× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c5efb398abacf6d2a98d1a5cd7c9145b558a88e3e8ba376f23943d38a7e531f
File name: payload_1.exe
Detection ratio: 11 / 67
Analysis date: 2018-11-06 14:52:49 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20181105
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jt 20181106
Microsoft Trojan:Win32/Fuerboos.A!cl 20181106
Qihoo-360 HEUR/QVM20.1.06EF.Malware.Gen 20181106
Rising Trojan.Kryptik!1.B4A3 (CLASSIC) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181106
Symantec ML.Attribute.HighConfidence 20181106
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast 20181106
Avast-Mobile 20181106
AVG 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
Bkav 20181106
ClamAV 20181106
CMC 20181106
Cybereason 20180225
Cylance 20181106
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
ESET-NOD32 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Ikarus 20181106
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kaspersky 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
eScan 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Panda 20181106
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
TrendMicro 20181106
TrendMicro-HouseCall 20181106
Trustlook 20181106
VBA32 20181106
VIPRE 20181106
ViRobot 20181106
Webroot 20181106
Yandex 20181102
Zillya 20181105
ZoneAlarm by Check Point 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WpdComp.dll
Internal name WpdComp.dll
File version 6.3.9600.16384 (winblue_rtm.130821-1623)
Description Windows Portable Device Composite Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-22 03:49:38
Entry Point 0x00093BDC
Number of sections 4
PE sections
PE imports
RegSaveKeyA
ObjectPrivilegeAuditAlarmA
RegQueryReflectionKey
ImageList_GetIconSize
SetTextJustification
UpdateColors
SetWindowOrgEx
StartPage
GetNumberOfInterfaces
SetCommConfig
GetPrivateProfileStringA
GetSystemDirectoryW
LoadResource
WriteConsoleOutputCharacterA
GetModuleHandleW
NetGroupAddUser
VarBoolFromDate
RasGetAutodialAddressW
RasGetEntryPropertiesA
RpcRevertToSelfEx
RpcMgmtEpEltInqBegin
SetupDiGetDeviceInstallParamsW
SHGetUnreadMailCountW
SHQueryValueExW
SHGetThreadRef
BeginPaint
GetUserObjectSecurity
RetrieveUrlCacheEntryFileA
towlower
HWND_UserSize
OleFlushClipboard
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.9600.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Portable Device Composite Driver

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x93bdc

OriginalFileName
WpdComp.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9600.16384 (winblue_rtm.130821-1623)

TimeStamp
2013:08:21 20:49:38-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
WpdComp.dll

ProductVersion
6.3.9600.16384

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
610304

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.16384

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7dba0611a7732218a262f4dd8ff54ede
SHA1 45ece40da1d360c796724468f0bbc3a9b065b458
SHA256 8c5efb398abacf6d2a98d1a5cd7c9145b558a88e3e8ba376f23943d38a7e531f
ssdeep
6144:R0BPGiHV7mLfhLXxKZYBMViEDb1QVbbL/AO:iBPGemZY5VRQVbHp

authentihash 3c0c4f89f8b5ba00ef14ff4187935b0f0fdace0fd48568c2c41bce145638f496
imphash 5d7c9acc838ae00a89f3d8fe1c70bc94
File size 668.0 KB ( 684032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 14:50:22 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-06 16:21:08 UTC ( 3 months, 2 weeks ago )
File names fileshorz.exe
45ece40da1d360c796724468f0bbc3a9b065b458.exe
MYxIRG1tVstY.exe
payload_1.exe
WpdComp.dll
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!