× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85fc0008abdb92484f57016473f119f916362f308facd5ad5c0b7efd50036a84
File name: dfsdfff.exe.dr
Detection ratio: 2 / 56
Analysis date: 2015-04-07 09:40:15 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20150407
Tencent Trojan.Win32.Qudamah.Gen.7 20150407
Ad-Aware 20150407
AegisLab 20150407
Yandex 20150406
AhnLab-V3 20150407
Alibaba 20150407
ALYac 20150407
Antiy-AVL 20150407
Avast 20150407
AVG 20150407
AVware 20150407
Baidu-International 20150407
BitDefender 20150407
Bkav 20150406
ByteHero 20150407
CAT-QuickHeal 20150407
ClamAV 20150407
CMC 20150403
Comodo 20150407
Cyren 20150407
DrWeb 20150407
Emsisoft 20150407
ESET-NOD32 20150407
F-Prot 20150407
F-Secure 20150407
Fortinet 20150407
GData 20150407
Ikarus 20150407
Jiangmin 20150406
K7AntiVirus 20150407
K7GW 20150407
Kingsoft 20150407
Malwarebytes 20150407
McAfee 20150407
McAfee-GW-Edition 20150406
Microsoft 20150407
eScan 20150407
NANO-Antivirus 20150407
Norman 20150407
nProtect 20150407
Panda 20150407
Qihoo-360 20150407
Rising 20150406
Sophos AV 20150407
SUPERAntiSpyware 20150407
Symantec 20150407
TheHacker 20150406
TotalDefense 20150407
TrendMicro 20150407
TrendMicro-HouseCall 20150407
VBA32 20150407
VIPRE 20150407
ViRobot 20150407
Zillya 20150405
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.3631.5512 (xpsp.080413-2105)
Description Свойства: Предыдущие версии
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x0000A610
Number of sections 7
PE sections
PE imports
GetTextExtentPointW
GetLastError
GetWriteWatch
EnterCriticalSection
FindFirstChangeNotificationA
TerminateThread
GlobalGetAtomNameA
SetFileTime
GetDevicePowerState
LocalAlloc
GetConsoleTitleW
LoadLibraryExW
GetSystemRegistryQuota
BackupRead
GetComputerNameExA
lstrcpyW
QueryPerformanceFrequency
SetCalendarInfoW
lstrcpyA
GetProcessPriorityBoost
SetFirmwareEnvironmentVariableA
ExitThread
SetComputerNameA
TransmitCommChar
AddVectoredExceptionHandler
CreateEventA
Sleep
EnumLanguageGroupLocalesA
FindFirstVolumeW
DuplicateIcon
InSendMessageEx
ShowOwnedPopups
GetLastActivePopup
LoadMenuA
isdigit
malloc
abs
wcstod
iswupper
CreateAsyncBindCtx
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
4608

InitializedDataSize
11264

ImageVersion
1.0

ProductName
Microsoft Windows

FileVersionNumber
6.0.3631.5512

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
:

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
twext.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.3631.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.2631.5512

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
66048

FileSubtype
0

ProductVersionNumber
6.0.2631.5512

EntryPoint
0xa610

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 4d791286c8cda594dd00d8dbadde7b06
SHA1 57e7970f49065e3bf6c66411ff2afe20c9007914
SHA256 85fc0008abdb92484f57016473f119f916362f308facd5ad5c0b7efd50036a84
ssdeep
1536:MW+JEosBvmIqW1PatbyUZwc3PBpA6CexYDm7k1PXBBsll:MW+JP61aVySbpppFxx7e/8l

authentihash 3c1675f50fb158b34b92a9da9cac9e8d37cf30dc17aa7e7963deed65ac776111
imphash 4b5e685e720872ffa9fd4346c8f7d100
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-07 08:59:37 UTC ( 4 years, 1 month ago )
Last submission 2017-10-03 15:06:44 UTC ( 1 year, 7 months ago )
File names dfsdfff.exe
edgD5D9.exe
twext
malware-636.exe
dfsdfff.exe.dr
image04.gif
EPNgfPDh.sys
4d791286c8cda594dd00d8dbadde7b06.bin
VirusShare_4d791286c8cda594dd00d8dbadde7b06
85fc0008abdb92484f57016473f119f916362f308facd5ad5c0b7efd50036a84.exe
kansp1.jpg
twext.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications