× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 0b8e58edeabb104c356bcc8c8d9c4a6f0eb9f160cb636e3be91b5962d0298c89
ファイル名: 9SZSco0G.exe
検出率: 13 / 67
分析日時: 2017-12-07 15:42:47 UTC (1 年, 5 ヶ月前) 最新を表示
ウイルス対策ソフト 結果 更新日
AegisLab Bkdr.Hpqakbot.Smd16!c 20171207
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171207
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.8ed221 20171103
Cylance Unsafe 20171207
Endgame malicious (high confidence) 20171130
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171207
Qihoo-360 HEUR/QVM20.1.B013.Malware.Gen 20171207
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171207
TrendMicro BKDR_HPQAKBOT.SMD16 20171207
TrendMicro-HouseCall BKDR_HPQAKBOT.SMD16 20171207
Ad-Aware 20171207
AhnLab-V3 20171207
Alibaba 20171207
ALYac 20171207
Antiy-AVL 20171207
Arcabit 20171207
Avast 20171207
Avast-Mobile 20171207
AVG 20171207
Avira (no cloud) 20171207
AVware 20171207
BitDefender 20171207
Bkav 20171207
CAT-QuickHeal 20171206
ClamAV 20171207
CMC 20171207
Comodo 20171207
Cyren 20171207
DrWeb 20171207
eGambit 20171207
Emsisoft 20171207
ESET-NOD32 20171207
F-Prot 20171207
F-Secure 20171207
Fortinet 20171207
GData 20171207
Ikarus 20171207
Jiangmin 20171207
K7AntiVirus 20171205
K7GW 20171207
Kaspersky 20171207
Kingsoft 20171207
Malwarebytes 20171207
MAX 20171207
McAfee 20171207
McAfee-GW-Edition 20171207
Microsoft 20171207
eScan 20171207
NANO-Antivirus 20171207
nProtect 20171207
Panda 20171207
Rising 20171207
SUPERAntiSpyware 20171207
Symantec 20171207
Symantec Mobile Insight 20171207
Tencent 20171207
TheHacker 20171205
Trustlook 20171207
VBA32 20171207
VIPRE 20171207
ViRobot 20171207
Webroot 20171207
WhiteArmor 20171204
Yandex 20171207
Zillya 20171206
ZoneAlarm by Check Point 20171207
Zoner 20171207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name kbdpo.dll
Internal name kbdpo (3.13)
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Portuguese Keyboard Layout
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-08 12:55:28
Entry Point 0x00001CE0
Number of sections 9
PE sections
PE imports
GetServiceDisplayNameA
SetPixel
CreateDIBitmap
GetPriorityClass
GetModuleHandleA
ExitProcess
CompareStringA
BackupRead
GetModuleFileNameA
GetBinaryTypeA
PathStripToRootW
StrCmpNIA
LoadMenuIndirectA
IsWow64Message
IsDialogMessageW
CopyRect
SetUserObjectInformationA
KillTimer
RegisterWindowMessageA
inet_addr
g_rgSCardRawPci
HPALETTE_UserUnmarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7601.17514

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Portuguese Keyboard Layout

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1ce0

OriginalFileName
kbdpo.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2017:12:08 13:55:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdpo (3.13)

ProductVersion
6.1.7601.17514

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 c217fd984933d8034e2bb048890d6a05
SHA1 df1bc5b8ed22143aa122bef19cb5bdd5cdf4b2ae
SHA256 0b8e58edeabb104c356bcc8c8d9c4a6f0eb9f160cb636e3be91b5962d0298c89
ssdeep
3072:KnYJBAyQrtwg3vXoEhGi8v9ZsVtJd7IRAfw:Uy6yGtt3voEhGjVZsVtJ+R

authentihash c6f23f4c6bb8f1e8a3fc3c8321cc762f0c66ac00f4813e8a2dd92783b65d4022
imphash 645038c4a6d5e5da31844a85a8ecc10f
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-07 14:41:55 UTC (1 年, 5 ヶ月前)
Last submission 2017-12-08 13:20:22 UTC (1 年, 5 ヶ月前)
ファイル名 C217FD984933D8034E2BB048890D6A05.exe
kbdpo (3.13)
VirusShare_c217fd984933d8034e2bb048890d6a05
kbdpo.dll
check.exe
9SZSco0G.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications