× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94cf110c69bab9d6645fb1dbd8f97bcb3e3a66334097223a37bf2198bd045c3f
Detection ratio: 13 / 61
Analysis date: 2017-09-26 08:50:24 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170926
Avast FileRepMalware 20170926
AVG FileRepMalware 20170926
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170926
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170926
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20170926
Qihoo-360 HEUR/QVM20.1.19C0.Malware.Gen 20170926
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170926
Webroot W32.Trojan.Gen 20170926
Ad-Aware 20170926
AhnLab-V3 20170926
Alibaba 20170911
ALYac 20170926
Antiy-AVL 20170926
Arcabit 20170926
Avast-Mobile 20170926
Avira (no cloud) 20170926
AVware 20170926
BitDefender 20170926
CAT-QuickHeal 20170926
ClamAV 20170926
CMC 20170920
Comodo 20170926
Cyren 20170926
DrWeb 20170926
Emsisoft 20170926
ESET-NOD32 20170926
F-Prot 20170926
F-Secure 20170926
Fortinet 20170926
GData 20170926
Ikarus 20170925
Jiangmin 20170926
K7AntiVirus 20170926
K7GW 20170926
Kaspersky 20170926
Kingsoft 20170926
Malwarebytes 20170926
MAX 20170926
McAfee 20170926
McAfee-GW-Edition 20170926
Microsoft 20170925
eScan 20170926
NANO-Antivirus 20170926
nProtect 20170926
Panda 20170925
Sophos AV 20170926
Symantec Mobile Insight 20170926
Tencent 20170926
TheHacker 20170925
TrendMicro 20170926
Trustlook 20170926
VBA32 20170925
VIPRE 20170926
ViRobot 20170926
WhiteArmor 20170829
Yandex 20170908
Zillya 20170922
ZoneAlarm by Check Point 20170926
Zoner 20170926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name D3D10_1.dll
Internal name D3D10_1.dll
File version 6.2.9200.16492 (win8_gdr_oobssr.130113-0015)
Description Direct3D 10.1 Runtime
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-25 13:34:02
Entry Point 0x00002290
Number of sections 7
PE sections
PE imports
LogonUserExW
GetDeviceCaps
ExcludeClipRect
AddFontResourceA
GetWindowExtEx
GetMetaFileA
GetTextMetricsA
GetCharWidthA
GetFontLanguageInfo
DeleteObject
GetRasterizerCaps
GetUserDefaultUILanguage
AreFileApisANSI
GetLastError
FreeLibrary
DeleteTimerQueueEx
LoadLibraryA
GetVolumePathNamesForVolumeNameW
Module32FirstW
LocalAlloc
GetConsoleTitleW
ExitProcess
GetProcAddress
RaiseException
LockFileEx
InterlockedExchange
GetComputerNameExW
LocalFree
FormatMessageW
GetProcessAffinityMask
IsValidCodePage
FindFirstVolumeMountPointW
EnumSystemGeoID
GetStringTypeExA
GetFileSize
GetUserNameExW
DeleteMonitorA
GetPrintProcessorDirectoryW
system
_time64
MkParseDisplayNameEx
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.9200.16492

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Direct3D 10.1 Runtime

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
147456

EntryPoint
0x2290

OriginalFileName
D3D10_1.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.2.9200.16492 (win8_gdr_oobssr.130113-0015)

TimeStamp
2017:09:25 14:34:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D3D10_1.dll

ProductVersion
6.2.9200.16492

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Melcosoft Copronation

CodeSize
10240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.2.9200.16492

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4a22372d6666b15341d5c928ddeccceb
SHA1 1751bd2194f5837317f8657fdd853ee8ed3ae50d
SHA256 94cf110c69bab9d6645fb1dbd8f97bcb3e3a66334097223a37bf2198bd045c3f
ssdeep
3072:m2IBHi1aGVDySqh97LLdmqmT+S/0keMC9ICuE7xPa9r4mru+ARJ2:m2iitVHqh97Lx5mT+S9eL4uVEr16+AR

authentihash 8c4227d6bd72982e1196c717717e925739c333960cf086f068223395a9471805
imphash 3e797aa7f02698472cbf8cf2ef01c44e
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-26 08:42:14 UTC ( 1 year, 5 months ago )
Last submission 2018-05-23 16:39:07 UTC ( 9 months ago )
File names x8WGkRYMJ.exe
4a22372d6666b15341d5c928ddeccceb.exe
LWKYp9eM_.exe
D3D10_1.dll
LWKYp9eM_.exe
malwre sample 26_09_2017 (72)
4a22372d6666b15341d5c928ddeccceb.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs