× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95aa8eb81edc93887cb5b59794ebfb27df7c2e82890b5b18add5ae223ffd1383
File name: 4567gh98.exe
Detection ratio: 3 / 53
Analysis date: 2015-12-16 13:13:18 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Kudj.cm 20151216
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151216
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20151216
Ad-Aware 20151216
AegisLab 20151216
Yandex 20151214
AhnLab-V3 20151216
Alibaba 20151208
ALYac 20151216
Antiy-AVL 20151216
Arcabit 20151216
Avast 20151216
AVG 20151216
AVware 20151216
Baidu-International 20151216
BitDefender 20151216
Bkav 20151215
ByteHero 20151216
CAT-QuickHeal 20151216
ClamAV 20151216
CMC 20151216
Comodo 20151216
Cyren 20151216
DrWeb 20151221
Emsisoft 20151216
ESET-NOD32 20151216
F-Prot 20151216
F-Secure 20151216
Fortinet 20151216
GData 20151216
Ikarus 20151216
Jiangmin 20151216
K7AntiVirus 20151216
K7GW 20151216
Kaspersky 20151216
Malwarebytes 20151216
McAfee 20151216
Microsoft 20151216
eScan 20151216
NANO-Antivirus 20151216
nProtect 20151216
Panda 20151215
Sophos AV 20151216
SUPERAntiSpyware 20151216
Symantec 20151215
TheHacker 20151215
TrendMicro 20151216
TrendMicro-HouseCall 20151216
VBA32 20151216
VIPRE 20151216
ViRobot 20151216
Zillya 20151216
Zoner 20151216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name WIASERVC.DLL
Internal name WIASERVC
File version 5.1.2600.5512 (xpsp.080413-0852)
Description ?????? ????????? ????????? ??????????? ???????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-16 13:47:35
Entry Point 0x0000105A
Number of sections 6
PE sections
PE imports
ClusterResourceTypeCloseEnum
GetTextExtentPointW
CreateToolhelp32Snapshot
GetLastError
ReplaceFileA
FreeConsole
lstrcmpiA
GetProfileStringW
FreeLibrary
GetPrivateProfileSectionNamesW
GetCommMask
LoadLibraryA
VerifyVersionInfoW
RaiseException
CreateRemoteThread
GetCurrentConsoleFont
LocalAlloc
GetConsoleCursorInfo
SetTapePosition
GetCurrentActCtx
GetProcAddress
AddAtomW
CancelIo
GetCommModemStatus
IsBadStringPtrA
InterlockedExchange
IsProcessorFeaturePresent
GetFullPathNameA
SetThreadContext
LocalFree
DebugActiveProcess
ReadConsoleW
GetPrivateProfileSectionA
PrepareTape
WriteConsoleW
ExtractIconExA
ShowWindow
MessageBoxA
GetThreadDesktop
wsprintfW
wprintf
fwrite
remove
printf
cos
_chkstk
iscntrl
isprint
strspn
vsprintf
Number of PE resources by type
RT_ICON 8
RT_DIALOG 5
RT_GROUP_ICON 3
RT_MESSAGETABLE 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 20
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
135168

ImageVersion
0.0

ProductName
Microsoft Windows

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
WIASERVC.DLL

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2015:12:16 14:47:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WIASERVC

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
61440

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

EntryPoint
0x105a

ObjectFileType
Dynamic link library

File identification
MD5 d73d599ef434d7edad4697543a3e8a2b
SHA1 713d216376fe708fe7d29e6878a42b461ecf2ce4
SHA256 95aa8eb81edc93887cb5b59794ebfb27df7c2e82890b5b18add5ae223ffd1383
ssdeep
3072:eHZ8VvIEO2AFK8BZB+zji589kV1MG043Bstn:eHC9XAFdL+zGue3MG04Ct

authentihash 1f0d259d5e0dc6ee7dc0483e6d87529b0643ab9fa3e7b9c734b5da73ec515839
imphash bfdf5cd0e30bcaf3d5535b544ed2c37e
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-16 13:05:11 UTC ( 1 year, 10 months ago )
Last submission 2016-12-15 20:48:56 UTC ( 10 months ago )
File names thestrong.exe
thestrong.exe
4567gh98.exe
95aa8eb81edc93887cb5b59794ebfb27df7c2e82890b5b18add5ae223ffd1383.exe
d73d599ef434d7edad4697543a3e8a2b.exe
sample ._DONTEXECUTE
IWGUlPjC3.pdf
VirusShare_d73d599ef434d7edad4697543a3e8a2b
4567gh98.exe.malware
WIASERVC
gotpage.BIN
WIASERVC.DLL
8eb81edc93887cb5b59794ebfb27df7c2e82890b5b18add5ae223ffd1383.bin
259667755010-9-4_1.4567gh98.exe
4567gh98_exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections