point HEUR:Trojan.Win32.Duqu2.gen 20180810
Alibaba 20180713
Avast-Mobile 20180810
Babable 20180725
Baidu 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20180810
Sophos ML 20180717
Jiangmin 20180810
Kingsoft 20180810
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TotalDefense 20180810
Trustlook 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2014 Mark Russinovich

Product Process Explorer
Original name svcmsi_32.dll
Internal name Sysinternals installer
File version 16.0
Description Sysinternals Process Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-25 10:28:43
Entry Point 0x00002ED3
Number of sections 5
PE sections
PE imports
RegQueryValueExW
CreateThread
RtlUnwind
TerminateThread
WaitForSingleObject
VirtualFree
CloseHandle
VirtualProtect
VirtualAlloc
SetLastError
wsprintfW
Ord(120)
Ord(74)
Ord(114)
Ord(159)
Ord(49)
Ord(32)
Ord(26)
Ord(8)
Ord(160)
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Copyright (C) 1998-2014 Mark Russinovich

SubsystemVersion
5.1

InitializedDataSize
5120

ImageVersion
0.0

ProductName
Process Explorer

FileVersionNumber
16.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
dll

OriginalFileName
svcmsi_32.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
16.0

TimeStamp
2004:01:25 11:28:43+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Sysinternals installer

ProductVersion
16.0

FileDescription
Sysinternals Process Explorer

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 1998-2014 Mark Russinovich

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
8192

FileSubtype
0

ProductVersionNumber
16.0.0.0

EntryPoint
0x2ed3

ObjectFileType
Executable application

File identification
MD5 089a14f69a31ea5e9a5b375dc0c46e45
SHA1 b120620b5d82b05fee2c2153ceaf305807fa9f79
SHA256 6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
ssdeep
192:wC0Uy0gtm4uLgCikFxuqGMzSaYy4P79HqaDlA9aIDiyKguKuMu8:9y0c4LxurMzSaYy4P43IIey5uMu8

authentihash fdc22bbdc5c52dfef634768422b51288b26113255c0d9791c7b42ba675943886
imphash 7389da603f01fb559be22a6c5ef7799a
File size 14.0 KB ( 14336 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2015-06-10 07:16:56 UTC ( 3 years, 5 months ago )
Last submission 2018-05-01 17:40:35 UTC ( 6 months, 2 weeks ago )
File names qSJNQ.lnk
Sysinternals installer
svcmsi_32.dll
089a14f69a31ea5e9a5b375dc0c46e45
089a14f69a31ea5e9a5b375dc0c46e45
089a14f69a31ea5e9a5b375dc0c46e45
dll_startAction_6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
089a14f69a31ea5e9a5b375dc0c46e45
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f.infected
drprov.dll
089A14F69A31EA5E9A5B375DC0C46E45
6b146e3a59025d7085127b552494e8aaf76450a19c249bfed0b4c09f328e564f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!