× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd2cab8ad18af280f66a0e9b109678ae3fbf9ed0bb80b16f221c2110808b006a
File name: bd2cab8ad18af280f66a0e9b109678ae3fbf9ed0bb80b16f221c2110808b006a
Detection ratio: 25 / 55
Analysis date: 2016-10-30 00:07:15 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.103139 20161029
AhnLab-V3 Trojan/Win32.Razy.N2142360871 20161029
Arcabit Trojan.Razy.D192E3 20161029
Avira (no cloud) TR/Crypt.Xpack.axvrl 20161029
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161029
BitDefender Gen:Variant.Razy.103139 20161030
CAT-QuickHeal (Suspicious) - DNAScan 20161029
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Emsisoft Gen:Variant.Razy.103139 (B) 20161030
ESET-NOD32 a variant of Win32/Injector.DGVE 20161029
F-Secure Gen:Variant.Razy.103139 20161029
GData Gen:Variant.Razy.103139 20161030
Ikarus Trojan.Win32.Dridex 20161029
Sophos ML generic.a 20161018
K7GW Trojan ( 700001211 ) 20161030
Kaspersky Trojan.Win32.Razy.cbf 20161030
Malwarebytes Trojan.Dridex 20161030
McAfee RDN/Generic.grp 20161030
McAfee-GW-Edition BehavesLike.Win32.Rungbu.cc 20161030
eScan Gen:Variant.Razy.103139 20161030
Panda Trj/CI.A 20161029
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161030
Sophos AV Mal/Generic-S 20161030
Symantec Heur.AdvML.B 20161030
Tencent Win32.Trojan.Razy.Ahew 20161030
AegisLab 20161029
Alibaba 20161028
ALYac 20161029
Antiy-AVL 20161029
Avast 20161030
AVG 20161030
AVware 20161030
Bkav 20161029
ClamAV 20161030
CMC 20161029
Comodo 20161029
Cyren 20161030
DrWeb 20161030
F-Prot 20161030
Fortinet 20161030
Jiangmin 20161029
K7AntiVirus 20161029
Kingsoft 20161030
Microsoft 20161030
NANO-Antivirus 20161029
nProtect 20161028
Rising 20161029
SUPERAntiSpyware 20161029
TheHacker 20161029
TotalDefense 20161028
TrendMicro 20161029
TrendMicro-HouseCall 20161029
VBA32 20161029
VIPRE 20161029
ViRobot 20161029
Yandex 20161029
Zillya 20161028
Zoner 20161029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name MSHTMLED.DLL
Internal name MSHTMLED.DLL
File version 11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)
Description Microsoft® HTML Editing Component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1985-07-09 06:01:25
Entry Point 0x00019E50
Number of sections 18
PE sections
PE imports
SetBkColor
Process32NextW
FindResourceExA
SetSystemTime
BuildCommDCBAndTimeoutsA
SetThreadIdealProcessor
LoadLibraryA
SetNamedPipeHandleState
ChangeTimerQueueTimer
GetProcAddress
GetCurrentThreadId
ToAsciiEx
iswascii
isprint
wcsncat
sprintf
FindMediaTypeClass
Number of PE resources by type
REGISTRY 3
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
11.0.9600.18427

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x19e50

OriginalFileName
MSHTMLED.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)

TimeStamp
1985:07:09 07:01:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSHTMLED.DLL

ProductVersion
11.00.9600.18427

FileDescription
Microsoft HTML Editing Component

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22016

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.18427

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 775a263469c5de6e876e5111c4e66ba3
SHA1 76e633707fb97bb1db401ef1c5ca00b766aa71cc
SHA256 bd2cab8ad18af280f66a0e9b109678ae3fbf9ed0bb80b16f221c2110808b006a
ssdeep
3072:uQT8RpTVl5WhphIrG6TMeEKSBqZuazFpqTTUV+NF:tE5pinYG6TMGSUtRpUV

authentihash 6344e850e0829f407c02056e4b1e71d5beb886a402c2d4f7594c3a725d50d09f
imphash 7dd523b76bae1c762f0eecb1bbbde64b
File size 106.3 KB ( 108800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-29 21:45:30 UTC ( 2 years, 1 month ago )
Last submission 2016-12-15 18:39:52 UTC ( 2 years ago )
File names MSHTMLED.DLL
0b708fd82ee7823e8464fc04ef18d5b358a65766
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs