× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: def1181ba8fbe7ab084f3c1552fa2aa58a935f67a9f980ae35d590a8fd973d43
File name: DEF1181BA8FBE7AB084F3C1552FA2AA58A935F67A9F980AE35D590A8FD973D43
Detection ratio: 20 / 66
Analysis date: 2018-11-15 13:48:42 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DIUK 20181115
ALYac Trojan.Agent.DIUK 20181115
Arcabit Trojan.Agent.DIUK 20181115
Avast FileRepMalware 20181115
AVG FileRepMalware 20181115
BitDefender Trojan.Agent.DIUK 20181115
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181115
Emsisoft Trojan.Agent.DIUK (B) 20181115
Endgame malicious (high confidence) 20181108
GData Trojan.Agent.DIUK 20181115
Sophos ML heuristic 20181108
K7GW Riskware ( 0040eff71 ) 20181115
Kaspersky UDS:DangerousObject.Multi.Generic 20181115
McAfee Downloader-ASH.gen.g 20181115
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181115
Microsoft Trojan:Win32/Fuerboos.C!cl 20181115
eScan Trojan.Agent.DIUK 20181115
Panda Trj/GdSda.A 20181115
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181115
AegisLab 20181115
AhnLab-V3 20181115
Alibaba 20180921
Antiy-AVL 20181115
Avast-Mobile 20181115
Avira (no cloud) 20181115
Babable 20180918
Baidu 20181115
Bkav 20181115
CAT-QuickHeal 20181115
ClamAV 20181115
CMC 20181115
Cybereason 20180225
Cyren 20181115
DrWeb 20181115
eGambit 20181115
ESET-NOD32 20181115
F-Prot 20181115
F-Secure 20181115
Fortinet 20181115
Jiangmin 20181115
K7AntiVirus 20181113
Kingsoft 20181115
Malwarebytes 20181115
MAX 20181115
NANO-Antivirus 20181115
Palo Alto Networks (Known Signatures) 20181115
Qihoo-360 20181115
Rising 20181115
SentinelOne (Static ML) 20181011
Sophos AV 20181115
SUPERAntiSpyware 20181114
Symantec 20181115
Symantec Mobile Insight 20181108
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TotalDefense 20181115
TrendMicro 20181115
TrendMicro-HouseCall 20181115
Trustlook 20181115
VBA32 20181115
ViRobot 20181115
Webroot 20181115
Yandex 20181115
Zillya 20181114
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name osrrb.exe
Internal name osrrb
File version 10.0.15063.1173 (rs2_release_svc_1(cxesa).180520-1912)
Description osrrb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:30:32
Entry Point 0x000062D6
Number of sections 5
PE sections
PE imports
ImageList_GetIconSize
CreatePen
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
VirtualProtect
GetCurrentThreadId
LeaveCriticalSection
Ord(6197)
Ord(1775)
Ord(2438)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(2411)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(4424)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(6905)
Ord(5440)
Ord(6375)
Ord(2023)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2813)
Ord(2621)
Ord(3259)
Ord(3059)
Ord(4244)
Ord(5860)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(2864)
Ord(5301)
Ord(4297)
Ord(4613)
Ord(4163)
Ord(6762)
Ord(4964)
Ord(3402)
Ord(520)
Ord(6215)
Ord(6625)
Ord(4953)
Ord(6242)
Ord(682)
Ord(616)
Ord(3811)
Ord(2723)
Ord(6270)
Ord(366)
Ord(641)
Ord(5788)
Ord(2494)
Ord(2580)
Ord(796)
Ord(4532)
Ord(5277)
Ord(2514)
Ord(986)
Ord(4425)
Ord(5216)
Ord(5199)
Ord(567)
Ord(4284)
Ord(1134)
Ord(4220)
Ord(4465)
Ord(4108)
Ord(2578)
Ord(6383)
Ord(2089)
Ord(3797)
Ord(4890)
Ord(1844)
Ord(338)
Ord(3754)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(4400)
Ord(500)
Ord(2982)
Ord(832)
Ord(617)
Ord(3172)
Ord(3454)
Ord(4526)
Ord(4508)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(6907)
Ord(4531)
Ord(1746)
Ord(4441)
Ord(2542)
Ord(3641)
Ord(540)
Ord(6119)
Ord(5076)
Ord(6007)
Ord(4077)
Ord(4078)
Ord(3293)
Ord(3089)
Ord(2862)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(6307)
Ord(2117)
Ord(3584)
Ord(1727)
Ord(6741)
Ord(823)
Ord(6613)
Ord(2107)
Ord(1644)
Ord(6055)
Ord(2379)
Ord(5300)
Ord(3874)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(4376)
Ord(3521)
Ord(3654)
Ord(800)
Ord(656)
Ord(3749)
Ord(4899)
Ord(6401)
Ord(4403)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(6720)
Ord(4079)
Ord(4467)
Ord(5265)
Ord(5100)
Ord(3147)
Ord(2860)
Ord(2124)
Ord(6909)
Ord(4615)
Ord(4892)
Ord(2725)
Ord(1726)
Ord(6919)
Ord(3371)
Ord(4398)
Ord(6336)
Ord(2584)
Ord(6175)
Ord(803)
Ord(3262)
Ord(5653)
Ord(674)
Ord(6508)
Ord(975)
Ord(1576)
Ord(5243)
Ord(3610)
Ord(4353)
Ord(1776)
Ord(3520)
Ord(3301)
Ord(2583)
Ord(3748)
Ord(932)
Ord(5065)
Ord(5253)
Ord(5290)
Ord(4407)
Ord(813)
Ord(4275)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(858)
Ord(3693)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(289)
Ord(4545)
Ord(5280)
Ord(6453)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(303)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(807)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(6766)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(4436)
Ord(2818)
Ord(652)
Ord(5252)
Ord(3286)
Ord(4457)
Ord(543)
Ord(3582)
Ord(4696)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(2510)
Ord(521)
Ord(3830)
Ord(5103)
Ord(2554)
Ord(2385)
Ord(4961)
Ord(6394)
Ord(4349)
Ord(2878)
Ord(4823)
Ord(3079)
Ord(2512)
Ord(5606)
Ord(772)
Ord(6880)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(815)
Ord(5241)
Ord(4129)
Ord(2399)
Ord(5450)
Ord(5012)
Ord(2648)
__p__fmode
rand
_ftol
memset
strcat
__dllonexit
_except_handler3
_mbscmp
_onexit
exit
_XcptFilter
__setusermatherr
__p__commode
_acmdln
_mbsicmp
_exit
_adjust_fdiv
atol
__getmainargs
atof
memcpy
_setmbcp
__CxxFrameHandler
memmove
_initterm
_controlfp
_EH_prolog
__set_app_type
GetParent
ReleaseDC
PostMessageA
EnumWindows
RegisterWindowMessageA
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
EnableWindow
UnhookWindowsHookEx
UpdateWindow
SetCapture
ReleaseCapture
SetWindowLongA
InvalidateRect
GetKeyState
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
SetParent
SendMessageA
GetClientRect
ScreenToClient
CallNextHookEx
DrawFocusRect
GetDCEx
LoadCursorA
SetWindowsHookExA
TranslateAcceleratorA
GetFocus
SetCursor
Number of PE resources by type
RT_STRING 15
RT_DIALOG 1
RT_ICON 1
Struct(241) 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.15063.1173

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
osrrb

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0x62d6

OriginalFileName
osrrb.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.15063.1173 (rs2_release_svc_1(cxesa).180520-1912)

TimeStamp
2016:12:06 12:30:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
osrrb

ProductVersion
10.0.15063.1173

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.15063.1173

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b26447bd70fe31fecb04ffa4deee8870
SHA1 f5c73ee8768bb73bdb648b52b682a8133f80567b
SHA256 def1181ba8fbe7ab084f3c1552fa2aa58a935f67a9f980ae35d590a8fd973d43
ssdeep
1536:+nIjAxlqEd4ewE0SHv7z69lnEbFXYFbOJ8LD2ZyrllUDrQffG5:+IylqEWxSHvK9NEbVYFbb6EZloX5

authentihash 090617f344f359678075a003f176b32547ac55b953abaa7472f177b767ebbd72
imphash 0f5af0039b880d4e35b81f02424da380
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-15 13:48:34 UTC ( 6 months, 1 week ago )
Last submission 2018-11-22 10:49:43 UTC ( 6 months ago )
File names b26447bd70fe31fecb04ffa4deee8870
osrrb
jpjd.exe
osrrb.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs