× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d360e8089cabb9fc48e4a68978af528a32ff0e4927fd4cf7a54914df8e6bb68b
File name: XDEL
Detection ratio: 0 / 61
Analysis date: 2017-05-28 01:32:18 UTC ( 1 hour, 15 minutes ago )
Antivirus Result Update
Ad-Aware 20170528
AegisLab 20170528
AhnLab-V3 20170527
Alibaba 20170527
ALYac 20170528
Arcabit 20170528
Avast 20170528
AVG 20170527
Avira (no cloud) 20170527
AVware 20170528
Baidu 20170527
BitDefender 20170528
Bkav 20170526
CAT-QuickHeal 20170527
ClamAV 20170528
CMC 20170527
Comodo 20170528
CrowdStrike Falcon (ML) 20170420
Cyren 20170528
DrWeb 20170528
Emsisoft 20170528
Endgame 20170515
ESET-NOD32 20170527
F-Prot 20170528
F-Secure 20170528
Fortinet 20170528
GData 20170528
Ikarus 20170527
Invincea 20170519
Jiangmin 20170527
K7AntiVirus 20170527
K7GW 20170528
Kaspersky 20170528
Kingsoft 20170528
Malwarebytes 20170528
McAfee 20170528
McAfee-GW-Edition 20170527
Microsoft 20170528
eScan 20170528
NANO-Antivirus 20170528
nProtect 20170528
Palo Alto Networks (Known Signatures) 20170528
Panda 20170527
Qihoo-360 20170528
Rising 20170528
SentinelOne (Static ML) 20170516
Sophos 20170528
SUPERAntiSpyware 20170527
Symantec 20170527
Symantec Mobile Insight 20170526
Tencent 20170528
TheHacker 20170525
TotalDefense 20170527
TrendMicro 20170528
TrendMicro-HouseCall 20170525
Trustlook 20170528
VBA32 20170526
VIPRE 20170528
ViRobot 20170527
Webroot 20170528
WhiteArmor 20170524
Yandex 20170526
Zillya 20170527
ZoneAlarm by Check Point 20170528
Zoner 20170528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2016

Product Link Shellextension
Original name Link Shellextension
Internal name XDEL
File version 3.8.6.8
Description Link Shellextension
Packers identified
F-PROT NSIS, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-19 20:08:42
Entry Point 0x000033E3
Number of sections 5
PE sections
Overlays
MD5 37d49f4f26d2b84bdd72ffa22613d8d7
File type data
Offset 34816
Size 3727345
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
GetWindowLongA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
DrawTextA
RegisterClassA
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.8.6.8

UninitializedDataSize
1024

LanguageCode
German (Austrian)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x33e3

OriginalFileName
Link Shellextension

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999-2016

FileVersion
3.8.6.8

TimeStamp
2016:04:19 21:08:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XDEL

ProductVersion
3.8.6.8

FileDescription
Link Shellextension

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Schinagl

CodeSize
23552

ProductName
Link Shellextension

ProductVersionNumber
3.8.6.8

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 51ff33a8deaa1b77acf2d696533ad7a7
SHA1 7bdb8ce45c8e28df5bc11eb20530e558c64d0b68
SHA256 d360e8089cabb9fc48e4a68978af528a32ff0e4927fd4cf7a54914df8e6bb68b
ssdeep
98304:1AOU3+LyYq2a4oV/vMK79GiZ0yj7GSQkA7ukXFc:1AOUOLyfV/37f0Q7Gr7Fm

authentihash 102f531dfaefc76536378bfa1d7cb3e19e897db2e423f2205691350ccafe7680
imphash 1b3538b0fc54c17b26a6423f462d9e0a
File size 3.6 MB ( 3762161 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.9%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2016-04-20 05:44:12 UTC ( 1 year, 1 month ago )
Last submission 2017-05-15 19:42:26 UTC ( 1 week, 5 days ago )
File names hardlinkshellext_win32.exe
Link Shellextension
HardLinkShellExt_win32.exe
837936
HardLinkShellExt_win32.exe
HardLinkShellExt_win32.exe
XDEL
HardLinkShellExt_win32.exe
HardLinkShellExt_win32.exe
HardLinkShellExt_win32.exe
HardLinkShellExt_win32.exe
HardLinkShellExt_3.868_win32.exe
HardLinkShellExt_win32.exe
D360E8089CABB9FC48E4A68978AF528A32FF0E4927FD4CF7A54914DF8E6BB68B.exe
HardLinkShellExt_win32.exe
HardLinkShellExt_win32.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Runtime DLLs
UDP communications