× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb1fa603bccad9ca8a48737f0d6e630ec5496a2a645d6c986de8c2dfdb9ce5d6
File name: pub.exe
Detection ratio: 9 / 69
Analysis date: 2018-11-29 11:38:16 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20181129
AVG FileRepMetagen [Malware] 20181129
Bkav HW32.Packed. 20181129
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Fortinet W32/Injector.ABG!tr 20181129
Sophos ML heuristic 20181128
Microsoft Program:Win32/Unwaders.C!ml 20181129
Trapmine suspicious.low.ml.score 20181128
Webroot W32.Trojan.Gen 20181129
Ad-Aware 20181129
AegisLab 20181129
AhnLab-V3 20181129
Alibaba 20180921
ALYac 20181129
Antiy-AVL 20181128
Arcabit 20181129
Avast-Mobile 20181129
Avira (no cloud) 20181129
Babable 20180918
Baidu 20181129
BitDefender 20181129
CAT-QuickHeal 20181129
ClamAV 20181129
CMC 20181129
Comodo 20181129
Cybereason 20180225
Cylance 20181129
Cyren 20181129
DrWeb 20181129
eGambit 20181129
Emsisoft 20181129
Endgame 20181108
ESET-NOD32 20181129
F-Prot 20181129
F-Secure 20181129
GData 20181129
Ikarus 20181129
Jiangmin 20181129
K7AntiVirus 20181129
K7GW 20181129
Kaspersky 20181129
Kingsoft 20181129
Malwarebytes 20181129
MAX 20181129
McAfee 20181129
McAfee-GW-Edition 20181129
eScan 20181129
NANO-Antivirus 20181129
Palo Alto Networks (Known Signatures) 20181129
Panda 20181128
Qihoo-360 20181129
Rising 20181129
SentinelOne (Static ML) 20181011
Sophos AV 20181129
SUPERAntiSpyware 20181128
Symantec 20181129
Symantec Mobile Insight 20181121
TACHYON 20181129
Tencent 20181129
TheHacker 20181126
TotalDefense 20181129
TrendMicro 20181129
TrendMicro-HouseCall 20181129
Trustlook 20181129
VBA32 20181129
ViRobot 20181129
Yandex 20181128
Zillya 20181128
ZoneAlarm by Check Point 20181129
Zoner 20181129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows (R) Win 7 DDK driver
Original name dxcpl.exe
Internal name dxcpl.exe
File version 6.3.9600.16384
Description Microsoft (R) DirectX Control Panel
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-25 00:55:54
Entry Point 0x0000310F
Number of sections 5
PE sections
Overlays
MD5 ec95e4187ad2411582f229f09f2476b7
File type font/x-snf
Offset 133632
Size 171081
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 18
RT_DIALOG 3
RT_STRING 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 20
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
247296

ImageVersion
6.0

ProductName
Windows (R) Win 7 DDK driver

FileVersionNumber
6.3.9600.16384

UninitializedDataSize
1024

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
dxcpl.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.3.9600.16384

TimeStamp
2016:07:25 01:55:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dxcpl.exe

ProductVersion
6.3.9600.16384

FileDescription
Microsoft (R) DirectX Control Panel

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Windows (R) Win 7 DDK provider

CodeSize
24576

FileSubtype
0

ProductVersionNumber
6.3.9600.16384

EntryPoint
0x310f

ObjectFileType
Executable application

File identification
MD5 6f9f5082bd4bdc1ee12cabc8facda6a0
SHA1 4818bd85d7102497d38719bb5f8101d1f97e0031
SHA256 fb1fa603bccad9ca8a48737f0d6e630ec5496a2a645d6c986de8c2dfdb9ce5d6
ssdeep
6144:Gz20t19kRc1ndrlNgSpf464djjl7gthA5:qt19dr/O6ejjlMthO

authentihash bc52f203ab1b8664d26885a631b1004ba6ee5bc0d12f9bd261c634870ea93ec2
imphash b78ecf47c0a3e24a6f4af114e2d1f5de
File size 297.6 KB ( 304713 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-11-29 11:38:16 UTC ( 5 months, 3 weeks ago )
Last submission 2019-01-22 04:24:50 UTC ( 4 months ago )
File names pub.exe
dxcpl.exe
dxcpl.exe
pub.exe
6f9f5082bd4bdc1ee12cabc8facda6a0
6f9f5082bd4bdc1ee12cabc8facda6a0
a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs