× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fac3f5b28a1d84f03581514a775214b8b245d84911055085c3a5d5c845aa3678
File name: 219991617c88108981fd63423348e1c3bf907da4
Detection ratio: 32 / 67
Analysis date: 2018-03-28 05:56:50 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30486174 20180328
AegisLab Ml.Attribute.Gen!c 20180328
AhnLab-V3 Trojan/Win32.Emotet.R223733 20180328
Arcabit Trojan.Generic.D1D12E9E 20180328
Avast Win32:Malware-gen 20180328
AVG Win32:Malware-gen 20180328
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180328
BitDefender Trojan.GenericKD.30486174 20180328
Bkav HW32.Packed.5C02 20180327
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.17c881 20180225
Cylance Unsafe 20180328
eGambit Unsafe.AI_Score_80% 20180328
Emsisoft Trojan.GenericKD.30486174 (B) 20180328
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/GenKryptik.BUXK 20180328
F-Secure Trojan.GenericKD.30486174 20180328
Fortinet W32/Kryptik.GDRZ!tr 20180328
GData Win32.Trojan-Spy.Emotet.9IIYZU 20180328
Sophos ML heuristic 20180121
Kaspersky Trojan.Win32.Dovs.mvc 20180328
Malwarebytes Trojan.Emotet 20180328
MAX malware (ai score=94) 20180328
McAfee Artemis!B509E8B68728 20180328
McAfee-GW-Edition BehavesLike.Win32.Generic.nc 20180328
eScan Trojan.GenericKD.30486174 20180328
Palo Alto Networks (Known Signatures) generic.ml 20180328
Rising Trojan.Kryptik!8.8 (TFE:2:5DY5QsxCyYN) 20180328
Sophos AV Mal/Generic-S 20180328
Symantec Trojan.Gen.2 20180328
TrendMicro-HouseCall Suspicious_GEN.F47V0327 20180328
ZoneAlarm by Check Point Trojan.Win32.Dovs.mvc 20180328
Alibaba 20180328
ALYac 20180328
Antiy-AVL 20180327
Avast-Mobile 20180327
Avira (no cloud) 20180328
AVware 20180328
CAT-QuickHeal 20180327
ClamAV 20180328
CMC 20180327
Comodo 20180328
Cyren 20180328
DrWeb 20180328
F-Prot 20180328
Ikarus 20180327
Jiangmin 20180328
K7AntiVirus 20180328
K7GW 20180328
Kingsoft 20180328
Microsoft 20180328
NANO-Antivirus 20180328
nProtect 20180328
Panda 20180327
Qihoo-360 20180328
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180328
Symantec Mobile Insight 20180311
Tencent 20180328
TheHacker 20180327
TotalDefense 20180328
TrendMicro 20180328
Trustlook 20180328
VBA32 20180327
VIPRE 20180328
ViRobot 20180328
WhiteArmor 20180324
Yandex 20180327
Zillya 20180327
Zoner 20180327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name vmbuspipe.dll
Internal name vmbuspipe.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description VmBus User Mode Pipe DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-02-03 14:10:11
Entry Point 0x0000529D
Number of sections 7
PE sections
PE imports
JetCloseTable
JetSetColumn
JetInit
JetTerm2
GetFileTime
WriteTapemark
GetTimeZoneInformation
OpenFileById
Module32First
HeapSize
GetCommandLineA
GetCurrentThreadId
GetConsoleHistoryInfo
PrepareTape
CreateIconFromResourceEx
GetUserObjectInformationA
GetThreadDesktop
SetCursor
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.8

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VmBus User Mode Pipe DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
84992

EntryPoint
0x529d

OriginalFileName
vmbuspipe.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
1994:02:03 15:10:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vmbuspipe.dll

ProductVersion
6.1.7601.17514

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b509e8b68728eede46f16a487eabe8bf
SHA1 219991617c88108981fd63423348e1c3bf907da4
SHA256 fac3f5b28a1d84f03581514a775214b8b245d84911055085c3a5d5c845aa3678
ssdeep
1536:4C9hRPWV2gHuAjlllVv991fp8LfrESAbuDFk0Q8YB+yGV6200wxl+HmxvTX1O:4C9LW5HuAlXvVpAbAbge0wBJP/txIHyw

authentihash 7a69fad1a7df19aeb0273c92952f71f291ef27b9964dee6100901043e1a4309f
imphash 2dc8c46214c1cc811deb8ccd14462b54
File size 93.5 KB ( 95744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-27 19:56:40 UTC ( 1 year ago )
Last submission 2018-05-08 03:55:41 UTC ( 11 months, 3 weeks ago )
File names vmbuspipe.dll
76004.exe
24114768.exe
219991617c88108981fd63423348e1c3bf907da4
11069.exe
76080.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!