× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6a827c062ad52bbddec050658fe592cb00cf1ef8e500e0c81071f1aa279b9b1
File name: b6a827c062ad52bbddec050658fe592cb00cf1ef8e500e0c81071f1aa279b9b1
Detection ratio: 36 / 61
Analysis date: 2017-03-19 03:43:25 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4601380 20170319
AegisLab Backdoor.W32.Dridex!c 20170319
AhnLab-V3 Trojan/Win32.Agent.C1861298 20170318
ALYac Trojan.Dridex.A 20170319
Arcabit Trojan.Generic.D463624 20170319
Avast Win32:Malware-gen 20170319
AVG BackDoor.Generic19.BEMR 20170319
Avira (no cloud) TR/Crypt.Xpack.ojohu 20170318
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170318
BitDefender Trojan.GenericKD.4601380 20170319
CAT-QuickHeal Backdoor.Dridex 20170318
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.EHDU-1481 20170319
DrWeb Trojan.PWS.Siggen1.63078 20170319
Emsisoft Trojan.Dridex (A) 20170319
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Dridex.AX 20170319
F-Prot W32/Trojan2.PTMI 20170319
F-Secure Trojan.GenericKD.4601380 20170319
GData Trojan.GenericKD.4601380 20170319
Sophos ML backdoor.win32.prosti.l 20170203
K7AntiVirus Trojan ( 004fe5cb1 ) 20170318
K7GW Trojan ( 700001211 ) 20170317
Kaspersky Backdoor.Win32.Dridex.cy 20170319
Malwarebytes Trojan.Dridex 20170319
McAfee RDN/Generic.grp 20170319
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170319
Microsoft Trojan:Win32/Dynamer!ac 20170318
eScan Trojan.GenericKD.4601380 20170319
Palo Alto Networks (Known Signatures) generic.ml 20170319
Panda Trj/Genetic.gen 20170318
Qihoo-360 Win32/Trojan.760 20170319
Symantec Trojan.Cridex 20170318
Tencent Win32.Backdoor.Dridex.Sund 20170319
VIPRE Trojan.Win32.Generic!BT 20170319
ZoneAlarm by Check Point Backdoor.Win32.Dridex.cy 20170319
Alibaba 20170228
Antiy-AVL 20170319
Bkav 20170318
ClamAV 20170318
CMC 20170317
Comodo 20170319
Fortinet 20170319
Ikarus 20170318
Jiangmin 20170319
Kingsoft 20170319
NANO-Antivirus 20170319
nProtect 20170319
Rising None
SentinelOne (Static ML) 20170315
Sophos AV 20170319
SUPERAntiSpyware 20170318
TheHacker 20170318
TotalDefense 20170318
TrendMicro 20170319
TrendMicro-HouseCall 20170319
Trustlook 20170319
VBA32 20170317
ViRobot 20170319
Webroot 20170319
WhiteArmor 20170315
Yandex 20170318
Zillya 20170317
Zoner 20170319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PDH.DLL
Internal name PDH.DLL
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Performance Data Helper DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2023-08-22 21:28:18
Entry Point 0x0001E2C0
Number of sections 10
PE sections
Overlays
MD5 d3d9446802a44259755d38e6d163e820
File type ASCII text
Offset 120656
Size 2
Entropy 1.00
PE imports
AreFileApisANSI
GetVolumePathNameW
LoadLibraryW
GetDriveTypeA
DeleteTimerQueueEx
GetThreadLocale
QueueUserAPC
FindFirstChangeNotificationW
GetWindowsDirectoryW
VirtualFreeEx
WaitForMultipleObjects
GetConsoleTitleW
GetCurrentDirectoryA
GetStartupInfoW
FindVolumeMountPointClose
GetProcAddress
AddAtomW
OpenMutexA
lstrcpynW
EraseTape
GetDiskFreeSpaceW
SetTimerQueueTimer
GlobalAddAtomA
GlobalMemoryStatusEx
FindFirstFileExW
GetModuleHandleW
GetBinaryTypeA
SetEnvironmentVariableA
EnumDateFormatsW
FindAtomA
GetLongPathNameA
SetVolumeLabelA
GetPrivateProfileSectionA
PrepareTape
FindFirstVolumeMountPointA
VarCyFromI1
SHFreeNameMappings
wnsprintfW
ReleaseDC
GetThreadDesktop
TabbedTextOutW
mbtowc
clearerr
memset
_sprintf_l
wcscmp
putchar
sscanf
isupper
iswgraph
strncpy
PdhGetDefaultPerfCounterA
CreateAsyncBindCtx
CoInternetCombineUrl
CoInternetGetSecurityUrl
FaultInIEFeature
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
197.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1e2c0

OriginalFileName
PDH.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2023:08:22 22:28:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDH.DLL

ProductVersion
6.1.7601.17514

FileDescription
Windows Performance Data Helper DLL

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
23552

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c215eb225a354f41a68091100885d4ec
SHA1 4e41d6079b5b35c9e43ffefab46f2353c5ca61e9
SHA256 b6a827c062ad52bbddec050658fe592cb00cf1ef8e500e0c81071f1aa279b9b1
ssdeep
3072:yWe/mqvldi8OA0IgOgSSUohbtwzS1uNt9XTZU:kPNd5OA0IrNEwDN3y

authentihash cb3f33b94c8a857249da2328d47e83be5cf87a7f3583e4d56bb1ffe75043e5f0
imphash d8f592aed0100a83b4617282a4a14168
File size 117.8 KB ( 120658 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-19 01:06:25 UTC ( 1 year, 11 months ago )
Last submission 2017-04-11 01:22:22 UTC ( 1 year, 10 months ago )
File names 051.vir
PDH.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!