× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d961256b1c67454baddb958d9e624951da628b00b1f3b5410dc18fd3793b5dd
File name: sair.jpg
Detection ratio: 30 / 71
Analysis date: 2019-01-07 10:14:58 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ulise.22008 20190107
ALYac Gen:Variant.Ulise.22008 20190107
Antiy-AVL Trojan/Win32.Propagate 20190107
Arcabit Trojan.Ulise.D55F8 20190107
Avast Win32:Trojan-gen 20190107
AVG Win32:Trojan-gen 20190107
BitDefender Gen:Variant.Ulise.22008 20190107
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cybereason malicious.15dfc3 20180225
Cylance Unsafe 20190107
Emsisoft Gen:Variant.Ulise.22008 (B) 20190107
Endgame malicious (high confidence) 20181108
F-Secure Gen:Variant.Ulise.22008 20190107
Fortinet W32/Kryptik.GOGT!tr 20190107
GData Gen:Variant.Ulise.22008 20190107
Sophos ML heuristic 20181128
Jiangmin Trojan.Propagate.qa 20190107
K7AntiVirus Riskware ( 0040eff71 ) 20190107
K7GW Riskware ( 0040eff71 ) 20190107
MAX malware (ai score=81) 20190107
McAfee GenericRXGT-EC!3F12E0175D2B 20190107
eScan Gen:Variant.Ulise.22008 20190107
NANO-Antivirus Trojan.Win32.Propagate.flrdma 20190107
Panda Trj/GdSda.A 20190106
Qihoo-360 HEUR/QVM07.1.628E.Malware.Gen 20190107
Rising Trojan.Agent!8.B1E/N3#83% (RDM+:cmRtazq3Rumx/GmsThJxxsAjlb4T) 20190107
Symantec Packed.Generic.537 20190106
Trapmine malicious.high.ml.score 20190103
VBA32 BScope.Trojan.CoinMiner 20190104
VIPRE LooksLike.Win32.Crowti.b (v) 20190106
Acronis 20181227
AegisLab 20190107
AhnLab-V3 20190106
Alibaba 20180921
Avast-Mobile 20190106
Avira (no cloud) 20190107
Babable 20180918
Baidu 20190107
Bkav 20190104
CAT-QuickHeal 20190106
ClamAV 20190107
CMC 20190106
Comodo 20190107
Cyren 20190107
DrWeb 20190107
eGambit 20190107
ESET-NOD32 20190107
F-Prot 20190107
Ikarus 20190106
Kaspersky 20190107
Kingsoft 20190107
Malwarebytes 20190107
McAfee-GW-Edition 20190107
Microsoft 20190107
Palo Alto Networks (Known Signatures) 20190107
SentinelOne (Static ML) 20181223
Sophos AV 20190107
SUPERAntiSpyware 20190102
TACHYON 20190107
Tencent 20190107
TheHacker 20190106
TotalDefense 20190106
TrendMicro 20190107
TrendMicro-HouseCall 20190107
Trustlook 20190107
ViRobot 20190107
Webroot 20190107
Yandex 20181229
Zillya 20190105
ZoneAlarm by Check Point 20190107
Zoner 20190107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows (R) Win 7 DDK driver
Original name SETUPAPI.DLL
Internal name SETUPAPI.DLL
File version 6.2.9200.16384
Description Windows Setup API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:21:51
Entry Point 0x000091C2
Number of sections 5
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
Beep
Sleep
VirtualProtect
GetVersion
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(2301)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(4224)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2370)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5261)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
_mbsnbcpy
__CxxFrameHandler
memset
__dllonexit
strlen
_except_handler3
_onexit
exit
_XcptFilter
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
atoi
_mbsstr
__getmainargs
_exit
_setmbcp
strcpy
_mbsnbicmp
_initterm
_controlfp
__set_app_type
SetFocus
MapVirtualKeyA
EnumWindows
SendInput
keybd_event
FindWindowA
ShowWindow
GetClassNameA
GetSystemMetrics
AppendMenuA
DispatchMessageA
EnableWindow
VkKeyScanA
DrawIcon
PeekMessageA
TranslateMessage
SetKeyboardState
GetKeyState
SendMessageA
GetWindowTextA
GetClientRect
IsIconic
LoadIconA
GetKeyboardState
GetSystemMenu
SetForegroundWindow
Number of PE resources by type
RT_ICON 10
RT_VERSION 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
385024

ImageVersion
0.0

ProductName
Windows (R) Win 7 DDK driver

FileVersionNumber
6.2.9200.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
SETUPAPI.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.2.9200.16384

TimeStamp
2016:12:06 12:21:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SETUPAPI.DLL

ProductVersion
6.2.9200.16384

FileDescription
Windows Setup API

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Windows (R) Win 7 DDK provider

CodeSize
36864

FileSubtype
0

ProductVersionNumber
6.2.9200.16384

EntryPoint
0x91c2

ObjectFileType
Dynamic link library

File identification
MD5 3f12e0175d2bad01e9e86f828b33c832
SHA1 aee2c1115dfc3bdd70e3e28e1d7f8c1a19707f6b
SHA256 8d961256b1c67454baddb958d9e624951da628b00b1f3b5410dc18fd3793b5dd
ssdeep
6144:S3ezPy4Xr84P6zPPzPTSeGUop88mcOYR+i2c9uI8WGd8Vk0GwA:EQlr8g8TTz/8mduR2cwWGdckZwA

authentihash 7242fb7283d66467860d150ea094586e09c2ffcc96002855b3183f8e07a9f1f0
imphash a8eeaf73fc8d30ae5db875c2280c30de
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-07 10:14:58 UTC ( 4 months, 1 week ago )
Last submission 2019-01-08 23:07:08 UTC ( 4 months, 1 week ago )
File names lisb.jpg
sair.jpg
SETUPAPI.DLL
output.114800224.txt
liwx.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs