× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d829a7d4affa37e3a82fc1c8c9b662b8c50a58b542bf45a5cac906e13f0c242e
File name: uF.exe
Detection ratio: 14 / 65
Analysis date: 2017-10-17 04:01:05 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20171017
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171016
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171017
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAFW 20171017
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171017
Qihoo-360 HEUR/QVM20.1.8D92.Malware.Gen 20171017
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171017
Symantec ML.Attribute.HighConfidence 20171016
Webroot W32.Trojan.Emotet 20171017
WhiteArmor Malware.HighConfidence 20171016
Ad-Aware 20171017
AhnLab-V3 20171017
Alibaba 20170911
ALYac 20171017
Antiy-AVL 20171017
Arcabit 20171017
Avast 20171017
Avast-Mobile 20171016
AVG 20171017
Avira (no cloud) 20171016
AVware 20171017
BitDefender 20171017
Bkav 20171016
CAT-QuickHeal 20171016
ClamAV 20171016
CMC 20171016
Comodo 20171017
Cyren 20171017
eGambit 20171017
Emsisoft 20171017
F-Prot 20171017
F-Secure 20171017
Fortinet 20171017
GData 20171017
Ikarus 20171016
Jiangmin 20171017
K7AntiVirus 20171016
K7GW 20171016
Kaspersky 20171017
Kingsoft 20171017
Malwarebytes 20171017
MAX 20171017
McAfee 20171017
McAfee-GW-Edition 20171017
Microsoft 20171017
eScan 20171016
NANO-Antivirus 20171017
nProtect 20171017
Panda 20171016
Rising 20171017
SUPERAntiSpyware 20171017
Symantec Mobile Insight 20171011
Tencent 20171017
TheHacker 20171015
TrendMicro 20171017
TrendMicro-HouseCall 20171017
Trustlook 20171017
VBA32 20171016
VIPRE 20171017
ViRobot 20171017
Yandex 20171013
Zillya 20171016
ZoneAlarm by Check Point 20171017
Zoner 20171017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdsf.dll
Internal name kbdsf (3.13)
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Swiss French Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-17 11:51:05
Entry Point 0x00001920
Number of sections 10
PE sections
PE imports
OpenSCManagerW
SetAbortProc
FreeLibrary
GetLastError
FlushProcessWriteBuffers
RaiseException
LocalAlloc
RemoveDirectoryW
ConvertFiberToThread
SetFileApisToOEM
InterlockedExchange
LocalFree
GetProcAddress
LoadLibraryA
GenerateConsoleCtrlEvent
LZCopy
QueryPathOfRegTypeLib
RpcServerInqCallAttributesW
ExtractAssociatedIconA
CryptCATAdminReleaseCatalogContext
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7601.17514

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Swiss French Keyboard Layout

ImageFileCharacteristics
Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
53504

EntryPoint
0x1920

OriginalFileName
kbdsf.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:10:17 12:51:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdsf (3.13)

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
15872

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 cdba2ba5e4226ad18785d101847cf4c0
SHA1 7cd56939363020426a78941c5c6d3239243ecd4b
SHA256 d829a7d4affa37e3a82fc1c8c9b662b8c50a58b542bf45a5cac906e13f0c242e
ssdeep
1536:6n9axKhZ4LrorOGt9tgbTNdeQ65kvLEp8/bllDLM1IHL0VD1WB8fdSAK:eT42n9twTNsQ+yLeYFMCHL0r4aR

authentihash 280c276149d22581fd381f67d3d68d3764776e50c48b9d834de19e23992ac863
imphash c90c92e9ac18b985ce669552746f24f3
File size 94.5 KB ( 96768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-17 03:00:17 UTC ( 1 year ago )
Last submission 2017-11-25 05:12:49 UTC ( 11 months ago )
File names kbdsf.dll
uF.exe
zlHFSEKv9O2PUy.exe
cdba2ba5e4226ad18785d101847cf4c0.virobj
kbdsf (3.13)
SAMPLES_17_10_2017 (18)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications