× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de1c738174c3433b892898d415038869f93e63c52f1c1be1b7808a98e9c9d2e6
File name: 524b8b38-a71c-11e6-8b3d-80e65024849a.file
Detection ratio: 53 / 70
Analysis date: 2018-12-12 23:52:04 UTC ( 4 days, 1 hour ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.105609 20181212
AegisLab Trojan.Win32.Inject.4!c 20181212
AhnLab-V3 Trojan/Win32.Inject.C1663743 20181212
ALYac Gen:Variant.Razy.105609 20181212
Arcabit Trojan.Razy.D19C89 20181212
Avast Win32:Malware-gen 20181212
AVG Win32:Malware-gen 20181212
Avira (no cloud) HEUR/AGEN.1034740 20181212
BitDefender Gen:Variant.Razy.105609 20181212
Bkav HW32.Packed. 20181212
ClamAV Win.Trojan.Generic-4194 20181212
Comodo Malware@#3osnises7hjne 20181212
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.fa9506 20180225
Cylance Unsafe 20181213
Cyren W32/Trojan.SZPH-2372 20181212
DrWeb Trojan.PWS.Papras.2401 20181212
eGambit Unsafe.AI_Score_57% 20181213
Emsisoft Gen:Variant.Razy.105609 (B) 20181212
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.FJKF 20181213
F-Secure Gen:Variant.Razy.105609 20181212
Fortinet W32/Kryptik.FJPF!tr 20181212
GData Gen:Variant.Razy.105609 20181212
Ikarus Trojan.Win32.Crypt 20181212
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 004fcbdc1 ) 20181212
K7GW Trojan ( 004fcbdc1 ) 20181212
Kaspersky Trojan-Spy.Win32.Ursnif.adnz 20181212
Malwarebytes Trojan.FakeMS.Generic 20181212
MAX malware (ai score=100) 20181213
McAfee RDN/Generic.grp 20181212
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20181212
Microsoft Trojan:Win32/Occamy.C 20181213
eScan Gen:Variant.Razy.105609 20181212
NANO-Antivirus Trojan.Win32.Inject.eifwws 20181213
Palo Alto Networks (Known Signatures) generic.ml 20181213
Panda Trj/GdSda.A 20181212
Qihoo-360 Win32/Trojan.423 20181213
Rising Trojan.Inject!8.103 (C64:YzY0Op66yFFZMFtW) 20181213
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANX 20181213
Symantec Trojan Horse 20181212
Tencent Win32.Trojan.Generic.Wozd 20181213
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TSPY_EMOTET.SMZD172 20181212
TrendMicro-HouseCall TSPY_EMOTET.SMZD172 20181212
VBA32 Trojan.Inject 20181212
VIPRE Trojan.Win32.Generic!BT 20181212
Webroot W32.Trojan.Gen 20181213
Yandex Trojan.Inject!cect+4Np71A 20181212
Zillya Trojan.Kryptik.Win32.1073954 20181212
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.adnz 20181212
Alibaba 20180921
Antiy-AVL 20181212
Avast-Mobile 20181212
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181212
CMC 20181212
F-Prot 20181212
Jiangmin 20181212
Kingsoft 20181213
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181212
TheHacker 20181210
TotalDefense 20181212
Trustlook 20181213
ViRobot 20181212
Zoner 20181212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2010
Original name VCOMP100.DLL
Internal name VCOMP100.DLL
File version 10.00.40219.325 built by: SP1LDR
Description Microsoft® C/C++ OpenMP Runtime
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-10 07:30:20
Entry Point 0x000029D0
Number of sections 8
PE sections
PE imports
CreateFileMappingW
GetLastError
FreeConsole
CreateDirectoryExW
LocalAlloc
lstrcmpiA
CreateDirectoryA
FreeLibrary
AllocConsole
GetLongPathNameA
IsBadReadPtr
GetLogicalDrives
InterlockedExchange
LoadLibraryA
GetProcAddress
RaiseException
Number of PE resources by type
RT_STRING 5
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.40219.325

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft C/C++ OpenMP Runtime

ImageFileCharacteristics
No relocs, Executable, No symbols, 32-bit, No debug

CharacterSet
Unicode

InitializedDataSize
118784

EntryPoint
0x29d0

OriginalFileName
VCOMP100.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.00.40219.325 built by: SP1LDR

TimeStamp
2016:11:10 08:30:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VCOMP100.DLL

ProductVersion
10.00.40219.325

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
20480

ProductName
Microsoft Visual Studio 2010

ProductVersionNumber
10.0.40219.325

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 d7050f9fa9506db85f7c4fe568a5cd53
SHA1 c1a0ae5549ff268a973adcb1a48293a527fa9a9d
SHA256 de1c738174c3433b892898d415038869f93e63c52f1c1be1b7808a98e9c9d2e6
ssdeep
3072:mEHMgH18QtbKFcQNl6Tovv2j8ABEFNMChLZMz56K3D7uUzYjuK:3sgrbK6sUMujBBEDMC9Qn3HuUEju

authentihash 0be57b4669deee9ea66e2ff8980b9a6409f7ab559b7d82fa545b4ec66f608c8e
imphash b3334c9f9558b0300f5a677c821a4d02
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-10 07:12:35 UTC ( 2 years, 1 month ago )
Last submission 2018-12-12 23:52:04 UTC ( 4 days, 1 hour ago )
File names 524b8b38-a71c-11e6-8b3d-80e65024849a.file
VCOMP100.DLL
Recent Sample (42).exe
524b8b38-a71c-11e6-8b3d-80e65024849a.exe
524b8b38-a71c-11e6-8b3d-80e65024849a.exe
524b8b38-a71c-11e6-8b3d-80e65024849a.file
.exe
malware (98).exe
Sample (119).exe
Sample (219).exe
50001c(05).exe
524b8b38-a71c-11e6-8b3d-80e65024849a.file.exe
50001c.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications