× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0ba8ae36f33597858d12db1ed576d1b9278d41b58d29d984b4b753d6570e5e9
File name: 6t45eyv.exe
Detection ratio: 0 / 54
Analysis date: 2015-11-11 11:07:31 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab 20151111
Yandex 20151111
AhnLab-V3 20151111
Alibaba 20151111
ALYac 20151116
Antiy-AVL 20151111
Arcabit 20151111
Avast 20151111
AVG 20151116
Avira (no cloud) 20151111
AVware 20151111
Baidu-International 20151116
BitDefender 20151111
Bkav 20151110
ByteHero 20151111
CAT-QuickHeal 20151110
ClamAV 20151111
CMC 20151109
Comodo 20151111
Cyren 20151111
DrWeb 20151111
Emsisoft 20151111
ESET-NOD32 20151111
F-Prot 20151116
F-Secure 20151111
Fortinet 20151111
GData 20151111
Ikarus 20151111
Jiangmin 20151111
K7AntiVirus 20151111
K7GW 20151111
Kaspersky 20151111
Malwarebytes 20151111
McAfee 20151111
McAfee-GW-Edition 20151111
Microsoft 20151111
eScan 20151111
NANO-Antivirus 20151111
nProtect 20151111
Panda 20151110
Qihoo-360 20151111
Rising 20151110
Sophos AV 20151111
SUPERAntiSpyware 20151111
Symantec 20151110
Tencent 20151111
TheHacker 20151110
TrendMicro 20151116
TrendMicro-HouseCall 20151116
VBA32 20151111
VIPRE 20151111
ViRobot 20151111
Zillya 20151115
Zoner 20151111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name cryptxml.dll
Internal name cryptxml.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description XML DigSig API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-11 10:29:00
Entry Point 0x0000103C
Number of sections 6
PE sections
PE imports
FlushConsoleInputBuffer
_lwrite
CreateNamedPipeW
RemoveDirectoryW
GetDriveTypeA
SignalObjectAndWait
DisconnectNamedPipe
GetStartupInfoA
SetSystemTime
SetConsoleCtrlHandler
SetFileTime
SetFilePointerEx
WaitForMultipleObjects
GetProfileSectionA
SetSystemTimeAdjustment
GetComputerNameExA
TlsSetValue
SetTimerQueueTimer
WriteFileEx
lstrcpyA
GetConsoleDisplayMode
EnumResourceNamesA
FreeConsole
EscapeCommFunction
FormatMessageW
OpenJobObjectW
GetNumberFormatW
GetConsoleScreenBufferInfo
FindClose
ReadFileEx
IsBadCodePtr
SetWaitableTimer
GetDefaultCommConfigA
BeginUpdateResourceA
PathUnExpandEnvStringsA
URLOpenStreamW
RegisterBindStatusCallback
CoGetClassObjectFromURL
HlinkSimpleNavigateToMoniker
IsLoggingEnabledA
FaultInIEFeature
HlinkNavigateMoniker
RevokeFormatEnumerator
CreateURLMoniker
CreateAsyncBindCtxEx
CopyBindInfo
CoInternetQueryInfo
CoInternetGetSession
FindMediaType
CopyStgMedium
ObtainUserAgentString
URLOpenPullStreamW
RegisterFormatEnumerator
ReleaseBindInfo
URLOpenBlockingStreamA
CoInternetCreateSecurityManager
CoInternetCompareUrl
URLOpenPullStreamA
WriteHitLogging
FindMimeFromData
URLDownloadToFileW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
XML DigSig API

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
88064

EntryPoint
0x103c

OriginalFileName
cryptxml.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2015:11:11 11:29:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cryptxml.dll

ProductVersion
6.1.7600.16385

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
13312

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 37ceca4ac82d0ade9bac811217590ecd
SHA1 ae67b6585ea41d4ecc08e4e2160e61cfa5cd09d9
SHA256 a0ba8ae36f33597858d12db1ed576d1b9278d41b58d29d984b4b753d6570e5e9
ssdeep
1536:Cu67UByfnb22UYf1vzA1ycxqGGKbbT9e19CB8JWwLFSQvZy:CLUByfn62tzAgcxpbTMbJVRZy

authentihash 37a81685c35441d65ee3800e5fcde09ed5cfff1ad84682e4bd65f71fc5651ffa
imphash fc94c1c71f1ad6b2ab59a55da794c0be
File size 98.5 KB ( 100864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-11 10:02:16 UTC ( 3 years, 1 month ago )
Last submission 2018-10-16 04:59:43 UTC ( 1 month, 4 weeks ago )
File names 6t45eyv_exe
A0BA8AE36F33597858D12DB1ED576D1B9278D41B58D29D984B4B753D6570E5E9.exe
6t45eyv[1].exe
a0ba8ae36f33597858d12db1ed576d1b9278d41b58d29d984b4b753d6570e5e9.exe
damedig.exe
damedig.exe
6T45EYV.exE
ais_samples (604).exe
6t45eyv.exe
cryptxml.dll
damedig.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections