× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75717e7acf4f41de953e0c6f57986844bc21dcda546d5a37371ad8d5a7952782
File name: Sensor API
Detection ratio: 48 / 66
Analysis date: 2018-03-16 11:58:39 UTC ( 8 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3458158 20180316
AegisLab Uds.Dangerousobject.Multi!c 20180316
AhnLab-V3 Trojan/Win32.Dridex.C1551916 20180316
ALYac Trojan.GenericKD.3458158 20180316
Antiy-AVL Trojan/Win32.TSGeneric 20180316
Arcabit Trojan.Generic.D34C46E 20180316
Avast FileRepMalware 20180316
AVG FileRepMalware 20180316
Avira (no cloud) TR/Crypt.Xpack.xsvp 20180316
AVware Trojan.Win32.Generic!BT 20180316
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180316
BitDefender Trojan.GenericKD.3458158 20180316
CAT-QuickHeal Trojan.Dynamer 20180315
ClamAV Win.Ransomware.Razy-269 20180315
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180316
Cyren W32/Trojan.GULA-4413 20180316
DrWeb Trojan.Inject2.26827 20180316
eGambit Unsafe.AI_Score_99% 20180316
Emsisoft Trojan.GenericKD.3458158 (B) 20180316
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/Kryptik.FFBE 20180316
F-Secure Trojan.GenericKD.3458158 20180316
Fortinet W32/Kryptik.FBDR!tr 20180316
GData Trojan.GenericKD.3458158 20180316
Ikarus Trojan.Win32.Dridex 20180316
K7AntiVirus Riskware ( 0040eff71 ) 20180316
K7GW Riskware ( 0040eff71 ) 20180316
Kaspersky HEUR:Trojan.Win32.Generic 20180316
MAX malware (ai score=100) 20180316
McAfee Artemis!D58EC78A177B 20180316
McAfee-GW-Edition BehavesLike.Win32.Generic.fm 20180316
eScan Trojan.GenericKD.3458158 20180316
NANO-Antivirus Trojan.Win32.Inject.efmbnw 20180316
Palo Alto Networks (Known Signatures) generic.ml 20180316
Panda Trj/CI.A 20180315
Rising Trojan.Kryptik!8.8 (TFE:5:biPZTPCyLKU) 20180316
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Dridex-VV 20180316
Symantec Trojan.Cridex 20180316
Tencent Win32.Trojan.Bp-generic.Wpav 20180316
TrendMicro TROJ_DYNAMER.LSP 20180316
TrendMicro-HouseCall TROJ_DYNAMER.LSP 20180316
VIPRE Trojan.Win32.Generic!BT 20180316
Webroot W32.Malware.Heur 20180316
Yandex Trojan.Razy! 20180316
Zillya Trojan.Razy.Win32.197 20180316
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180316
Alibaba 20180316
Avast-Mobile 20180316
Bkav 20180316
CMC 20180316
Comodo 20180316
Cybereason None
F-Prot 20180316
Sophos ML 20180121
Jiangmin 20180316
Kingsoft 20180316
Malwarebytes 20180316
Microsoft 20180316
nProtect 20180316
Qihoo-360 20180316
SUPERAntiSpyware 20180316
Symantec Mobile Insight 20180311
TheHacker 20180311
Trustlook 20180316
VBA32 20180316
ViRobot 20180316
WhiteArmor 20180223
Zoner 20180316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SensorsApi.dll
Internal name Sensor API
File version 6.3.9605.17415 (winblue_r4.141028-1500)
Description Sensor API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2036-06-02 17:37:47
Entry Point 0x00054350
Number of sections 14
PE sections
PE imports
GetDriveTypeW
GetSystemInfo
CreateWaitableTimerA
QueryPerformanceCounter
GetPrivateProfileSectionNamesW
GetVolumePathNameA
LoadLibraryA
SetInformationJobObject
SetupComm
CancelWaitableTimer
EnterCriticalSection
SetConsoleCtrlHandler
WritePrivateProfileSectionW
GetCurrentDirectoryA
SetFileShortNameA
GetCurrentActCtx
QueryMemoryResourceNotification
SetSystemTimeAdjustment
GetCurrentThread
SetPriorityClass
SetEnvironmentVariableW
DeleteAtom
CreateHardLinkW
FreeConsole
GetComputerNameA
SetSystemTime
ReadConsoleA
SetConsoleCP
MoveFileA
ResumeThread
ConvertThreadToFiber
VirtualQuery
Sleep
IsBadStringPtrA
GetFileAttributesExA
CreateFileA
PrepareTape
RemoveVectoredExceptionHandler
GetWindowLongA
wprintf
isprint
isspace
atan
WriteHitLogging
FindMimeFromData
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x54350

OriginalFileName
SensorsApi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9605.17415 (winblue_r4.141028-1500)

TimeStamp
2036:06:02 18:37:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sensor API

ProductVersion
6.3.9605.17415

FileDescription
Sensor API

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d58ec78a177b82da975f2a42edfcdbad
SHA1 ae99800e25d331403995c08fbbeef47a659ab804
SHA256 75717e7acf4f41de953e0c6f57986844bc21dcda546d5a37371ad8d5a7952782
ssdeep
3072:HeioUJpo8trXzw91Ef7XOQcsjS2PeNnzBIqPPHNA16tXrTe9Twzx/gebH:+lopdFzBjXORsjSjrX+16tbTe9Twl/l

authentihash 6cdef5fa8da253aba58e4bfd741dc000cc8744167d5af9d9d65fcb441dac1641
imphash ff4e118157190daea989adef68c661c8
File size 352.2 KB ( 360688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-11 12:55:38 UTC ( 2 years, 4 months ago )
Last submission 2018-03-15 09:40:11 UTC ( 8 months, 4 weeks ago )
File names Sensor API
malware.exe
SensorsApi.dll
config.ini
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications