× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb3f2b1a9bf2484bcc035944843ad214fd7fde854c99df0f7a5cc9369c89433c
File name: ladybi.exe
Detection ratio: 4 / 54
Analysis date: 2016-02-15 11:38:13 UTC ( 3 years ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160215
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160215
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160215
Sophos AV Mal/Generic-S 20160215
Ad-Aware 20160215
AegisLab 20160215
Yandex 20160213
AhnLab-V3 20160214
Alibaba 20160215
ALYac 20160215
Antiy-AVL 20160215
Arcabit 20160215
Avast 20160215
AVG 20160215
Avira (no cloud) 20160215
Baidu-International 20160215
BitDefender 20160215
Bkav 20160215
ByteHero 20160215
CAT-QuickHeal 20160215
ClamAV 20160215
CMC 20160214
Comodo 20160215
Cyren 20160215
DrWeb 20160215
Emsisoft 20160215
ESET-NOD32 20160215
F-Prot 20160215
F-Secure 20160215
Fortinet 20160215
GData 20160215
Ikarus 20160215
Jiangmin 20160215
K7AntiVirus 20160215
K7GW 20160215
Malwarebytes 20160215
McAfee 20160215
McAfee-GW-Edition 20160215
Microsoft 20160215
eScan 20160215
NANO-Antivirus 20160215
nProtect 20160212
Panda 20160214
SUPERAntiSpyware 20160215
Symantec 20160214
Tencent 20160215
TheHacker 20160213
TrendMicro 20160215
TrendMicro-HouseCall 20160215
VBA32 20160215
VIPRE 20160215
ViRobot 20160215
Zillya 20160213
Zoner 20160215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Work Folders
Original name WorkFoldersRes.dll
Internal name WorkFoldersRes.dll
File version 6.2.9200.16384
Description Work Folders Resources
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x000229A0
Number of sections 9
PE sections
PE imports
GetDriveTypeW
VerifyVersionInfoA
GetOverlappedResult
EncodePointer
SetConsoleCursorPosition
SetSystemTime
GetConsoleMode
GetFileTime
IsDBCSLeadByteEx
FindResourceExA
GetThreadIOPendingFlag
EnumCalendarInfoExW
SetTimerQueueTimer
WriteFile
Thread32First
LocalFree
InitAtomTable
InterlockedDecrement
GetProfileIntA
FindFirstVolumeMountPointA
GetUserDefaultUILanguage
VerLanguageNameA
OpenThread
WriteTapemark
FoldStringA
SetFileShortNameW
SetConsoleCtrlHandler
EraseTape
ActivateActCtx
WriteProfileStringW
CreateDirectoryExW
GetSystemDefaultUILanguage
EnumSystemLanguageGroupsA
GetNumberOfConsoleMouseButtons
ExitThread
SetEnvironmentVariableA
ReadConsoleA
FindAtomW
GetModuleHandleExW
GetCurrentConsoleFont
SearchPathA
ReadConsoleW
GetVersion
AddRefActCtx
CreateToolhelp32Snapshot
RequestDeviceWakeup
MoveFileWithProgressW
GetVersionExW
QueryPerformanceCounter
GetTickCount
ClearCommError
MoveFileWithProgressA
WriteConsoleOutputAttribute
GlobalSize
SystemTimeToFileTime
Process32First
GetPrivateProfileIntA
DeleteFileA
GetCommProperties
BackupWrite
DeleteFileW
GetProcAddress
QueryDepthSList
GetProfileStringW
CreateHardLinkA
SetCriticalSectionSpinCount
DebugBreakProcess
WaitNamedPipeA
EnumResourceNamesA
FreeConsole
IsValidLocale
lstrcmpW
FindFirstFileExW
WaitForMultipleObjects
EncodeSystemPointer
GetFileType
TlsSetValue
LocalUnlock
GetLastError
FlushConsoleInputBuffer
GetDevicePowerState
GetShortPathNameA
GetAtomNameA
CreateIoCompletionPort
GetCompressedFileSizeW
GetCompressedFileSizeA
GetSystemDefaultLangID
Module32NextW
WriteFileEx
GlobalFlags
SetConsoleTitleA
EnumSystemCodePagesA
LoadLibraryExA
GetLongPathNameW
HeapCreate
GetDefaultCommConfigW
MprAdminMIBBufferFree
MprInfoRemoveAll
MprAdminMIBEntryGet
VarUI1FromCy
VarUI2FromI4
VarCyFromI1
VarR4FromDec
DragAcceptFiles
Shell_NotifyIconW
ExtractAssociatedIconExW
SHGetFileInfoW
DragQueryPoint
wnsprintfW
AnimateWindow
GetWindowLongA
OpenInputDesktop
CreateMDIWindowW
EnableWindow
GetLastActivePopup
wsprintfA
ReleaseDC
wsprintfW
MessageBeep
PtInRect
mbtowc
fputws
fscanf
iswgraph
wprintf
localeconv
rewind
fclose
getenv
iswascii
abort
getwc
wscanf
realloc
iswupper
strncmp
strtol
tolower
qsort
labs
iswdigit
isalpha
sprintf
atol
isdigit
vsprintf
isspace
GetErrorInfo
PdhGetRawCounterValue
PdhEnumObjectsA
PdhGetDataSourceTimeRangeA
PdhReadRawLogRecord
PdhCalculateCounterFromRawValue
GetClassURL
URLDownloadToFileA
CoInternetCombineUrl
FaultInIEFeature
CoInternetParseUrl
Number of PE resources by type
RT_ICON 9
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.17

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.2.9200.16384

UninitializedDataSize
6656

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42752

EntryPoint
0x229a0

OriginalFileName
WorkFoldersRes.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.2.9200.16384

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WorkFoldersRes.dll

ProductVersion
6.2.9200.16384

FileDescription
Work Folders Resources

OSVersion
4.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

ProductName
Work Folders

ProductVersionNumber
6.2.9200.16384

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 500071614cc903a9740af01b66afad86
SHA1 2972a44548c477e80aedb6fb3bb300241c49d738
SHA256 cb3f2b1a9bf2484bcc035944843ad214fd7fde854c99df0f7a5cc9369c89433c
ssdeep
6144:q4IHHGH5YqdOCIih7i8CIw7Z/mKiyRjLuaMH:qDHm1oQ37w7ZliygH

authentihash 7953d13bc53e19817a67862ba6525c96ab7d7f9df14b2a5b96f0b4949e6cfc99
imphash 55f00c3a3bba46254b0b04ae3c01c3f0
File size 249.0 KB ( 254976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-15 10:43:12 UTC ( 3 years ago )
Last submission 2018-05-26 17:55:33 UTC ( 9 months ago )
File names 65fg67n
65fg67n.exe
CB3F2B1A9BF2484BCC035944843AD214FD7FDE854C99DF0F7A5CC9369C89433C.exe
WorkFoldersRes.dll
cb3f2b1a9bf2484bcc035944843ad214fd7fde854c99df0f7a5cc9369c89433c.bin
ladybi.exe
65fg67n (1)
65fg67n.txt
500071614cc903a9740af01b66afad86
65fg67n_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications