× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff894f2af1ff0af1bfa2749fc748ac0a2f98d9ac0691e416267bc6a7bc08a13f
File name: 4fb8f6c69418e7a442927a9d5bdbde4e.asc
Detection ratio: 10 / 61
Analysis date: 2017-03-24 13:46:46 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20170324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170323
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Endgame malicious (high confidence) 20170317
Sophos ML trojandownloader.win32.renos.pt 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170324
Palo Alto Networks (Known Signatures) generic.ml 20170324
Symantec Trojan.Gen.8!cloud 20170324
Webroot W32.Trojan.Gen 20170324
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170324
Ad-Aware 20170324
AhnLab-V3 20170324
Alibaba 20170324
ALYac 20170324
Antiy-AVL 20170324
Arcabit 20170324
Avast 20170324
AVG 20170324
Avira (no cloud) 20170324
AVware 20170324
BitDefender 20170324
Bkav 20170324
CAT-QuickHeal 20170324
ClamAV 20170324
CMC 20170324
Comodo 20170324
Cyren 20170324
DrWeb 20170324
Emsisoft 20170324
ESET-NOD32 20170324
F-Prot 20170324
F-Secure 20170324
Fortinet 20170324
GData 20170324
Jiangmin 20170324
K7AntiVirus 20170324
K7GW 20170324
Kingsoft 20170324
Malwarebytes 20170324
McAfee 20170324
McAfee-GW-Edition 20170324
Microsoft 20170324
eScan 20170324
NANO-Antivirus 20170324
nProtect 20170324
Panda 20170324
Qihoo-360 20170324
Rising 20170324
SentinelOne (Static ML) 20170315
Sophos AV 20170324
SUPERAntiSpyware 20170324
Symantec Mobile Insight 20170324
Tencent 20170324
TheHacker 20170321
TotalDefense 20170324
TrendMicro 20170324
TrendMicro-HouseCall 20170324
Trustlook 20170324
VBA32 20170324
VIPRE 20170324
ViRobot 20170324
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
Zoner 20170324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SPINF.DLL
Internal name SPINF.DLL
File version 6.1.7601.16385 (win7_rtm.090713-1255)
Description Windows SPINF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-24 19:20:37
Entry Point 0x00001620
Number of sections 10
PE sections
PE imports
DeregisterEventSource
SetServiceBits
GetUserNameW
DestroyPropertySheetPage
JetUpdate
FrameRgn
CreatePalette
LPtoDP
DeviceIoControl
GetModuleHandleA
ConvertDefaultLocale
FreeConsole
GetCommandLineA
GetProcAddress
CreateStdDispatch
RasGetEntryDialParamsW
RpcFreeAuthorizationContext
ExtractAssociatedIconA
PathIsFileSpecA
StrRChrIA
StrRStrIA
IsCharAlphaA
GetUrlCacheEntryInfoA
SetPortW
MonikerCommonPrefixWith
CoTestCancel
CoCreateFreeThreadedMarshaler
CoInternetCreateSecurityManager
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0x1620

OriginalFileName
SPINF.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.16385 (win7_rtm.090713-1255)

TimeStamp
2017:03:24 20:20:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPINF.DLL

ProductVersion
6.1.7601.16385

FileDescription
Windows SPINF

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4fb8f6c69418e7a442927a9d5bdbde4e
SHA1 1b99bedc30e5835e62c5dfa430cf6d724570c08e
SHA256 ff894f2af1ff0af1bfa2749fc748ac0a2f98d9ac0691e416267bc6a7bc08a13f
ssdeep
1536:RjGzZwgxVEz9XA/JLSYz5ur8JBIeIko3ucY/i92bO0ecXT9hwmThzXyWugQjNeyC:xz4e992Teg/waLZziFv/

authentihash 3cdd32e5203a4f0f6bb72d6addb555f7a85244b0241e9f63d6dd52640bc26f28
imphash be33503b5e3851e9b3e331fdba96f1e7
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-24 11:30:44 UTC ( 1 year, 12 months ago )
Last submission 2017-04-26 16:31:46 UTC ( 1 year, 11 months ago )
File names memasik.exe
4fb8f6c69418e7a442927a9d5bdbde4e.asc
memasik.exe
memasik.exe
SPINF.DLL
public.asc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications