× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: feccf5c2224b5441d56da844dc6314cd4e7cbd1f4a445230247befadf08ec597
File name: uLSLF9.exe_
Detection ratio: 22 / 65
Analysis date: 2017-09-21 13:18:27 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Refinka!c 20170921
Avast FileRepMalware 20170921
AVG FileRepMalware 20170921
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170921
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170921
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRSX 20170921
Fortinet W32/Kryptik.FWIA!tr 20170921
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.cdc 20170921
McAfee Artemis!8FED44D9BF08 20170921
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170921
Palo Alto Networks (Known Signatures) generic.ml 20170921
Qihoo-360 HEUR/QVM20.1.FE87.Malware.Gen 20170921
Rising Trojan.Injector!8.C4 (CLOUD) 20170921
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170921
Tencent Suspicious.Heuristic.Gen.b.0 20170921
TrendMicro-HouseCall TROJ_GEN.R020H0DIK17 20170921
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point Trojan.Win32.Refinka.cdc 20170921
Ad-Aware 20170921
AhnLab-V3 20170921
Alibaba 20170911
ALYac 20170921
Antiy-AVL 20170921
Arcabit 20170921
Avast-Mobile 20170921
Avira (no cloud) 20170921
AVware 20170921
BitDefender 20170921
CAT-QuickHeal 20170921
ClamAV 20170921
CMC 20170920
Comodo 20170921
Cyren 20170921
DrWeb 20170921
Emsisoft 20170921
F-Prot 20170921
F-Secure 20170921
GData 20170921
Ikarus 20170921
Jiangmin 20170921
K7AntiVirus 20170921
K7GW 20170921
Kingsoft 20170921
Malwarebytes 20170921
MAX 20170921
Microsoft 20170921
eScan 20170921
NANO-Antivirus 20170921
nProtect 20170921
Panda 20170921
Sophos AV 20170921
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170921
TheHacker 20170916
TotalDefense 20170921
TrendMicro 20170921
Trustlook 20170921
VBA32 20170921
VIPRE 20170921
ViRobot 20170921
Webroot 20170921
Yandex 20170908
Zillya 20170921
Zoner 20170921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name mobsync.exe
Internal name mobsync.exe
File version 6.1.7601.17514 (win7sp1_rtm.101119-1
Description Mi
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-18 12:05:52
Entry Point 0x00002000
Number of sections 7
PE sections
PE imports
LogonUserExW
GetDeviceCaps
ExcludeClipRect
AddFontResourceA
GetWindowExtEx
GetTextMetricsA
GetMetaFileA
GetCharWidthA
GetFontLanguageInfo
DeleteObject
GetRasterizerCaps
GetUserDefaultUILanguage
AreFileApisANSI
GetLastError
FreeLibrary
ExitProcess
LoadLibraryA
GetVolumePathNamesForVolumeNameW
Module32FirstW
LocalAlloc
GetConsoleTitleW
GetProcAddress
RaiseException
LockFileEx
InterlockedExchange
GetComputerNameExW
GetStringTypeExA
LocalFree
FormatMessageW
GetProcessAffinityMask
IsValidCodePage
FindFirstVolumeMountPointW
EnumSystemGeoID
DeleteTimerQueueEx
GetFileSize
GetUserNameExW
DeleteMonitorA
GetPrintProcessorDirectoryW
_time64
system
MkParseDisplayNameEx
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x2000

OriginalFileName
mobsync.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1

TimeStamp
2017:09:18 13:05:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mobsync.exe

ProductVersion
6.1.7601.1751

FileDescription
Mi

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
10240

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8fed44d9bf082b1907b01c2cade343d5
SHA1 20434e3556f1660dc052459318ce7850b9796819
SHA256 feccf5c2224b5441d56da844dc6314cd4e7cbd1f4a445230247befadf08ec597
ssdeep
3072:IvFe5CJD0c9vmp+/5ckMwb7RrSWnnjoa78Dm99SfgsZmkUj:I85q7vmp4Mwb7s07KfY

authentihash acd24dc176a9ae84c15d0aa84164492500525d979ee36195dd9c0ff93162c88f
imphash 7c578266117734a5ce19941f1b164ef9
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 10:07:05 UTC ( 1 year, 5 months ago )
Last submission 2018-05-21 21:00:52 UTC ( 9 months ago )
File names 8fed44d9bf082b1907b01c2cade343d5.vir
mobsync.exe
feccf5c2224b5441d56da844dc6314cd4e7cbd1f4a445230247befadf08ec597
uLSLF9.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications