× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7857aee14778ed2af7918fd2ca4e09660347510bc7ae2d81646202adb8a9e3b1
File name: BROWSEUI.DLL
Detection ratio: 41 / 57
Analysis date: 2016-05-14 11:37:06 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Heur.Cridex.2 20160514
AVG Generic_s.BSH 20160514
AVware Trojan.Win32.Waledac.ee (v) 20160511
Ad-Aware Gen:Heur.Cridex.2 20160514
AhnLab-V3 Trojan/Win32.Tepfer 20160513
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20160514
Arcabit Trojan.Cridex.2 20160514
Avast Win32:Evo-gen [Susp] 20160514
Avira (no cloud) BDS/Kelihos.EB.2 20160514
Baidu-International Trojan.Win32.InfoStealer.nvye 20160514
BitDefender Gen:Heur.Cridex.2 20160514
CAT-QuickHeal Backdoor.Kelihos.F 20160514
Comodo TrojWare.Win32.Agent.iesg 20160514
Cyren W32/A-361b7502!Eldorado 20160514
DrWeb Trojan.PWS.Siggen1.6250 20160514
ESET-NOD32 a variant of Win32/Kryptik.BFYV 20160514
Emsisoft Gen:Heur.Cridex.2 (B) 20160514
F-Prot W32/A-361b7502!Eldorado 20160514
F-Secure Gen:Heur.Cridex.2 20160514
Fortinet W32/Kelihos.BC!tr 20160514
GData Gen:Heur.Cridex.2 20160514
Ikarus Trojan-PWS.Win32.Tepfer 20160514
K7AntiVirus Riskware ( 0040eff71 ) 20160514
K7GW Riskware ( 0040eff71 ) 20160514
Kaspersky HEUR:Trojan.Win32.Generic 20160514
Kingsoft Win32.Troj.Generic.a.(kcloud) 20160514
Malwarebytes Trojan.FakeMS.ED 20160514
McAfee Ransom-FAD!FBAD0969A3FE 20160514
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dc 20160514
eScan Gen:Heur.Cridex.2 20160514
Microsoft Trojan:Win32/Bulta!rfn 20160514
NANO-Antivirus Trojan.Win32.Tepfer.bxxgdr 20160514
Panda Trj/Genetic.gen 20160514
Qihoo-360 Win32/Trojan.PSW.1c2 20160514
Rising Malware.XPACK-HIE/Heur!1.9C48 20160514
Sophos Mal/Vawtrak-H 20160514
Symantec W32.Waledac.D!gen5 20160514
Tencent Win32.Init.QQRob.drib 20160514
VBA32 BScope.Malware-Cryptor.Hlux 20160513
VIPRE Trojan.Win32.Waledac.ee (v) 20160514
Zillya Trojan.Tepfer.Win32.59527 20160514
AegisLab 20160514
Alibaba 20160513
Baidu 20160513
Bkav 20160514
CMC 20160510
ClamAV 20160514
Jiangmin 20160514
SUPERAntiSpyware 20160514
TheHacker 20160513
TotalDefense 20160512
TrendMicro 20160514
TrendMicro-HouseCall 20160514
ViRobot 20160514
Yandex 20160513
Zoner 20160514
nProtect 20160513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name BROWSEUI.DLL
Internal name BROWSEUI.DLL
File version 6.00.3790.0 (srv03_rtm.030324-2048)
Description Shell Browser UI Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-23 05:53:38
Entry Point 0x0000444E
Number of sections 4
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoA
Sleep
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
InterlockedCompareExchange
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall2
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrDllGetClassObject
NdrOleFree
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
_amsg_exit
?terminate@@YAXXZ
_ismbblead
_acmdln
_exit
_adjust_fdiv
_chdir
__p__fmode
_cexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__p__commode
__set_app_type
Number of PE resources by type
RT_STRING 57
RT_HTML 17
RT_MENU 17
RT_DIALOG 6
RT_ACCELERATOR 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 100
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
1826816

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.0.3790.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
BROWSEUI.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.3790.0 (srv03_rtm.030324-2048)

TimeStamp
2004:06:23 06:53:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BROWSEUI.DLL

ProductVersion
6.00.3790.0

FileDescription
Shell Browser UI Library

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
524288

FileSubtype
0

ProductVersionNumber
6.0.3790.0

EntryPoint
0x444e

ObjectFileType
Dynamic link library

File identification
MD5 fbad0969a3fe539fa048df9912b8c6d4
SHA1 8e6a57913373cb4b0b490886543d261574aad039
SHA256 7857aee14778ed2af7918fd2ca4e09660347510bc7ae2d81646202adb8a9e3b1
ssdeep
12288:xKGVJBYbJQKM/zhlR+UhLcJxuEkHnylPpooJk0lKXSta3fFsgc0Tg+6JdWYO2RgA:JYbPgzV+U12wyblKbpYgYWaV

authentihash 5a728dc582a78996c7e3a1653d2ffc21694f38cd18c887cb6e98d4a8d23f5366
imphash 35ebd51384691f67857d48fbfae25070
File size 940.0 KB ( 962560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-16 12:31:08 UTC ( 2 years, 11 months ago )
Last submission 2013-07-16 19:01:30 UTC ( 2 years, 11 months ago )
File names 8E6A57913373CB4B0B490886543D261574AAD039.exe
malekal_fbad0969a3fe539fa048df9912b8c6d4
rasta01.exe
file-5732264_exe
BROWSEUI.DLL
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Opened service managers
Opened services
Runtime DLLs
UDP communications