× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d046146339b1771d2bc4a82d25fc63eeb534d7cf5b65912da1a0122566047e91
File name: DFFV (26).exe
Detection ratio: 11 / 55
Analysis date: 2016-12-22 13:47:49 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.jqabl 20161222
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20161207
CAT-QuickHeal (Suspicious) - DNAScan 20161222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.OZU 20161222
Sophos ML generic.a 20161216
K7GW Trojan ( 700001211 ) 20161222
Malwarebytes Trojan.Injector 20161222
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161222
Rising Malware.Generic!E44jBNPOCTI@2 (thunder) 20161222
Symantec Heur.AdvML.B 20161222
Ad-Aware 20161222
AegisLab 20161222
AhnLab-V3 20161222
Alibaba 20161222
ALYac 20161222
Antiy-AVL 20161222
Arcabit 20161222
Avast 20161222
AVG 20161222
AVware 20161222
BitDefender 20161222
Bkav 20161222
ClamAV 20161222
CMC 20161222
Comodo 20161222
Cyren 20161222
DrWeb 20161222
Emsisoft 20161222
F-Prot 20161222
F-Secure 20161222
Fortinet 20161222
GData 20161222
Ikarus 20161222
Jiangmin 20161222
K7AntiVirus 20161222
Kaspersky 20161222
Kingsoft 20161222
McAfee 20161222
McAfee-GW-Edition 20161222
Microsoft 20161222
eScan 20161222
NANO-Antivirus 20161222
nProtect 20161222
Panda 20161221
Sophos AV 20161222
SUPERAntiSpyware 20161222
Tencent 20161222
TheHacker 20161219
TrendMicro 20161222
Trustlook 20161222
VBA32 20161222
VIPRE 20161222
ViRobot 20161222
WhiteArmor 20161221
Yandex 20161221
Zillya 20161220
Zoner 20161222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name ws2help.dll
Internal name ws2help.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Socket 2.0 Helper for Windows NT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-13 08:44:47
Entry Point 0x0001CB20
Number of sections 23
PE sections
PE imports
CreateToolhelp32Snapshot
GetSystemWindowsDirectoryA
SystemTimeToFileTime
GetNamedPipeInfo
GetOEMCP
SetThreadPriorityBoost
GetModuleFileNameA
GetPrivateProfileStructW
CancelWaitableTimer
GetCurrentDirectoryA
GetProcAddress
QueryMemoryResourceNotification
InitializeSListHead
WriteProfileStringW
SetStdHandle
AssignProcessToJobObject
WaitNamedPipeW
GetStringTypeA
GetModuleHandleA
ZombifyActCtx
ConvertDefaultLocale
GetStartupInfoA
CloseHandle
EnumResourceLanguagesA
HeapReAlloc
EnumLanguageGroupLocalesW
ConnectNamedPipe
WriteConsoleOutputCharacterW
lstrcpyA
CreateEventA
QueryDosDeviceW
ReadConsoleOutputAttribute
SetComputerNameExW
FindResourceA
DnsHostnameToComputerNameA
MprAdminMIBBufferFree
SHIsFileAvailableOffline
SHGetNewLinkInfoA
ExtractIconExA
ShowWindow
FindWindowExA
MessageBeep
MoveWindow
calloc
setbuf
fgetpos
wcstod
puts
labs
islower
sprintf
isdigit
strcmp
strncpy
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
9728

EntryPoint
0x1cb20

OriginalFileName
ws2help.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:13 09:44:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ws2help.dll

ProductVersion
6.1.7600.16385

FileDescription
Windows Socket 2.0 Helper for Windows NT

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
21504

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 6b21f986309b0aadda301725fd80ffa6
SHA1 f6887bc1742ff0b78c9b12ca80fdf10bd1056ad1
SHA256 d046146339b1771d2bc4a82d25fc63eeb534d7cf5b65912da1a0122566047e91
ssdeep
3072:vg4+3VAMrXKugMH5Mi//H48dXKpxUMkDdnKe4o/7ffWQS:vgt3Vhr2MHx/VKrYpK07ffG

authentihash 89e785f5f4b472c6857be7b361db43514fe614988979c1b7d95c6f09395272e7
imphash f210cbe2d46ebe7b50ae7a3523060d98
File size 109.9 KB ( 112496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-22 09:39:59 UTC ( 2 years, 2 months ago )
Last submission 2018-05-18 16:06:24 UTC ( 9 months, 1 week ago )
File names ws2help.dll
DFFV (26).exe
WorldPay_Invoice.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!