× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7485c2b1f690052bc7e1a9ead6c2e400947cb52477773ed285105fbeb35f6080
File name: sdfa.exe
Detection ratio: 37 / 57
Analysis date: 2015-08-20 05:44:04 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2642424 20150820
Yandex Backdoor.Agent!bUWB/RImbkU 20150819
AhnLab-V3 Trojan/Win32.Dynamer 20150820
ALYac Trojan.GenericKD.2642424 20150820
Arcabit Trojan.Generic.D2851F8 20150820
Avast Win32:Malware-gen 20150820
AVG Crypt4.BYKD 20150819
Avira (no cloud) TR/AD.Dridex.Y.4 20150820
AVware Trojan.Win32.Generic!BT 20150820
Baidu-International Backdoor.Win32.Agent.gnov 20150819
BitDefender Trojan.GenericKD.2642424 20150820
Emsisoft Trojan.GenericKD.2642424 (B) 20150820
ESET-NOD32 Win32/Dridex.P 20150820
F-Secure Trojan.GenericKD.2642424 20150820
Fortinet W32/Dridex.P!tr 20150820
GData Trojan.GenericKD.2642424 20150820
Ikarus Trojan.Win32.Dridex 20150820
K7AntiVirus Trojan ( 004beebb1 ) 20150820
K7GW Trojan ( 004beebb1 ) 20150820
Kaspersky Backdoor.Win32.Agent.gnov 20150820
Malwarebytes Backdoor.Bot 20150820
McAfee Trojan-Dridex 20150820
McAfee-GW-Edition Trojan-Dridex 20150820
Microsoft Trojan:Win32/Dynamer!ac 20150820
eScan Trojan.GenericKD.2642424 20150820
NANO-Antivirus Trojan.Win32.Agent.dvgkqo 20150820
nProtect Trojan.GenericKD.2642424 20150819
Panda Trj/Genetic.gen 20150819
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150820
Sophos AV Mal/Generic-S 20150820
Symantec Trojan.Gen.2 20150819
TheHacker Trojan/Dridex.p 20150820
TrendMicro TSPY_DRIDEX.BD 20150820
TrendMicro-HouseCall TSPY_DRIDEX.BD 20150820
VIPRE Trojan.Win32.Generic!BT 20150820
ViRobot Trojan.Win32.S.Agent.274432.UQ[h] 20150820
Zillya Trojan.Dridex.Win32.215 20150820
AegisLab 20150820
Alibaba 20150820
Antiy-AVL 20150820
Bkav 20150819
ByteHero 20150820
CAT-QuickHeal 20150819
ClamAV 20150820
CMC 20150819
Comodo 20150820
Cyren 20150820
DrWeb 20150820
F-Prot 20150820
Jiangmin 20150819
Kingsoft 20150820
Rising 20150817
SUPERAntiSpyware 20150820
Tencent 20150820
TotalDefense 20150820
VBA32 20150819
Zoner 20150820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name HGCPL.DLL
Internal name HGCPL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description HomeGroup Control Panel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-10-18 04:07:24
Entry Point 0x0000104B
Number of sections 11
PE sections
PE imports
PathIsFileSpecA
_chkstk
_allrem
Number of PE resources by type
RT_ICON 33
RT_GROUP_ICON 4
UIFILE 3
RT_RCDATA 2
XMLFILE 1
WEVT_TEMPLATE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 45
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
237568

EntryPoint
0x104b

OriginalFileName
HGCPL.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
1992:10:18 05:07:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HGCPL

ProductVersion
6.1.7601.17514

FileDescription
HomeGroup Control Panel

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36864

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c71512f731fd9e9ca7c05d8caf4fef63
SHA1 0784b484b9ebc495619d62767742dacecc6b170d
SHA256 7485c2b1f690052bc7e1a9ead6c2e400947cb52477773ed285105fbeb35f6080
ssdeep
3072:sN1HCgu5bW97vfL4jSe3itq10d0v3fu4NC0UyS2wnpL:uCnM7b453iO0d0PLC0Htw

authentihash 4c57caf039d277a676ea8a45b977d0be05ed22cdd37a93ec3f2d2e51e78147ef
imphash 81755d8691b9845a169027f8dd1f94a6
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-13 23:32:52 UTC ( 3 years, 9 months ago )
Last submission 2015-08-13 23:32:52 UTC ( 3 years, 9 months ago )
File names sdfa.exe
HGCPL.DLL
HGCPL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections