× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a4143eb2467645156fae5098f38417a1cf7abe57141f93ff7d0a837e993c9609
File name: a4143eb2467645156fae5098f38417a1cf7abe57141f93ff7d0a837e993c9609
Detection ratio: 14 / 70
Analysis date: 2018-12-13 19:12:46 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20181213
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.951e70 20180225
Cylance Unsafe 20181213
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20181213
Microsoft Trojan:Win32/Fuerboos.C!cl 20181213
Qihoo-360 HEUR/QVM20.1.D819.Malware.Gen 20181213
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazrt2xDDrvScEp1Ym3dad/Ih) 20181213
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181213
Trapmine malicious.moderate.ml.score 20181205
Webroot W32.Trojan.Gen 20181213
Ad-Aware 20181213
AegisLab 20181213
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181213
Antiy-AVL 20181213
Arcabit 20181213
Avast 20181213
Avast-Mobile 20181213
AVG 20181213
Avira (no cloud) 20181213
Babable 20180918
Baidu 20181207
BitDefender 20181213
Bkav 20181213
ClamAV 20181213
CMC 20181213
Comodo 20181213
Cyren 20181213
DrWeb 20181213
eGambit 20181213
Emsisoft 20181213
ESET-NOD32 20181213
F-Prot 20181213
F-Secure 20181213
Fortinet 20181213
GData 20181213
Ikarus 20181213
Jiangmin 20181213
K7AntiVirus 20181213
K7GW 20181213
Kaspersky 20181213
Kingsoft 20181213
Malwarebytes 20181213
MAX 20181213
McAfee 20181213
eScan 20181213
NANO-Antivirus 20181213
Palo Alto Networks (Known Signatures) 20181213
Panda 20181213
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181213
TheHacker 20181213
TotalDefense 20181213
TrendMicro 20181213
TrendMicro-HouseCall 20181213
Trustlook 20181213
VBA32 20181213
VIPRE 20181213
ViRobot 20181213
Yandex 20181213
Zillya 20181213
ZoneAlarm by Check Point 20181213
Zoner 20181213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corpor

Product Micro
Internal name DDODiag
File version 6.1.7600.16
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-14 03:02:28
Entry Point 0x000071E3
Number of sections 5
PE sections
PE imports
SetSecurityAccessMask
RegUnLoadKeyW
CertDuplicateCTLContext
GetCharacterPlacementA
GetTempFileNameW
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GetPriorityClass
FileTimeToLocalFileTime
GetEnvironmentStrings
SetThreadPriority
LockResource
DisableThreadLibraryCalls
SetConsoleCursorPosition
GetSystemDirectoryA
GetModuleHandleW
MprInfoBlockAdd
MprConfigGetGuidName
PathMakePrettyW
EndDialog
ShutdownBlockReasonDestroy
RegisterDeviceNotificationA
DestroyWindow
GetPrinterDriverDirectoryW
WSACancelAsyncRequest
WSACleanup
Ord(29)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
32768

UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.4.20030.62408

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x71e3

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corpor

FileVersion
6.1.7600.16

TimeStamp
2018:12:14 04:02:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DDODiag

ProductVersion
6.1.7600.1638

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpo

LegalTrademarks
Mozilla, Netscape

ProductName
Micro

ProductVersionNumber
1.4.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 cc7eabb9a836d2f87ac18d630a2b6e4e
SHA1 223a988951e70ee1ee8b01201b0d4a6d3fd99382
SHA256 a4143eb2467645156fae5098f38417a1cf7abe57141f93ff7d0a837e993c9609
ssdeep
1536:VmL8tVgZOo1VO/s1GlKx4t7HeS9pGvx518mQ6ZL5X9XppMzh20bdCqsc1:ELIVJoXOEyA4t9pGJe6ZL5NZTkQfu

authentihash 90c4df596f265e8d799fe4193e9e9288f956870e807c9702307e468f626e7997
imphash f970d5d5cb7afe49ba5b2a166068329f
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-13 19:12:46 UTC ( 2 months, 1 week ago )
Last submission 2018-12-24 06:17:16 UTC ( 2 months ago )
File names 60545056.exe
37951.exe
362604.exe
4420.exe
0675158.exe
2156393.exe
839852.exe
8039.exe
9195.exe
79903.exe
32.exe
3.exe
arh.exe
44.exe
501.exe
910.exe
919363.exe
7.exe
DDODiag
96676146.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!