× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8a46eb7c4cb954a64cfa81ec7679fa3ce195bdcbb6fcf2a4a8d0c294cdc545b
File name: a8a46eb7c4cb954a64cfa81ec7679fa3ce195bdcbb6fcf2a4a8d0c294cdc545b
Detection ratio: 19 / 57
Analysis date: 2017-02-16 07:39:42 UTC ( 1 year, 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.132935 20170216
AegisLab Gen.Variant.Razy!c 20170216
Arcabit Trojan.Razy.D20747 20170216
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170216
BitDefender Gen:Variant.Razy.132935 20170216
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Razy.132935 (B) 20170216
Endgame malicious (high confidence) 20170208
ESET-NOD32 a variant of Win32/Kryptik.FOJB 20170216
F-Secure Gen:Variant.Razy.132935 20170216
GData Gen:Variant.Razy.132935 20170216
Sophos ML trojandownloader.win32.renos.pt 20170203
Malwarebytes Trojan.Dridex 20170216
McAfee Artemis!12588AE58B33 20170216
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170215
eScan Gen:Variant.Razy.132935 20170216
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170216
Symantec Trojan.Gen.8 20170215
VIPRE Trojan.Win32.Generic!BT 20170216
AhnLab-V3 20170216
Alibaba 20170216
ALYac 20170216
Antiy-AVL 20170216
Avast 20170216
AVG 20170215
Avira (no cloud) 20170215
AVware 20170216
CAT-QuickHeal 20170216
ClamAV 20170216
CMC 20170215
Comodo 20170216
Cyren 20170216
F-Prot 20170216
Fortinet 20170216
Ikarus 20170215
Jiangmin 20170216
K7AntiVirus 20170215
K7GW 20170216
Kaspersky 20170216
Kingsoft 20170216
Microsoft 20170215
NANO-Antivirus 20170216
nProtect 20170216
Panda 20170215
Rising 20170216
Sophos AV 20170216
SUPERAntiSpyware 20170216
Tencent 20170216
TheHacker 20170215
TotalDefense 20170216
TrendMicro 20170216
TrendMicro-HouseCall 20170216
Trustlook 20170216
VBA32 20170215
ViRobot 20170216
Webroot 20170216
WhiteArmor 20170215
Yandex 20170215
Zillya 20170215
Zoner 20170216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name MsRdpWebAccess.dll
Internal name MsRdpWebAccess
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Microsoft Remote Desktop Services Web Access Control
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-13 16:34:06
Entry Point 0x0000D480
Number of sections 10
PE sections
PE imports
GetProfileStringW
GetSystemDefaultLangID
UnlockFile
RemoveDirectoryW
GetPrivateProfileIntA
FindClose
WaitForMultipleObjectsEx
FreeConsole
GetCommandLineA
wcstombs
_snwprintf_l
CoSetCancelObject
Number of PE resources by type
REGISTRY 2
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
109056

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Remote Desktop Services Web Access Control

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
MsRdpWebAccess.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:02:13 17:34:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MsRdpWebAccess

ProductVersion
6.1.7600.16385

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
51200

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0xd480

ObjectFileType
Executable application

File identification
MD5 12588ae58b33a39dbaed74f41d478db8
SHA1 33f3bb3aa5fc0613e0294eeb8f52775e611fb120
SHA256 a8a46eb7c4cb954a64cfa81ec7679fa3ce195bdcbb6fcf2a4a8d0c294cdc545b
ssdeep
3072:jjcw6xgS8XYs1C3/Vc6t19mI5BfKTJ5AuaXUjzId3XexOSczjebxTH7:jjZRS8QVrUIqYuaszId3McGbRb

authentihash 30f907c5d0d13b8d84c0ed185b6e62d9dce7499f8f71e7fe084cbf93355b8a4e
imphash 453faf5cd30aef62ee80f449dcaa7912
File size 146.8 KB ( 150276 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-16 05:23:24 UTC ( 1 year, 12 months ago )
Last submission 2017-02-16 07:39:42 UTC ( 1 year, 12 months ago )
File names MsRdpWebAccess
MsRdpWebAccess.dll
12588ae58b33a39dbaed74f41d478db8.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!