× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5fe31471af8abcd884108fbbfe776c3df6c988a865e401fc83ccbdfe030ed4e
File name: zbetcheckin_tracker_sserv.jpg
Detection ratio: 22 / 69
Analysis date: 2018-11-28 18:22:31 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20181128
AVG FileRepMetagen [Malware] 20181128
Bkav HW32.Packed. 20181128
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.0553aa 20180225
Cylance Unsafe 20181128
eGambit Unsafe.AI_Score_85% 20181128
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNDQ!tr 20181128
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181128
McAfee Artemis!5B30D000553A 20181128
McAfee-GW-Edition Artemis!Trojan 20181128
Microsoft Ransom:Win32/Troldesh.A 20181128
Palo Alto Networks (Known Signatures) generic.ml 20181128
Qihoo-360 Win32/Trojan.Ransom.d4b 20181128
Rising Ransom.Troldesh!8.5D1 (CLOUD) 20181128
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181128
Symantec ML.Attribute.HighConfidence 20181128
Trapmine malicious.high.ml.score 20181126
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181128
Ad-Aware 20181128
AegisLab 20181128
AhnLab-V3 20181128
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181128
Avast-Mobile 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181128
Emsisoft 20181128
ESET-NOD32 20181128
F-Prot 20181128
F-Secure 20181128
GData 20181128
Ikarus 20181128
Jiangmin 20181128
K7AntiVirus 20181128
K7GW 20181128
Kingsoft 20181128
Malwarebytes 20181128
MAX 20181128
eScan 20181128
NANO-Antivirus 20181128
Panda 20181128
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181128
VBA32 20181128
VIPRE 20181128
ViRobot 20181128
Webroot 20181128
Yandex 20181128
Zillya 20181128
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WUDFHost.exe
Internal name WUDFHost.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Driver Foundation - User-mode Driver Framework Host Process
Signature verification The digital signature of the object did not verify.
Signing date 3:04 AM 5/16/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 12:57:19
Entry Point 0x00004850
Number of sections 4
PE sections
Overlays
MD5 6a883ddcedc4cff2a65cdaefb33d553b
File type data
Offset 1402368
Size 3336
Entropy 7.34
PE imports
CreatePatternBrush
GetEnhMetaFileA
CloseEnhMetaFile
BeginPath
GetDCBrushColor
DeleteDC
GdiGetBatchLimit
GetMapMode
GetPixelFormat
DeleteColorSpace
CloseMetaFile
CancelDC
GetSystemPaletteUse
GetDCPenColor
GetGraphicsMode
GetEnhMetaFileW
GetFontLanguageInfo
UpdateColors
GetTextCharacterExtra
CreateMetaFileW
OpenFile
VirtualAllocEx
LocalAlloc
GetModuleHandleA
LocalFree
WaitForSingleObject
GlobalFree
SetEvent
CreateEventA
Sleep
FormatMessageA
ExpandEnvironmentStringsA
SetConsoleCtrlHandler
LoadLibraryA
GlobalAlloc
GetProcAddress
GetLastError
GetCaretBlinkTime
GetOpenClipboardWindow
GetParent
GetInputState
AnyPopup
DestroyMenu
GetClipboardOwner
GetClipboardData
GetDesktopWindow
CharLowerA
OpenIcon
CharUpperW
LoadCursorFromFileA
EndMenu
LoadCursorFromFileW
GetProcessWindowStation
GetSysColor
GetClipboardSequenceNumber
GetAsyncKeyState
GetMenu
GetQueueStatus
IsCharLowerA
GetClipboardViewer
GetMessageTime
CloseWindow
GetMenuCheckMarkDimensions
GetThreadDesktop
CloseWindowStation
IsClipboardFormatAvailable
CharNextW
LoadIconA
CharNextA
GetSysColorBrush
IsWindowUnicode
GetCursor
GetWindowTextLengthW
CloseClipboard
WindowFromDC
DestroyWindow
Number of PE resources by type
RT_RCDATA 2
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
1381888

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
WUDFHost.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2018:11:28 13:57:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WUDFHost.exe

ProductVersion
6.1.7601.17514

FileDescription
Windows Driver Foundation - User-mode Driver Framework Host Process

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
19456

FileSubtype
0

ProductVersionNumber
6.1.7601.17514

EntryPoint
0x4850

ObjectFileType
Executable application

Execution parents
File identification
MD5 5b30d000553aa54bd8d5db8cb4e03e1b
SHA1 1bcc5a89012a2191d8558352a716d9be81065331
SHA256 d5fe31471af8abcd884108fbbfe776c3df6c988a865e401fc83ccbdfe030ed4e
ssdeep
24576:zMJm6zq5rr3fhK8LOT3elmV3skfSt9QXGASh3huhI:6zq5rr3JxLnS3sRrAC3wi

authentihash 03282190578026041f48ff069b6b0e4dee5f41d568250660223f07c574e65a01
imphash 7f5bc360b889d00502e2590e4514e224
File size 1.3 MB ( 1405704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-28 13:11:28 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-22 04:06:04 UTC ( 5 months ago )
File names 5b30d000553aa54bd8d5db8cb4e03e1b
csrss.exe
2018-11-28-shade-executable-from-URL-ending-in-JPG-8-of-9.exe
output.114577992.txt
zbetcheckin_tracker_sserv.jpg
output.114597722.txt
5b30d000553aa54bd8d5db8cb4e03e1b
sserv.jpg
csrss.exe
WUDFHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections