× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d1c84c6855d9b6965182f3be1cc4275d7f2f22c944953f99ac0813a4ce88e97
Detection ratio: 34 / 66
Analysis date: 2018-05-08 13:58:41 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.314344 20180508
AegisLab Ml.Attribute.Gen!c 20180508
ALYac Gen:Variant.Razy.314344 20180508
Arcabit Trojan.Razy.D4CBE8 20180508
Avast Win32:Malware-gen 20180508
AVG Win32:Malware-gen 20180508
Avira (no cloud) TR/Crypt.ZPACK.jqgmx 20180508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180508
BitDefender Gen:Variant.Razy.314344 20180508
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180508
Cyren W32/Trojan.MHDC-6007 20180508
DrWeb Trojan.MulDrop8.2511 20180508
eGambit Unsafe.AI_Score_100% 20180508
Emsisoft Gen:Variant.Razy.314344 (B) 20180508
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Razy.314344 20180508
Fortinet W32/Emotet.ALHO!tr 20180508
GData Gen:Variant.Razy.314344 20180508
Ikarus Trojan.Crypt 20180508
Sophos ML heuristic 20180503
Kaspersky Trojan-Banker.Win32.Emotet.alho 20180508
MAX malware (ai score=83) 20180508
McAfee Emotet-FDM!F71EA8289672 20180508
McAfee-GW-Edition Emotet-FDM!F71EA8289672 20180508
eScan Gen:Variant.Razy.314344 20180508
NANO-Antivirus Trojan.Win32.Emotet.fbdjog 20180508
Panda Trj/CI.A 20180508
Sophos AV Mal/Generic-S 20180508
Symantec Trojan.Gen.2 20180508
Tencent Win32.Trojan-banker.Emotet.Ebgo 20180508
TrendMicro TROJ_GEN.R00EC0PE618 20180508
TrendMicro-HouseCall TROJ_GEN.R00EC0PE618 20180508
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.alho 20180508
AhnLab-V3 20180507
Alibaba 20180508
Antiy-AVL 20180508
Avast-Mobile 20180508
AVware 20180428
Babable 20180406
Bkav 20180508
CAT-QuickHeal 20180508
ClamAV 20180508
CMC 20180508
Comodo 20180508
Cybereason None
ESET-NOD32 20180508
F-Prot 20180508
Jiangmin 20180508
K7AntiVirus 20180508
K7GW 20180508
Kingsoft 20180508
Malwarebytes 20180508
Microsoft 20180508
nProtect 20180508
Palo Alto Networks (Known Signatures) 20180508
Qihoo-360 20180508
Rising 20180508
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
TheHacker 20180504
Trustlook 20180508
VBA32 20180508
VIPRE 20180508
ViRobot 20180508
Webroot 20180508
Yandex 20180506
Zillya 20180508
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Microsoft.Assessments.dll
Internal name Microsoft.Assessments.dll
File version 6.2.9200.16384 (win8_rtm.120725-1247)
Description Microsoft Assessments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-01 14:42:31
Entry Point 0x00001610
Number of sections 6
PE sections
PE imports
EnumServicesStatusA
LogonUserExW
IsTokenRestricted
GetClusterFromResource
PolyPolyline
CreateRectRgn
LineDDA
DeleteColorSpace
GetDIBits
DeleteObject
GetVolumePathNameW
GlobalFindAtomW
IsValidCodePage
GetStringTypeExW
FindAtomA
DebugBreak
FormatMessageA
GetTapePosition
lstrlenW
GetProcessHeap
wglGetProcAddress
ExtractIconA
FindExecutableA
wnsprintfW
InitializeSecurityContextW
DestroyIcon
GetCursorInfo
GetKeyboardLayout
GetWindowPlacement
GetClassInfoW
GetCaretPos
GetKeyboardType
GetUrlCacheEntryInfoExA
DeletePrinterDriverW
GetPrintProcessorDirectoryW
GetColorProfileElement
GetClassFileOrMime
Number of PE resources by type
WEVT_TEMPLATE 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.2.9200.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Assessments

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
dll

OriginalFileName
Microsoft.Assessments.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.2.9200.16384 (win8_rtm.120725-1247)

TimeStamp
2018:05:01 15:42:31+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Microsoft.Assessments.dll

ProductVersion
6.2.9200.16384

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
2063370106

FileSubtype
0

ProductVersionNumber
6.2.9200.16384

EntryPoint
0x1610

ObjectFileType
Dynamic link library

File identification
MD5 f71ea8289672e4358fff0c5113b97b81
SHA1 a5711400e95dba913f4b392021db6412710ffc78
SHA256 6d1c84c6855d9b6965182f3be1cc4275d7f2f22c944953f99ac0813a4ce88e97
ssdeep
6144:fQ/ZtjwCNXn7DmirGNX/cT/+gQ7rQQ9oyE2DqRLjI0NonabvTtt8QLrwXY:ofwKrDmEGNaWgQkyE2DqRdNJTtqwN

authentihash c793236564462fed89dd9631a798cd2befc1dcfcca7764e76bdcb8050f67b695
imphash cf9c363702aedd0e2c126abbdd7233f2
File size 492.0 KB ( 503808 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-05-01 22:00:33 UTC ( 7 months, 1 week ago )
Last submission 2018-05-08 13:58:41 UTC ( 7 months ago )
File names Microsoft.Assessments.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!