× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b56785cb168999551833be9e89d3fa131a2673ce64a8d2db7dbbc600e14e0073
File name: b56785cb168999551833be9e89d3fa131a2673ce64a8d2db7dbbc600e14e0073
Detection ratio: 16 / 67
Analysis date: 2018-11-06 20:05:30 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast Win32:MdeClass 20181106
AVG Win32:MdeClass 20181106
CAT-QuickHeal Trojan.Emotet.X4 20181105
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181106
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CQFO 20181106
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jt 20181106
Microsoft Trojan:Win32/Fuerboos.C!cl 20181106
Qihoo-360 HEUR/QVM20.1.07F9.Malware.Gen 20181106
Rising Trojan.Kryptik!1.B4A3 (CLASSIC) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181106
Symantec ML.Attribute.HighConfidence 20181106
Webroot W32.Trojan.Emotet 20181106
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast-Mobile 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
Bkav 20181106
ClamAV 20181106
CMC 20181106
Cybereason 20180225
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Ikarus 20181106
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kaspersky 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
eScan 20181106
NANO-Antivirus 20181106
Palo Alto Networks (Known Signatures) 20181106
Panda 20181106
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
TrendMicro 20181106
TrendMicro-HouseCall 20181106
Trustlook 20181106
VBA32 20181106
ViRobot 20181106
Yandex 20181106
Zillya 20181106
ZoneAlarm by Check Point 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WpdComp.dll
Internal name WpdComp.dll
File version 6.3.9600.16384 (winblue_rtm.130821-1623)
Description Windows Portable Device Composite Driver
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-22 03:49:38
Entry Point 0x00093BD9
Number of sections 4
PE sections
PE imports
RegSaveKeyA
ObjectPrivilegeAuditAlarmA
RegQueryReflectionKey
ImageList_GetIconSize
SetTextJustification
SetWindowOrgEx
StartPage
UpdateColors
GetNumberOfInterfaces
SetCommConfig
GetPrivateProfileStringA
GetSystemDirectoryW
LoadResource
WriteConsoleOutputCharacterA
GetModuleHandleW
NetGroupAddUser
VarBoolFromDate
RasGetAutodialAddressW
RasGetEntryPropertiesA
RpcRevertToSelfEx
RpcMgmtEpEltInqBegin
SetupDiGetDeviceInstallParamsW
SHGetUnreadMailCountW
SHQueryValueExW
SHGetThreadRef
BeginPaint
GetUserObjectSecurity
RetrieveUrlCacheEntryFileA
towlower
HWND_UserSize
OleFlushClipboard
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
73728

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.3.9600.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
WpdComp.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.3.9600.16384 (winblue_rtm.130821-1623)

TimeStamp
2013:08:21 20:49:38-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
WpdComp.dll

ProductVersion
6.3.9600.16384

FileDescription
Windows Portable Device Composite Driver

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
610304

FileSubtype
0

ProductVersionNumber
6.3.9600.16384

EntryPoint
0x93bd9

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 efbe65d38dc32a5fa2522a37332828f3
SHA1 92d757eb40c6d06d2a88d2ed5167ce681f4c7b08
SHA256 b56785cb168999551833be9e89d3fa131a2673ce64a8d2db7dbbc600e14e0073
ssdeep
3072:Cg6pHO1TsjBhM7Q0kNWLumpx8Db2zEJ0Y0m1OPv6/YywVW8sdSmOV7/fYXOp:i55+92I9mOVjS

authentihash b86eb71ccdce65b2686eddc6b4ca5161fc563c584962f74d1c8b22d3633913da
imphash d74dac044fe5c50fe560388404ae197f
File size 668.0 KB ( 684032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 20:05:30 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-06 20:05:30 UTC ( 3 months, 2 weeks ago )
File names ADriA1EYOkX.exe
aTKOM33SAS.exe
rH5qiZaTeYJ.exe
118.exe
WpdComp.dll
sspsunity.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!