× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7b5ae47d4bb79c0242bc41f5620ab60c7019cec61547a2cb0ad3d288fb54e3e
File name: XDEL
Detection ratio: 0 / 61
Analysis date: 2017-05-27 19:52:44 UTC ( 6 hours, 54 minutes ago )
Antivirus Result Update
Ad-Aware 20170527
AegisLab 20170527
AhnLab-V3 20170527
Alibaba 20170527
ALYac 20170527
Arcabit 20170527
Avast 20170527
AVG 20170527
Avira (no cloud) 20170527
AVware 20170527
Baidu 20170527
BitDefender 20170527
Bkav 20170526
CAT-QuickHeal 20170527
ClamAV 20170527
CMC 20170527
Comodo 20170527
CrowdStrike Falcon (ML) 20170420
Cyren 20170527
DrWeb 20170527
Emsisoft 20170527
Endgame 20170515
ESET-NOD32 20170527
F-Prot 20170527
F-Secure 20170527
Fortinet 20170527
GData 20170527
Ikarus 20170527
Invincea 20170519
Jiangmin 20170527
K7AntiVirus 20170527
K7GW 20170527
Kaspersky 20170527
Kingsoft 20170527
Malwarebytes 20170527
McAfee 20170527
McAfee-GW-Edition 20170527
Microsoft 20170527
eScan 20170527
NANO-Antivirus 20170527
nProtect 20170527
Palo Alto Networks (Known Signatures) 20170527
Panda 20170527
Qihoo-360 20170527
Rising 20170527
SentinelOne (Static ML) 20170516
Sophos 20170527
SUPERAntiSpyware 20170527
Symantec 20170527
Symantec Mobile Insight 20170526
Tencent 20170527
TheHacker 20170525
TotalDefense 20170527
TrendMicro 20170527
TrendMicro-HouseCall 20170525
Trustlook 20170527
VBA32 20170526
VIPRE 20170527
ViRobot 20170527
Webroot 20170527
WhiteArmor 20170524
Yandex 20170526
Zillya 20170527
ZoneAlarm by Check Point 20170527
Zoner 20170527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2016

Product Link Shellextension
Original name Link Shellextension
Internal name XDEL
File version 3.8.6.8
Description Link Shellextension
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-19 20:10:56
Entry Point 0x000033EA
Number of sections 5
PE sections
Overlays
MD5 bd3bb37de6aee578a49ef24934c535a3
File type data
Offset 34816
Size 3994128
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
GetWindowLongA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
DrawTextA
RegisterClassA
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.8.6.8

UninitializedDataSize
1024

LanguageCode
German (Austrian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x33ea

OriginalFileName
Link Shellextension

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999-2016

FileVersion
3.8.6.8

TimeStamp
2016:04:19 21:10:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XDEL

ProductVersion
3.8.6.8

FileDescription
Link Shellextension

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Schinagl

CodeSize
23552

ProductName
Link Shellextension

ProductVersionNumber
3.8.6.8

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 cacfd4c9ac95360f5d681950d79bbdb5
SHA1 ec7ceb0ba51057b45ad962216919629aa46c51f0
SHA256 c7b5ae47d4bb79c0242bc41f5620ab60c7019cec61547a2cb0ad3d288fb54e3e
ssdeep
98304:Tdd+wXtzFd6UaQNoJWXZV8D5J66sFw6tUWN22YYtZTsayfyjF:jpdz76uNoJgVz6s5O2/ZTluyjF

authentihash 0fa453c72bf686b3b151dc9743925a5a85c4b9e5d1502b797d334e9644cac819
imphash 1b3538b0fc54c17b26a6423f462d9e0a
File size 3.8 MB ( 4028944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe via-tor overlay

VirusTotal metadata
First submission 2016-04-20 05:53:08 UTC ( 1 year, 1 month ago )
Last submission 2017-05-27 08:49:09 UTC ( 17 hours, 58 minutes ago )
File names Link Shellextension
HardLinkShellExt_X64_v3.8.6.8.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64_3.8.6.8.exe
HardLinkShellExt_X64.exe
837952
HardLinkShellExt_X64.exe
HardLinkShellExt_X64 (1).exe
C7B5AE47D4BB79C0242BC41F5620AB60C7019CEC61547A2CB0AD3D288FB54E3E.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64-3.8.6.8.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64_3.8.6.8.exe
HardLinkShellExt_3.868_X64.exe
linkshellextensionInstall.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64 (2).exe
HardLinkShellExt_X64 (6).exe
HardLinkShellExt_X64.exe
XDEL
hardlinkshellext_x64.exe
HardLinkShellExt_X64.exe
HardLinkShellExt_X64 (1).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications