× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e96cd894eb86e0b3844e4fa7a76e45f90a1299ecac6e9842b78a5b83150f5ae4
File name: PCzncshzDHX.exe
Detection ratio: 20 / 66
Analysis date: 2017-10-17 06:02:57 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20171017
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171017
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171017
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAFW 20171017
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171017
McAfee Artemis!5493A95C1A8B 20171017
McAfee-GW-Edition BehavesLike.Win32.Ransomware.nc 20171017
Palo Alto Networks (Known Signatures) generic.ml 20171017
Qihoo-360 HEUR/QVM20.1.8D92.Malware.Gen 20171017
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANR 20171017
Symantec ML.Attribute.HighConfidence 20171016
TrendMicro-HouseCall Suspicious_GEN.F47V1017 20171017
ViRobot Trojan.Win32.S.Emotet.96256 20171017
Webroot W32.Trojan.Emotet 20171017
WhiteArmor Malware.HighConfidence 20171016
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171017
Ad-Aware 20171017
AhnLab-V3 20171017
Alibaba 20170911
ALYac 20171017
Antiy-AVL 20171017
Arcabit 20171017
Avast 20171017
Avast-Mobile 20171016
AVG 20171017
Avira (no cloud) 20171016
AVware 20171017
BitDefender 20171017
Bkav 20171016
CAT-QuickHeal 20171016
ClamAV 20171017
CMC 20171016
Comodo 20171017
Cyren 20171017
eGambit 20171017
Emsisoft 20171017
F-Prot 20171017
F-Secure 20171017
Fortinet 20171017
GData 20171017
Ikarus 20171016
Jiangmin 20171017
K7AntiVirus 20171017
K7GW 20171016
Kingsoft 20171017
Malwarebytes 20171017
MAX 20171017
Microsoft 20171017
eScan 20171017
NANO-Antivirus 20171017
nProtect 20171017
Panda 20171016
Rising 20171017
SUPERAntiSpyware 20171017
Symantec Mobile Insight 20171011
Tencent 20171017
TheHacker 20171015
TotalDefense 20171017
TrendMicro 20171017
Trustlook 20171017
VBA32 20171016
VIPRE 20171017
Yandex 20171013
Zillya 20171016
Zoner 20171017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdsf.dll
Internal name kbdsf (3.13)
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Swiss French Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-17 10:20:46
Entry Point 0x00001760
Number of sections 10
PE sections
PE imports
OpenSCManagerW
SetAbortProc
FreeLibrary
GetLastError
FlushProcessWriteBuffers
RaiseException
LocalAlloc
RemoveDirectoryW
ConvertFiberToThread
SetFileApisToOEM
InterlockedExchange
LocalFree
GenerateConsoleCtrlEvent
GetProcAddress
LoadLibraryA
LZCopy
QueryPathOfRegTypeLib
RpcServerInqCallAttributesW
ExtractAssociatedIconA
CryptCATAdminReleaseCatalogContext
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53504

EntryPoint
0x1760

OriginalFileName
kbdsf.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:10:17 11:20:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdsf (3.13)

ProductVersion
6.1.7601.17514

FileDescription
Swiss French Keyboard Layout

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
15360

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 5493a95c1a8ba858584c118f2a3a26e5
SHA1 bfcd5d2006b6f14fd1940daba61d3cae138d109b
SHA256 e96cd894eb86e0b3844e4fa7a76e45f90a1299ecac6e9842b78a5b83150f5ae4
ssdeep
1536:X/FiO03/DmZUYAl3RJX2DsGlwvF5EM+ta2w34+r0e:PQ3/DGAlGQoMAM/3Hr0e

authentihash ca8b710c7904bfde14323ceca6d45367b55823f47a3cdc255721a0ce1759daa4
imphash 7a73188ac6a4f8a57030236d44cec684
File size 94.0 KB ( 96256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-17 01:24:49 UTC ( 1 year ago )
Last submission 2017-11-17 20:46:01 UTC ( 11 months, 1 week ago )
File names KAYFsdZMmN6Q4Z2.exe
kbdsf (3.13)
PCzncshzDHX.exe
kbdsf.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!