× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f09de94fb9a1ca499841f5dafc5c873f98a5a838fa5527ca3bc9a2af05b49a0
File name: a.exe-
Detection ratio: 17 / 67
Analysis date: 2018-10-05 06:00:34 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181005
AVG FileRepMalware 20181005
CMC Trojan.Win32.Obfuscated.en!O 20181005
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Emsisoft Trojan.Emotet (A) 20181005
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181005
McAfee Emotet-FJG!FDDE797DC6BE 20181005
McAfee-GW-Edition Artemis!Trojan 20181005
Microsoft Trojan:Win32/Azden.B!cl 20181005
Palo Alto Networks (Known Signatures) generic.ml 20181005
Rising Trojan.Azden!8.F0E3 (CLOUD) 20181005
SentinelOne (Static ML) static engine - malicious 20180926
VBA32 BScope.TrojanBanker.Emotet 20181004
Webroot W32.Trojan.Emotet 20181005
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181005
Ad-Aware 20181005
AegisLab 20181005
AhnLab-V3 20181004
Alibaba 20180921
ALYac 20181005
Antiy-AVL 20181005
Arcabit 20181005
Avast-Mobile 20181004
Avira (no cloud) 20181004
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181005
Bkav 20181003
CAT-QuickHeal 20181004
ClamAV 20181005
Comodo 20181005
Cybereason 20180225
Cylance 20181005
Cyren 20181005
DrWeb 20181005
eGambit 20181005
ESET-NOD32 20181005
F-Prot 20181005
F-Secure 20181005
Fortinet 20181005
GData 20181005
Ikarus 20181004
Jiangmin 20181005
K7AntiVirus 20181004
K7GW 20181003
Kingsoft 20181005
Malwarebytes 20181005
MAX 20181005
eScan 20181005
NANO-Antivirus 20181005
Panda 20181004
Qihoo-360 20181005
Sophos AV 20181005
SUPERAntiSpyware 20181005
Symantec 20181005
Symantec Mobile Insight 20181001
TACHYON 20181005
Tencent 20181005
TheHacker 20181001
TrendMicro 20181005
TrendMicro-HouseCall 20181005
Trustlook 20181005
VIPRE 20181005
ViRobot 20181005
Yandex 20181004
Zillya 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdycc.dll
Internal name kbdycc (3.11)
File version 5.1.2600.0 (xpclient.010817-1148)
Description Serbian_Cyrillic Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 21:57:07
Entry Point 0x0000E6A2
Number of sections 4
PE sections
PE imports
CM_Locate_DevNodeW
GetSaveFileNameA
CommDlgExtendedError
CertOpenSystemStoreA
CryptMsgDuplicate
CreatePatternBrush
GetClipRgn
Arc
GetSystemPaletteEntries
SelectObject
EnumObjects
RectVisible
GetGlyphOutlineW
LineTo
StrokePath
GetKerningPairsA
OffsetClipRgn
BitBlt
Polyline
GdiSetBatchLimit
MaskBlt
ImmGetContext
OpenMutexA
WaitForMultipleObjectsEx
TransmitCommChar
GetNamedPipeInfo
GetBinaryTypeW
GetModuleHandleExW
GetModuleHandleA
lstrcatA
GetConsoleTitleW
SetConsoleHistoryInfo
GetLongPathNameA
GetBinaryTypeA
lstrcpynA
GetSystemTimes
CommConfigDialogA
GetLocalTime
LZSeek
LZInit
acmStreamOpen
ICLocate
NetGroupGetUsers
NetApiBufferSize
RasFreeEapUserIdentityW
RpcServerUseProtseqIfW
SHRegGetUSValueA
PathRemoveFileSpecA
StrTrimA
PathFileExistsA
BeginDeferWindowPos
WaitMessage
FlashWindow
BeginPaint
GetUpdateRgn
EnumWindows
EnumChildWindows
GetMenuState
ToAsciiEx
RealGetWindowClassA
VerQueryValueW
InternetOpenUrlA
InternetFindNextFileA
midiInGetDevCapsA
mixerGetLineControlsW
midiInAddBuffer
PlaySoundA
GetDriverModuleHandle
DeletePrinterDriverExW
CloseColorProfile
Ord(29)
RtlCompareMemory
memset
strlen
RtlInterlockedPopEntrySList
OleConvertOLESTREAMToIStorage
CoDisconnectObject
OleSetContainedObject
PdhMakeCounterPathW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
5.0

FileSubtype
2

FileVersionNumber
5.1.2600.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Serbian_Cyrillic Keyboard Layout

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4608

EntryPoint
0xe6a2

OriginalFileName
kbdycc.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2001:08:17 22:57:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdycc (3.11)

ProductVersion
5.1.2600.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
507904

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 fdde797dc6be4308630223413dc0261b
SHA1 6f964920b75eca69dcabd3818e1128bc44e8fd1b
SHA256 9f09de94fb9a1ca499841f5dafc5c873f98a5a838fa5527ca3bc9a2af05b49a0
ssdeep
3072:CtT/Ri8QLErbBi/K85qvU2ULY7F0k1z6Vc/L22BsAx2K1A5f:s/RiEH0/K850UBaWc/ldA

authentihash ff2bbfc7d609e5a56e9206c7c511b9b38f93ce9e17d6291eb1c218dc8f0cab95
imphash ad13116dc2af20bc4150c0ae8c9b167f
File size 556.0 KB ( 569344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-05 04:39:15 UTC ( 1 month, 2 weeks ago )
Last submission 2018-10-05 06:00:34 UTC ( 1 month, 2 weeks ago )
File names UgPaYB1w6Ji.exe
kbdycc (3.11)
kbdycc.dll
EHx591cJ.exe
a.exe-
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!