× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf31f97bc2a6983f2ea9a428206429fc8696e7bebdb7862675b60cbccd87fc53
File name: Fljcz7SZW8Q41kDA.exe
Detection ratio: 17 / 66
Analysis date: 2017-10-19 00:03:36 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab W32.Troj.Spy!c 20171018
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171018
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171019
Endgame malicious (high confidence) 20171016
Fortinet W32/GenKryptik.AVMQ!tr 20171019
GData Win32.Trojan-Spy.Emotet.DU 20171019
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171018
McAfee Artemis!79DE4074B9E8 20171018
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20171018
Palo Alto Networks (Known Signatures) generic.ml 20171019
Qihoo-360 HEUR/QVM20.1.9747.Malware.Gen 20171019
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171018
Webroot W32.Trojan.Emotet 20171019
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171018
Ad-Aware 20171018
AhnLab-V3 20171018
Alibaba 20170911
ALYac 20171018
Antiy-AVL 20171019
Arcabit 20171018
Avast 20171018
Avast-Mobile 20171018
AVG 20171018
Avira (no cloud) 20171018
AVware 20171018
BitDefender 20171018
Bkav 20171018
CAT-QuickHeal 20171018
ClamAV 20171018
CMC 20171018
Comodo 20171018
Cyren 20171019
eGambit 20171019
Emsisoft 20171018
ESET-NOD32 20171018
F-Prot 20171018
F-Secure 20171019
Ikarus 20171018
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kingsoft 20171019
Malwarebytes 20171018
MAX 20171018
Microsoft 20171018
eScan 20171018
NANO-Antivirus 20171018
nProtect 20171018
Panda 20171018
Rising 20171018
SUPERAntiSpyware 20171019
Symantec 20171018
Symantec Mobile Insight 20171011
Tencent 20171019
TheHacker 20171017
TotalDefense 20171018
TrendMicro 20171018
TrendMicro-HouseCall 20171018
Trustlook 20171019
VBA32 20171018
VIPRE 20171018
ViRobot 20171018
WhiteArmor 20171016
Yandex 20171018
Zillya 20171018
Zoner 20171018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name D3D10Level9.dll
Internal name D3D10Level9.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Direct3D 10 to Direct3D9 Translation Runtime
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-19 05:51:06
Entry Point 0x00001A30
Number of sections 7
PE sections
PE imports
OpenSCManagerW
CreateFontW
AreFileApisANSI
GetLastError
GetTimeFormatW
RaiseException
GetConsoleAliasA
LocalAlloc
ConvertFiberToThread
GetCommandLineW
FreeLibrary
UnregisterApplicationRestart
RegisterApplicationRestart
GetCurrentProcess
LocalFree
InterlockedExchange
GetCommandLineA
LoadLibraryA
GetProcAddress
GlobalLock
Ord(30)
Number of PE resources by type
HWB 5
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
26752

EntryPoint
0x1a30

OriginalFileName
D3D10Level9.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:10:19 06:51:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D3D10Level9.dll

ProductVersion
6.1.7601.17514

FileDescription
Direct3D 10 to Direct3D9 Translation Runtime

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
17920

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 79de4074b9e8b80c22bdb4141e1ed24f
SHA1 8b3489154a6e4fd96bf0cea977eaa84e4a32f57b
SHA256 cf31f97bc2a6983f2ea9a428206429fc8696e7bebdb7862675b60cbccd87fc53
ssdeep
3072:aCxUsEXRJwDOOYKPUxr/SDa0Gej9LU2dsZTreQ2:JxfGRIOOSLSi0UtZTr

authentihash 20abcd6cefa01dde73664426abacf0cec93ef4124746812fc289873620720826
imphash a9535285f65f2db1cca6be228ac59c66
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-18 20:52:19 UTC ( 8 months, 1 week ago )
Last submission 2018-05-03 17:50:22 UTC ( 1 month, 3 weeks ago )
File names Fljcz7SZW8Q41kDA.exe
8b3489154a6e4fd96bf0cea977eaa84e4a32f57b
D3D10Level9.dll
msimgmt.exe
msimgmt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications