× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3104bb4f8bbe7e502c2000caaf2e10f2a6e9cd7ecc6d4cdb032a1c0787dffc4
File name: XYL2K_23dc5h5.exe.ViR
Detection ratio: 4 / 56
Analysis date: 2015-08-13 19:29:29 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ikarus Trojan.Win32.Crypt 20150813
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150813
TrendMicro BKDR_DRIDEX.CE 20150813
TrendMicro-HouseCall BKDR_DRIDEX.CE 20150813
Ad-Aware 20150813
AegisLab 20150813
Yandex 20150813
AhnLab-V3 20150813
Alibaba 20150813
Antiy-AVL 20150813
Arcabit 20150813
Avast 20150813
AVG 20150813
Avira (no cloud) 20150813
AVware 20150813
Baidu-International 20150813
BitDefender 20150813
Bkav 20150813
ByteHero 20150813
CAT-QuickHeal 20150813
ClamAV 20150813
CMC 20150710
Comodo 20150813
Cyren 20150813
DrWeb 20150813
Emsisoft 20150813
ESET-NOD32 20150813
F-Prot 20150813
F-Secure 20150813
Fortinet 20150813
GData 20150813
Jiangmin 20150813
K7AntiVirus 20150813
K7GW 20150813
Kaspersky 20150813
Kingsoft 20150813
Malwarebytes 20150813
McAfee 20150813
McAfee-GW-Edition 20150813
Microsoft 20150813
eScan 20150813
NANO-Antivirus 20150813
nProtect 20150813
Panda 20150813
Rising 20150812
Sophos AV 20150813
SUPERAntiSpyware 20150813
Symantec 20150813
Tencent 20150813
TheHacker 20150811
TotalDefense 20150813
VBA32 20150813
VIPRE 20150813
ViRobot 20150813
Zillya 20150813
Zoner 20150813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name HGCPL.DLL
Internal name HGCPL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description HomeGroup Control Panel
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-10-18 04:07:24
Entry Point 0x0000104B
Number of sections 11
PE sections
PE imports
PathIsFileSpecA
_chkstk
_allrem
Number of PE resources by type
RT_ICON 33
RT_GROUP_ICON 4
UIFILE 3
RT_RCDATA 2
XMLFILE 1
WEVT_TEMPLATE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 45
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
HomeGroup Control Panel

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
237568

EntryPoint
0x104b

OriginalFileName
HGCPL.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
1992:10:17 21:07:24-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
HGCPL

ProductVersion
6.1.7601.17514

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
32768

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 ecf3a9190f4e24640a45eb35e55ef6df
SHA1 6d8915116b412a748a869ac0cc9b1e8973494fe8
SHA256 b3104bb4f8bbe7e502c2000caaf2e10f2a6e9cd7ecc6d4cdb032a1c0787dffc4
ssdeep
3072:3CTyhRazVnPJhNKWd/zP9mmrgojyrP4NCk0Si2wOJ7:3RaNP1PJP9mij/CkH9w

authentihash fc3bb0deb3ec8cd310b705319daf1042cc5cb0215e66ad98d2939bc159c4240c
imphash 81755d8691b9845a169027f8dd1f94a6
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-13 09:09:34 UTC ( 3 years, 6 months ago )
Last submission 2019-02-02 14:49:23 UTC ( 2 weeks ago )
File names 23dc5h5.ex
b3104bb4f8bbe7e502c2000caaf2e10f2a6e9cd7ecc6d4cdb032a1c0787dffc4.bin
23dc5h5.malware
b3104bb4f8bbe7e502c2000caaf2e10f2a6e9cd7ecc6d4cdb032a1c0787dffc4.exe
output.79491584.txt
ecf3a9190f4e24640a45eb35e55ef6df.exe
GRUFTPES.EXE
e25418fb175eeda2d30e8a8b981753bd8844f9b7.exe
23dc5h5.exe
Recent_Dridex.exe
23dc5h5.exe
ECF3A9190F4E24640A45EB35E55EF6DF
HGCPL
XYL2K_23dc5h5.exe.ViR
b3104bb4f8bbe7e502c2000caaf2e10f2a6e9cd7ecc6d4cdb032a1c0787dffc4. exe
79491584
HGCPL.DLL
ecf3a9190f4e24640a45eb35e55ef6df
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections