× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75717e7acf4f41de953e0c6f57986844bc21dcda546d5a37371ad8d5a7952782
File name: Sensor API
Detection ratio: 49 / 70
Analysis date: 2019-02-08 21:02:34 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190207
Ad-Aware Trojan.GenericKD.3458158 20190208
AhnLab-V3 Trojan/Win32.Dridex.C1551916 20190208
ALYac Trojan.GenericKD.3458158 20190208
Antiy-AVL Trojan/Win32.TSGeneric 20190208
Arcabit Trojan.Generic.D34C46E 20190208
Avast Win32:Evo-gen [Susp] 20190208
AVG FileRepMalware 20190208
Avira (no cloud) HEUR/AGEN.1032421 20190208
BitDefender Trojan.GenericKD.3458158 20190208
ClamAV Win.Ransomware.Razy-269 20190208
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.a177b8 20190109
Cylance Unsafe 20190208
DrWeb Trojan.Inject2.26827 20190208
eGambit Unsafe.AI_Score_99% 20190208
Emsisoft Trojan.GenericKD.3458158 (B) 20190208
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.FFBE 20190208
F-Secure Heuristic.HEUR/AGEN.1032421 20190208
Fortinet W32/Dridex.M!tr 20190208
GData Trojan.GenericKD.3458158 20190208
Ikarus Trojan.Win32.Dridex 20190208
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190208
K7GW Riskware ( 0040eff71 ) 20190208
Kaspersky Trojan.Win32.Razy.hbw 20190208
MAX malware (ai score=100) 20190208
McAfee Generic.cmq 20190208
McAfee-GW-Edition Generic.cmq 20190208
Microsoft Trojan:Win32/Dynamer!ac 20190208
eScan Trojan.GenericKD.3458158 20190208
NANO-Antivirus Trojan.Win32.Inject.efmbnw 20190208
Palo Alto Networks (Known Signatures) generic.ml 20190208
Panda Trj/CI.A 20190208
Qihoo-360 HEUR/QVM19.1.8735.Malware.Gen 20190208
Rising Trojan.Kryptik!8.8 (CLOUD) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Dridex-VV 20190208
Symantec Trojan.Cridex 20190208
Tencent Win32.Trojan.Bp-generic.Wpav 20190208
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_DYNAMER.LSP 20190208
TrendMicro-HouseCall TROJ_DYNAMER.LSP 20190208
VBA32 Trojan.Inject 20190208
Webroot W32.Malware.Heur 20190208
Yandex Trojan.Razy! 20190207
Zillya Trojan.Razy.Win32.197 20190208
ZoneAlarm by Check Point Trojan.Win32.Razy.hbw 20190208
AegisLab 20190208
Alibaba 20180921
Avast-Mobile 20190208
Babable 20180917
Baidu 20190201
Bkav 20190201
CAT-QuickHeal 20190208
CMC 20190208
Comodo 20190208
Cyren 20190208
F-Prot 20190208
Jiangmin 20190208
Kingsoft 20190208
Malwarebytes 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190206
TACHYON 20190207
TheHacker 20190203
TotalDefense 20190206
Trustlook 20190208
ViRobot 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SensorsApi.dll
Internal name Sensor API
File version 6.3.9605.17415 (winblue_r4.141028-1500)
Description Sensor API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2036-06-02 17:37:47
Entry Point 0x00054350
Number of sections 14
PE sections
PE imports
GetDriveTypeW
GetSystemInfo
CreateWaitableTimerA
QueryPerformanceCounter
GetPrivateProfileSectionNamesW
GetVolumePathNameA
LoadLibraryA
SetInformationJobObject
SetupComm
CancelWaitableTimer
EnterCriticalSection
SetConsoleCtrlHandler
WritePrivateProfileSectionW
GetCurrentDirectoryA
SetFileShortNameA
GetCurrentActCtx
QueryMemoryResourceNotification
SetSystemTimeAdjustment
GetCurrentThread
SetPriorityClass
SetEnvironmentVariableW
DeleteAtom
CreateHardLinkW
FreeConsole
GetComputerNameA
SetSystemTime
ReadConsoleA
SetConsoleCP
MoveFileA
ResumeThread
ConvertThreadToFiber
VirtualQuery
Sleep
IsBadStringPtrA
GetFileAttributesExA
CreateFileA
PrepareTape
RemoveVectoredExceptionHandler
GetWindowLongA
wprintf
isprint
isspace
atan
WriteHitLogging
FindMimeFromData
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
8192

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sensor API

ImageFileCharacteristics
Executable, No line numbers, No symbols, Aggressive working-set trim, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x54350

OriginalFileName
SensorsApi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9605.17415 (winblue_r4.141028-1500)

TimeStamp
2036:06:02 10:37:47-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sensor API

ProductVersion
6.3.9605.17415

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d58ec78a177b82da975f2a42edfcdbad
SHA1 ae99800e25d331403995c08fbbeef47a659ab804
SHA256 75717e7acf4f41de953e0c6f57986844bc21dcda546d5a37371ad8d5a7952782
ssdeep
3072:HeioUJpo8trXzw91Ef7XOQcsjS2PeNnzBIqPPHNA16tXrTe9Twzx/gebH:+lopdFzBjXORsjSjrX+16tbTe9Twl/l

authentihash 6cdef5fa8da253aba58e4bfd741dc000cc8744167d5af9d9d65fcb441dac1641
imphash ff4e118157190daea989adef68c661c8
File size 352.2 KB ( 360688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-11 12:55:38 UTC ( 2 years, 7 months ago )
Last submission 2018-03-15 09:40:11 UTC ( 1 year ago )
File names Sensor API
malware.exe
SensorsApi.dll
config.ini
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications