× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f330017ea86107bc84bd00a5222f10875c2672d78c00504913c8f9528cad731
File name: 384BA84E.vsc
Detection ratio: 16 / 68
Analysis date: 2018-11-30 02:51:45 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Bkav HW32.Packed. 20181129
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181130
eGambit Unsafe.AI_Score_98% 20181130
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNDQ!tr 20181130
Sophos ML heuristic 20181128
McAfee Artemis!CE8B8B47998C 20181129
McAfee-GW-Edition Artemis!Trojan 20181129
Palo Alto Networks (Known Signatures) generic.ml 20181130
Qihoo-360 HEUR/QVM20.1.8B1B.Malware.Gen 20181130
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazqX+BlFgFYoiedP0A+J7sx8) 20181130
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.high.ml.score 20181128
VBA32 BScope.Trojan.Zbot.01393 20181129
Webroot W32.Trojan.Gen 20181130
Ad-Aware 20181130
AegisLab 20181130
AhnLab-V3 20181129
Alibaba 20180921
ALYac 20181130
Antiy-AVL 20181130
Arcabit 20181129
Avast 20181130
Avast-Mobile 20181129
AVG 20181130
Avira (no cloud) 20181129
Babable 20180918
Baidu 20181129
BitDefender 20181130
CAT-QuickHeal 20181129
ClamAV 20181129
CMC 20181129
Comodo 20181130
Cybereason 20180225
Cyren 20181130
DrWeb 20181130
Emsisoft 20181130
ESET-NOD32 20181130
F-Prot 20181130
F-Secure 20181130
GData 20181130
Ikarus 20181129
Jiangmin 20181130
K7AntiVirus 20181129
K7GW 20181129
Kaspersky 20181130
Kingsoft 20181130
Malwarebytes 20181130
MAX 20181130
Microsoft 20181130
eScan 20181130
NANO-Antivirus 20181129
Panda 20181129
Sophos AV 20181130
SUPERAntiSpyware 20181128
Symantec 20181129
Symantec Mobile Insight 20181121
TACHYON 20181130
Tencent 20181130
TheHacker 20181129
TrendMicro-HouseCall 20181130
Trustlook 20181130
VIPRE 20181129
ViRobot 20181129
Yandex 20181129
Zillya 20181129
ZoneAlarm by Check Point 20181130
Zoner 20181130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WUDFHost.exe
Internal name WUDFHost.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Driver Foundation - User-mode Driver Framework Host Process
Signature verification The digital signature of the object did not verify.
Signing date 2:58 AM 5/21/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-30 02:00:18
Entry Point 0x00001480
Number of sections 4
PE sections
Overlays
MD5 89302cc4c3e957cd8f758604ca0a2e79
File type data
Offset 1392640
Size 3336
Entropy 7.34
PE imports
RegOpenKeyExW
SwapBuffers
CloseEnhMetaFile
AddFontResourceW
EndPage
DeleteDC
SetMetaRgn
CreateHalftonePalette
DeleteColorSpace
GetBkMode
UnrealizeObject
GetTextColor
StrokePath
GetDCPenColor
GetGraphicsMode
PathToRegion
CreateMetaFileW
DeleteEnhMetaFile
GetFontLanguageInfo
CreateCompatibleDC
RealizePalette
EndPath
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetOpenClipboardWindow
GetParent
GetInputState
DestroyMenu
GetListBoxInfo
GetClipboardViewer
IsWindow
CharUpperW
LoadCursorFromFileA
GetCursor
GetWindowDC
GetMenuCheckMarkDimensions
IsWindowEnabled
VkKeyScanW
CharUpperA
GetClipboardSequenceNumber
GetDC
GetKeyState
GetDoubleClickTime
DestroyIcon
GetLastActivePopup
CharLowerA
GetMessageTime
CloseWindow
DrawMenuBar
IsCharAlphaNumericW
CloseWindowStation
IsClipboardFormatAvailable
CreateMenu
IsCharUpperA
CountClipboardFormats
GetActiveWindow
CharNextA
IsCharUpperW
CloseDesktop
GetDialogBaseUnits
IsMenu
WindowFromDC
GetKeyboardType
DestroyWindow
Number of PE resources by type
RT_RCDATA 2
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Driver Foundation - User-mode Driver Framework Host Process

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1381888

EntryPoint
0x1480

OriginalFileName
WUDFHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:11:30 03:00:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WUDFHost.exe

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
10240

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ce8b8b47998c62d70af7952d1f509e34
SHA1 c2705e322775ad6f73fc0f60c0a95f86ab5eac4c
SHA256 9f330017ea86107bc84bd00a5222f10875c2672d78c00504913c8f9528cad731
ssdeep
24576:qMJm6zq5rr3fhK8LOT3elmV3skfSt9QXGASh3huhU:rzq5rr3JxLnS3sRrAC3wm

authentihash 1b02a061a49a589d03ee97c8a43b4d3dd8f5cd8b666ebb3030c22ddc8fbdffcc
imphash f8f9b9e4120d21d2387c1fa9b86b6747
File size 1.3 MB ( 1395976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-30 02:51:45 UTC ( 5 months, 3 weeks ago )
Last submission 2019-02-22 19:35:02 UTC ( 2 months, 4 weeks ago )
File names output.114603877.txt
ce8b8b47998c62d70af7952d1f509e34.virus
81d2ad440a5953b8dba2d1271d1c6206
output.114577992.txt
output.114613065.txt
output.114597722.txt
ce8b8b47998c62d70af7952d1f509e34
ce8b8b47998c62d70af7952d1f509e34
csrss(52).gxe
384BA84E.vsc
output.114603910.txt
sserv.jpg
csrss.exe
csrss.exe
output.114601439.txt
WUDFHost.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections