× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8646acb4bc76aa2221b3fd885305937710f90866f61139d08bee44d3b22902b8
File name: 986c38ccc8cfcc35da4b9fb86d7c18d2
Detection ratio: 35 / 68
Analysis date: 2017-10-28 07:16:08 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6145774 20171028
AegisLab Troj.Horse.Gen!c 20171028
AhnLab-V3 Trojan/Win32.ZBot.C2218071 20171027
Arcabit Trojan.Generic.D5DC6EE 20171028
Avast Win32:Malware-gen 20171028
AVG Win32:Malware-gen 20171028
Avira (no cloud) TR/Crypt.Xpack.fargz 20171027
AVware Trojan.Win32.Generic!BT 20171028
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20171027
BitDefender Trojan.GenericKD.6145774 20171028
eGambit Unsafe.AI_Score_93% 20171028
Emsisoft Trojan.GenericKD.6145774 (B) 20171028
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Spy.Zbot.ACZ 20171027
F-Secure Trojan.GenericKD.6145774 20171028
Fortinet Malicious_Behavior.SB 20171028
GData Trojan.GenericKD.6145774 20171028
Ikarus Trojan.Inject 20171027
K7AntiVirus Trojan ( 0051a61b1 ) 20171027
K7GW Trojan ( 0051a61b1 ) 20171028
Kaspersky Trojan-Dropper.Win32.Agent.sbos 20171028
Malwarebytes Spyware.PasswordStealer 20171028
eScan Trojan.GenericKD.6145774 20171028
nProtect Trojan-Dropper/W32.Agent.172544.AI 20171028
Palo Alto Networks (Known Signatures) generic.ml 20171028
Panda Trj/CI.A 20171027
Qihoo-360 Trojan.Generic 20171028
Sophos AV Mal/Generic-S 20171028
Symantec Trojan Horse 20171027
TrendMicro TROJ_GEN.R002C0OJR17 20171028
TrendMicro-HouseCall TROJ_GEN.R002C0OJR17 20171028
VIPRE Trojan.Win32.Generic!BT 20171028
ViRobot Trojan.Win32.S.Agent.172544.GA 20171028
Webroot W32.Trojan.Gen 20171028
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.sbos 20171028
Alibaba 20170911
ALYac 20171028
Antiy-AVL 20171028
Avast-Mobile 20171028
Bkav 20171028
CAT-QuickHeal 20171027
ClamAV 20171028
CMC 20171027
Comodo 20171028
CrowdStrike Falcon (ML) 20171016
Cybereason 20170628
Cylance 20171028
Cyren 20171028
DrWeb 20171028
F-Prot 20171028
Sophos ML 20170914
Jiangmin 20171028
Kingsoft 20171028
MAX 20171028
McAfee 20171028
McAfee-GW-Edition 20171028
Microsoft 20171028
NANO-Antivirus 20171028
Rising 20171028
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171028
Symantec Mobile Insight 20171027
Tencent 20171028
TheHacker 20171024
TotalDefense 20171028
Trustlook 20171028
VBA32 20171027
WhiteArmor 20171024
Yandex 20171027
Zillya 20171027
Zoner 20171028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 1996-2011 All Rights Reserved.

Product Microsoft® Windows® Operating System
Original name USBView
Internal name USBView
File version 10.0.10586.15 (th2_release.151119-1817)
Description Microsoft® Windows(TM) USB device viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-20 16:10:18
Entry Point 0x0000E7F5
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DirectDrawCreate
DirectDrawEnumerateA
SetDIBits
AddFontResourceA
GetSystemPaletteEntries
TextOutA
GdiFlush
GetTextMetricsA
AnimatePalette
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
SetBkMode
ChoosePixelFormat
BitBlt
CreateDIBSection
RealizePalette
SetTextColor
GetObjectA
MoveToEx
CreatePalette
GetStockObject
SelectPalette
SetPixelFormat
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StretchBlt
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
RemoveFontResourceA
SetDIBColorTable
CreateScalableFontResourceA
CreateSolidBrush
SetSystemPaletteUse
CreateRectRgnIndirect
DeleteObject
CreatePenIndirect
GetStdHandle
GetDriveTypeA
HeapDestroy
DebugBreak
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
ResetEvent
CreateFileMappingA
WaitForMultipleObjects
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
LCMapStringA
GetEnvironmentStringsW
WinExec
GetEnvironmentStrings
GetCurrentDirectoryA
HeapSize
GetCommandLineA
CancelIo
RaiseException
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
WideCharToMultiByte
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetOEMCP
GetCursorPos
MapVirtualKeyA
RegisterClassA
IntersectRect
BeginPaint
CreateIconIndirect
KillTimer
DefWindowProcA
ShowWindow
MessageBeep
SetWindowPos
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
PostMessageA
ReleaseCapture
MessageBoxA
PeekMessageA
DestroyCursor
TranslateMessage
GetDC
GetKeyState
GetAsyncKeyState
ReleaseDC
EqualRect
UnregisterClassA
IsZoomed
SendMessageA
DestroyWindow
GetClientRect
CreateWindowExA
SetCursorPos
UnionRect
ScreenToClient
SetRect
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
LoadIconA
DlgDirListA
ClientToScreen
FillRect
ShowCursor
ValidateRect
IsRectEmpty
SetCursor
PostThreadMessageA
PtInRect
timeKillEvent
mmioSeek
timeGetTime
mmioDescend
mmioAscend
timeSetEvent
mmioOpenA
mmioClose
mmioRead
mmioSetBuffer
GetOpenFileNameA
GetSaveFileNameA
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 7
RT_DIALOG 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 30
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.10586.15

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Windows(TM) USB device viewer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
37376

EntryPoint
0xe7f5

OriginalFileName
USBView

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation 1996-2011 All Rights Reserved.

FileVersion
10.0.10586.15 (th2_release.151119-1817)

TimeStamp
2017:06:20 17:10:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
USBView

ProductVersion
10.0.10586.15

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
134144

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.10586.15

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 986c38ccc8cfcc35da4b9fb86d7c18d2
SHA1 b86b39b8abab53f924e4ec6b97432c6fe2652939
SHA256 8646acb4bc76aa2221b3fd885305937710f90866f61139d08bee44d3b22902b8
ssdeep
3072:b6gNxFO1ps5tQrNX04G6+2cGWrqPw2yVR5epwGalYOTzp2QrNlrPfM9oV:b6gNx4uWTPkX5epwBOfUfW

authentihash 7d1942b3bcff0d148c56abe3ce7ea1dcf777690ae00ba18988ca9f014e4e5079
imphash f62d32349fd3ec6d969bed232121a03c
File size 168.5 KB ( 172544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-26 15:43:09 UTC ( 1 year, 4 months ago )
Last submission 2018-07-21 11:02:06 UTC ( 8 months ago )
File names xulstore.exe
BN8CC2.tmp
sdc-to-dazzle.exe
USBView
986c38ccc8cfcc35da4b9fb86d7c18d2.vir
1002-b86b39b8abab53f924e4ec6b97432c6fe2652939
.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications