× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df5cda79272056a03fde667d321213a5476fb78e6a7c4119ffe9d4c0c5740a82
File name: LOADER#00.BIN1
Detection ratio: 27 / 67
Analysis date: 2018-05-18 11:29:43 UTC ( 9 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.468722 20180518
ALYac Gen:Variant.Graftor.468722 20180518
Arcabit Trojan.Graftor.D726F2 20180518
Avast Win32:Evo-gen [Susp] 20180518
AVG Win32:Evo-gen [Susp] 20180518
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180518
BitDefender Gen:Variant.Graftor.468722 20180518
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180418
Cylance Unsafe 20180518
eGambit Unsafe.AI_Score_100% 20180518
Emsisoft Gen:Variant.Graftor.468722 (B) 20180518
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Graftor.468722 20180518
Fortinet W32/Kryptik.GFYL!tr 20180518
GData Gen:Variant.Graftor.468722 20180518
Ikarus Trojan-Banker.Emotet 20180518
Sophos ML heuristic 20180503
MAX malware (ai score=81) 20180518
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180518
Microsoft Trojan:Win32/Fuerboos.A!cl 20180518
eScan Gen:Variant.Graftor.468722 20180518
Qihoo-360 HEUR/QVM20.1.3EB5.Malware.Gen 20180518
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180518
Symantec Packed.Generic.517 20180518
TrendMicro TSPY_HPEMOTET.SMAL3 20180518
TrendMicro-HouseCall TSPY_HPEMOTET.SMAL3 20180518
AegisLab 20180518
AhnLab-V3 20180518
Alibaba 20180518
Antiy-AVL 20180518
Avast-Mobile 20180518
Avira (no cloud) 20180518
AVware 20180518
Babable 20180406
Bkav 20180518
CAT-QuickHeal 20180518
ClamAV 20180518
CMC 20180518
Comodo 20180518
Cybereason None
Cyren 20180518
DrWeb 20180518
ESET-NOD32 20180518
F-Prot 20180518
Jiangmin 20180518
K7AntiVirus 20180518
K7GW 20180518
Kaspersky 20180518
Kingsoft 20180518
Malwarebytes 20180518
McAfee 20180518
NANO-Antivirus 20180518
nProtect 20180518
Palo Alto Networks (Known Signatures) 20180518
Panda 20180518
Rising 20180518
SUPERAntiSpyware 20180518
Symantec Mobile Insight 20180517
Tencent 20180518
TheHacker 20180516
TotalDefense 20180518
Trustlook 20180518
VBA32 20180517
VIPRE 20180518
ViRobot 20180518
Webroot 20180518
Yandex 20180518
Zillya 20180516
ZoneAlarm by Check Point 20180518
Zoner 20180517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdbe.dll
Internal name kbdbe (3.13)
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Belgian Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-05 03:57:59
Entry Point 0x000087C3
Number of sections 6
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
CertDuplicateCTLContext
GetTextMetricsA
GetNativeSystemInfo
LocalFree
RaiseException
GetBinaryTypeW
GetModuleFileNameW
LocalAlloc
LoadLibraryW
GetLastError
GlobalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
GetProcAddress
FlsFree
GetModuleHandleW
InternetTimeFromSystemTimeA
AddPrintProcessorW
Ord(30)
StgCreatePropStg
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
163840

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Belgian Keyboard Layout

CharacterSet
Unicode

LinkerVersion
2.2

FileTypeExtension
exe

OriginalFileName
kbdbe.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2018:05:05 04:57:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbe (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1659788813

FileSubtype
2

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x87c3

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0892a53a9aecddedc426689a4a7b853b
SHA1 4a0f3e1733dea487c78dc53d7b765a5c57304771
SHA256 df5cda79272056a03fde667d321213a5476fb78e6a7c4119ffe9d4c0c5740a82
ssdeep
1536:fa9bKYWyLxnSwP8Zeu97C9Pte8FDlOuDRwUoToDbz4t2YQQiPqN:fmbKYxnSa8cu97YlDvROTue2YQQKqN

authentihash 32dcd4351af469e43c9eecd037094a94e20d25f1bcb1fb864cff0d0e83a78ea3
imphash 01c4add5b6040a9b9adc5aea6911c9e7
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-18 11:29:43 UTC ( 9 months, 1 week ago )
Last submission 2018-05-18 11:29:43 UTC ( 9 months, 1 week ago )
File names LOADER#00.BIN1
kbdbe (3.13)
kbdbe.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!