× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fddc94d1aea2d144a849ccbba87b8f1ecf2da5912d9ebab6c06e74fcf978a92a
File name: 2489856.exe
Detection ratio: 8 / 55
Analysis date: 2016-01-12 18:18:04 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
DrWeb Trojan.Dridex.288 20160112
ESET-NOD32 a variant of Win32/Kryptik.EKIA 20160112
Kaspersky Trojan.Win32.Yakes.onhu 20160112
McAfee Artemis!4BBCB3806FF5 20160112
McAfee-GW-Edition BehavesLike.Win32.BadFile.dt 20160112
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160112
TrendMicro TSPY_DRIDEX.SQI 20160112
TrendMicro-HouseCall TSPY_DRIDEX.SQI 20160112
Ad-Aware 20160112
AegisLab 20160112
Yandex 20160111
AhnLab-V3 20160112
Alibaba 20160112
ALYac 20160112
Antiy-AVL 20160112
Arcabit 20160112
Avast 20160112
AVG 20160112
Avira (no cloud) 20160112
AVware 20160111
Baidu-International 20160112
BitDefender 20160112
Bkav 20160112
ByteHero 20160112
CAT-QuickHeal 20160111
ClamAV 20160112
CMC 20160111
Comodo 20160112
Cyren 20160112
Emsisoft 20160112
F-Prot 20160111
F-Secure 20160112
Fortinet 20160111
GData 20160112
Ikarus 20160112
Jiangmin 20160112
K7AntiVirus 20160112
K7GW 20160112
Malwarebytes 20160112
Microsoft 20160112
eScan 20160112
NANO-Antivirus 20160112
nProtect 20160112
Panda 20160112
Rising 20160112
Sophos AV 20160112
SUPERAntiSpyware 20160112
Symantec 20160111
Tencent 20160112
TheHacker 20160107
VBA32 20160112
VIPRE 20160112
ViRobot 20160112
Zillya 20160112
Zoner 20160112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name WIASERVC.DLL
Internal name WIASERVC
File version 5.1.2600.5512 (xpsp.080413-0852)
Description Служба устройств обработки неподвижных изображений
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-11 22:49:02
Entry Point 0x0000105A
Number of sections 15
PE sections
PE imports
ClusterResourceTypeCloseEnum
CreateToolhelp32Snapshot
GetLastError
ReplaceFileA
lstrcmpiA
GetProfileStringW
FreeLibrary
GetPrivateProfileSectionNamesW
GetCommMask
LoadLibraryA
VerifyVersionInfoW
RaiseException
GetCurrentConsoleFont
LocalAlloc
GetCurrentActCtx
GetProcAddress
AddAtomW
CancelIo
GetCommModemStatus
ReadConsoleW
InterlockedExchange
FreeConsole
GetFullPathNameA
SetThreadContext
LocalFree
DebugActiveProcess
IsBadStringPtrA
GetPrivateProfileSectionA
ExtractIconExA
MessageBoxA
GetThreadDesktop
wsprintfW
cos
fwrite
remove
iscntrl
isprint
strspn
vsprintf
Number of PE resources by type
RT_ICON 8
RT_DIALOG 5
RT_GROUP_ICON 3
RT_MESSAGETABLE 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 20
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
131072

EntryPoint
0x105a

OriginalFileName
WIASERVC.DLL

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2016:01:11 23:49:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WIASERVC

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
110592

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4bbcb3806ff586393f9b43d1cd3be6a3
SHA1 480def11949c915157d96053e57c64862aaf3c1e
SHA256 fddc94d1aea2d144a849ccbba87b8f1ecf2da5912d9ebab6c06e74fcf978a92a
ssdeep
3072:llk3B3rCpa4FPRxILNrEfQLJEqr9wKthbS:lliMa2YpEfQL6qJtJ

authentihash ad35a9d9aaa5d16d3f08481ba90c3704240f01336ae11288d96451101fae8503
imphash 848978e3ca8ebbc9b4df9981eab7f916
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-12 08:20:09 UTC ( 3 years, 1 month ago )
Last submission 2017-01-16 15:08:50 UTC ( 2 years, 1 month ago )
File names 1442830.exe
2260341.exe
WIASERVC.DLL
wpl.jpg.XOR.63
2005317.exe
1351553.exe
1442830.exe
656628.exe
1442830.exe
WIASERVC
4BBCB3806FF586393F9B43D1CD3BE6A3.exe
1525250.exe
2489856.exe
1052755.exe
253076.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications