× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb7ae43e04c2212bae5d0d8c11190a9212df5825d551ab9f22b4e57bc42c7ebb
File name: cb7ae43e04c2212bae5d0d8c11190a9212df5825d551ab9f22b4e57bc42c7ebb
Detection ratio: 21 / 57
Analysis date: 2016-11-16 16:30:34 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161116
Avast Win32:Malware-gen 20161116
Avira (no cloud) TR/Crypt.Xpack.jgyhc 20161116
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161116
CAT-QuickHeal (Suspicious) - DNAScan 20161116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.VNXJ-1807 20161116
ESET-NOD32 a variant of Win32/Kryptik.FJWK 20161116
F-Prot W32/Trojan3.XVT 20161116
Ikarus Trojan.Win32.Dridex 20161116
Sophos ML generic.a 20161018
K7GW Trojan ( 700001211 ) 20161116
Kaspersky UDS:DangerousObject.Multi.Generic 20161116
Malwarebytes Trojan.Dridex 20161116
McAfee Artemis!E39589B48FD3 20161116
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20161116
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161116
Sophos AV Mal/Generic-S 20161116
Symantec Heur.AdvML.B 20161116
TrendMicro TSPY_DRIDEX.YSV 20161116
TrendMicro-HouseCall TSPY_DRIDEX.YSV 20161116
Ad-Aware 20161116
AhnLab-V3 20161116
Alibaba 20161116
ALYac 20161116
Antiy-AVL 20161116
Arcabit 20161116
AVG 20161116
AVware 20161116
BitDefender 20161116
Bkav 20161116
ClamAV 20161116
CMC 20161116
Comodo 20161116
DrWeb 20161116
Emsisoft 20161116
F-Secure 20161116
Fortinet 20161116
GData 20161116
Jiangmin 20161116
K7AntiVirus 20161116
Kingsoft 20161116
Microsoft 20161116
eScan 20161116
NANO-Antivirus 20161116
nProtect 20161116
Panda 20161115
Rising 20161116
SUPERAntiSpyware 20161116
Tencent 20161116
TheHacker 20161115
TotalDefense 20161116
VBA32 20161115
VIPRE 20161116
ViRobot 20161116
Yandex 20161116
Zillya 20161116
Zoner 20161116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name MSHTMLED.DLL
Internal name MSHTMLED.DLL
File version 11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)
Description Microsoft® HTML Editing Component
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-12 23:24:35
Entry Point 0x0001AF60
Number of sections 14
PE sections
PE imports
GetTextExtentPointW
GetSystemTime
OpenThread
HeapFree
SetCommBreak
GetNumberOfConsoleInputEvents
BuildCommDCBW
CreateTimerQueue
GetModuleFileNameA
lstrlenW
VerifyVersionInfoW
DeleteCriticalSection
lstrcatA
HeapQueryInformation
OpenFileMappingA
OpenWaitableTimerW
GetCurrentActCtx
GetProcAddress
GetModuleHandleA
GetDiskFreeSpaceW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
lstrcatW
GetFileAttributesExW
WriteProfileSectionA
CreateProcessW
FormatMessageA
GetStringTypeExA
MprInfoBlockRemove
MprInfoBlockAdd
VarCyRound
ShowWindow
fsetpos
isdigit
sprintf_s
isprint
wcslen
PdhRemoveCounter
GetComponentIDFromCLSSPEC
Number of PE resources by type
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
4.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
11.0.9600.18427

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1af60

OriginalFileName
MSHTMLED.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.18427 (winblue_ltsb_escrow.160801-1857)

TimeStamp
2001:01:13 00:24:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSHTMLED.DLL

ProductVersion
11.00.9600.18427

FileDescription
Microsoft HTML Editing Component

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22528

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.18427

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e39589b48fd3ffd603aa6b5426bdee4a
SHA1 f7b722d1a9fcdae06cdebed9292fe0ef3046de47
SHA256 cb7ae43e04c2212bae5d0d8c11190a9212df5825d551ab9f22b4e57bc42c7ebb
ssdeep
1536:gincjs3q/PlmgonRuAZqFM076PIG11iboA7UCbW+GDv6cjsfrkZvht:7QsqlmgoQAgp76F1dR+GDv6cjszkvt

authentihash 25672b5fc7ea3d08e48f6e7f95dbaf9bfa28304beeb48046e95ed426ac7aa74c
imphash 3e3a17aa95933c8cbbea58fb565e182b
File size 104.3 KB ( 106780 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-16 10:59:14 UTC ( 2 years, 3 months ago )
Last submission 2017-08-21 19:45:50 UTC ( 1 year, 5 months ago )
File names MSHTMLED.DLL
omge.exe
bomje - Copy.exe
bomje.exe.exe
e39589b48fd3ffd603aa6b5426bdee4a.exe
bomje.exe
bomje.exe
header.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!