× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cceb60aaf53a1226f52f043c8f8fc8a841d56a7aca6ef9ffdb431625a6d5aa28
File name: drvmap.exe
Detection ratio: 47 / 70
Analysis date: 2018-12-23 19:18:08 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181222
Ad-Aware Trojan.Autoruns.GenericKDS.31432849 20181223
AegisLab Trojan.Win32.Emotet.4!c 20181223
AhnLab-V3 Trojan/Win32.Emotet.R249373 20181223
ALYac Trojan.Agent.Emotet 20181223
Antiy-AVL Trojan[Banker]/Win32.Emotet 20181223
Arcabit Trojan.Autoruns.GenericS.D1DFA091 20181223
Avast Win32:BankerX-gen [Trj] 20181223
AVG Win32:BankerX-gen [Trj] 20181223
BitDefender Trojan.Autoruns.GenericKDS.31432849 20181223
Bkav HW32.Packed. 20181221
Comodo Malware@#32sdszuncwjr6 20181223
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.3c6bdc 20180225
Cylance Unsafe 20181223
Cyren W32/Emotet.LE.gen!Eldorado 20181223
eGambit Unsafe.AI_Score_99% 20181223
Emsisoft Trojan.Autoruns.GenericKDS.31432849 (B) 20181223
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNZI 20181223
F-Prot W32/Emotet.LE.gen!Eldorado 20181223
F-Secure Trojan.Autoruns.GenericKDS.31432849 20181223
Fortinet W32/Emotet.FJX!tr 20181223
GData Trojan.Autoruns.GenericKDS.31432849 20181223
Ikarus Trojan-Banker.Emotet 20181223
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181223
K7GW Riskware ( 0040eff71 ) 20181223
Kaspersky Trojan-Banker.Win32.Emotet.bvyp 20181223
McAfee Emotet-FJX!69B0BA03AE19 20181223
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181223
Microsoft Trojan:Win32/Emotet.AC!bit 20181223
eScan Trojan.Autoruns.GenericKDS.31432849 20181223
Palo Alto Networks (Known Signatures) generic.ml 20181223
Panda Trj/Genetic.gen 20181223
Qihoo-360 HEUR/QVM20.1.FA49.Malware.Gen 20181223
Rising Trojan.Emotet!8.B95 (CLOUD) 20181223
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Troj/Emotet-AQJ 20181223
Symantec Trojan.Emotet 20181222
Tencent Win32.Trojan-banker.Emotet.Wrgq 20181223
Trapmine malicious.high.ml.score 20181205
TrendMicro TSPY_EMOTET.UKPADKL 20181223
TrendMicro-HouseCall TSPY_EMOTET.UKPADKL 20181223
VBA32 BScope.Trojan.Refinka 20181222
Webroot W32.Trojan.Emotet 20181223
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bvyp 20181223
Alibaba 20180921
Avast-Mobile 20181223
Avira (no cloud) 20181223
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181223
ClamAV 20181223
CMC 20181223
DrWeb 20181223
Jiangmin 20181223
Kingsoft 20181223
Malwarebytes 20181223
MAX 20181223
NANO-Antivirus 20181223
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181223
TheHacker 20181220
TotalDefense 20181223
Trustlook 20181223
ViRobot 20181223
Yandex 20181223
Zillya 20181222
Zoner 20181223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft

Product Microsoft®
Original name kbdth3.dll
Internal name TCPSVCS.EXE
Description TCP/IP Services Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-07-18 02:23:20
Entry Point 0x000028B0
Number of sections 9
PE sections
PE imports
RemoveUsersFromEncryptedFile
GetSecurityDescriptorRMControl
OffsetClipRgn
GetEnvironmentStrings
GetNamedPipeServerProcessId
GetThreadLocale
GetThreadTimes
GlobalMemoryStatusEx
GetBinaryTypeA
GetCurrentThread
Ord(29)
SendMessageA
GetLastInputInfo
DlgDirListW
GetMenuContextHelpId
CopyIcon
GetKeyState
g_rgSCardT1Pci
memmove
OleFlushClipboard
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:07:18 03:23:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
2.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x28b0

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
5.1

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 69b0ba03ae19228c03494a5f133cca24
SHA1 bcb8ba93c6bdca4fdf2e79b5e2020c7f80d7b89a
SHA256 cceb60aaf53a1226f52f043c8f8fc8a841d56a7aca6ef9ffdb431625a6d5aa28
ssdeep
1536:d9x/uS4Fw9newm5pCAcYX7zc8U4ervP8ypUyKT6ZuCYpRZpHZ9n5Y4ks9XnXk:9/uS4QRKCT+DT6ZZMDp5J24nnU

authentihash aa83e0a8a36d24bf86f92aa55f177b35f1fe70c97301acd1864f8788b90a34f7
imphash dbb1dbcf2505dcf14f51d6562609ee9f
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-19 17:09:05 UTC ( 1 month, 4 weeks ago )
Last submission 2018-12-19 17:33:16 UTC ( 1 month, 4 weeks ago )
File names Un2BhdBBjySH.exe
dWHmQKDF0.exe
sendandsymbol.exe
W1yNNRYpqT8.exe
thesync.exe
sendandsymbol.exe
TCPSVCS.EXE
cyrlcyrl.exe
catreadme.exe
kbdth3.dll
mapdmi.exe
drvmap.exe
thesync.exe
jS2ezy6lwI5.exe
mapdmi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!