× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 0eadad49c73e89edd652d796cef026da3e01fbc346ef3e114e786901fac0815b
Bestandsnaam: user.exe.1696.dr
Detectieverhouding: 5 / 57
Datum van analyse: 2016-09-08 12:57:33 UTC (2 jaren, 8 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160908
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Sophos ML generic.a 20160830
K7GW Trojan ( 700001211 ) 20160908
McAfee Suspect-AN!2E0C328AAE6A 20160908
Ad-Aware 20160908
AegisLab 20160908
AhnLab-V3 20160907
Alibaba 20160908
ALYac 20160908
Antiy-AVL 20160908
Arcabit 20160908
Avast 20160908
AVG 20160908
Avira (no cloud) 20160908
AVware 20160908
BitDefender 20160908
Bkav 20160908
CAT-QuickHeal 20160907
ClamAV 20160907
CMC 20160908
Comodo 20160908
Cyren 20160908
DrWeb 20160908
Emsisoft 20160908
ESET-NOD32 20160908
F-Prot 20160908
F-Secure 20160908
Fortinet 20160908
GData 20160908
Ikarus 20160908
Jiangmin 20160908
K7AntiVirus 20160908
Kaspersky 20160908
Kingsoft 20160908
Malwarebytes 20160908
McAfee-GW-Edition 20160908
Microsoft 20160908
eScan 20160908
NANO-Antivirus 20160908
nProtect 20160908
Panda 20160907
Qihoo-360 20160908
Rising 20160908
Sophos AV 20160908
SUPERAntiSpyware 20160908
Symantec 20160908
Tencent 20160908
TheHacker 20160908
TrendMicro 20160908
TrendMicro-HouseCall 20160908
VBA32 20160907
VIPRE 20160908
ViRobot 20160908
Yandex 20160907
Zillya 20160908
Zoner 20160908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SensorsApi.dll
Internal name Sensor API
File version 6.3.9605.17415 (winblue_r4.141028-1500)
Description Sensor API
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2036-06-01 16:15:19
Entry Point 0x0004F400
Number of sections 14
PE sections
PE imports
IsBadHugeReadPtr
GetConsoleCP
LoadLibraryA
FindNextVolumeW
QueueUserAPC
CreateRemoteThread
SetupComm
GetCurrentProcess
GetEnvironmentStrings
CreateActCtxW
Heap32Next
CreateNamedPipeA
GetPrivateProfileIntA
HeapQueryInformation
GetCurrentDirectoryA
IsProcessInJob
RequestWakeupLatency
GetCurrentActCtx
EnumResourceNamesW
FindNextVolumeMountPointA
EnumDateFormatsExA
MoveFileExW
TlsSetValue
DeleteVolumeMountPointW
Module32NextW
FindNextVolumeMountPointW
FreeConsole
GetComputerNameA
lstrcmpA
WriteConsoleOutputW
SetCommTimeouts
LocalFree
HeapLock
RemoveDirectoryA
SearchPathW
AllocateUserPhysicalPages
ResetWriteWatch
VirtualQuery
WriteProfileSectionW
GetPrivateProfileSectionA
GetDefaultCommConfigA
GetWindowLongA
LoadMenuA
wsprintfW
CreateMDIWindowW
vwprintf
realloc
fwscanf
isdigit
strncmp
sin
atan
SetSoftwareUpdateAdvertisementState
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

UninitializedDataSize
8192

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x4f400

OriginalFileName
SensorsApi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.3.9605.17415 (winblue_r4.141028-1500)

TimeStamp
2036:06:01 17:15:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sensor API

ProductVersion
6.3.9605.17415

FileDescription
Sensor API

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
24576

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2e0c328aae6abfb19bf02e0fbc5dea93
SHA1 5567a8357bb19be080c234f4043fb0c741b28ac4
SHA256 0eadad49c73e89edd652d796cef026da3e01fbc346ef3e114e786901fac0815b
ssdeep
1536:gCuOtTPx+SptucDp1Y4Xx0Caa/j8a16M7+HkVPRAmPcRuV56fdEtX+d66IGK:gC7Pu80Xs4aHKHknHPcq6fdCX+hIGK

authentihash 4eade5d30747e2e284770d1f07189ea1553a9a933829fd6139d09571d0398291
imphash 7c06e59f3aaf81b31269695536bb89c1
Bestandsgrootte 332.3 KB ( 340244 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-08 10:18:41 UTC (2 jaren, 8 maanden geleden)
Last submission 2016-12-17 03:38:23 UTC (2 jaren, 5 maanden geleden)
Bestandsnamen Sensor API
SensorsApi.dll
user.exe.1696.dr
user.exe.2152.dr
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests