× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aceba8db5676fd88c2ee3c63d99a6ef1a1b54d740ac25c2e6f4195ef08db0cc6
File name: BND2B1.exe
Detection ratio: 25 / 61
Analysis date: 2017-05-26 08:20:02 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.376226 20170526
Arcabit Trojan.Graftor.D5BDA2 20170526
Avast Win32:Malware-gen 20170526
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9900 20170525
BitDefender Gen:Variant.Graftor.376226 20170526
Bkav HW32.Packed.3715 20170525
CrowdStrike Falcon (ML) malicious_confidence_81% (W) 20170420
Cyren W32/Trojan.MWQO-5231 20170526
Emsisoft Gen:Variant.Graftor.376226 (B) 20170526
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Injector.DOWO 20170526
F-Secure Gen:Variant.Graftor.376226 20170526
Fortinet W32/Injector.DOWO!tr 20170526
GData Gen:Variant.Graftor.376226 20170526
Ikarus Trojan.Win32.Injector 20170526
Sophos ML trojandownloader.win32.jongiti.a 20170519
Kaspersky UDS:DangerousObject.Multi.Generic 20170526
McAfee RDN/Generic.grp 20170526
McAfee-GW-Edition Artemis!Trojan 20170525
eScan Gen:Variant.Graftor.376226 20170526
Palo Alto Networks (Known Signatures) generic.ml 20170526
SentinelOne (Static ML) static engine - malicious 20170516
Symantec Suspicious.Cloud.2 20170526
Webroot W32.Trojan.Gen 20170526
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170526
AegisLab 20170526
AhnLab-V3 20170526
Alibaba 20170526
ALYac 20170526
Antiy-AVL 20170526
AVG 20170526
Avira (no cloud) 20170525
AVware 20170526
CAT-QuickHeal 20170525
ClamAV 20170526
CMC 20170525
Comodo 20170526
DrWeb 20170526
F-Prot 20170526
Jiangmin 20170526
K7AntiVirus 20170526
K7GW 20170525
Kingsoft 20170526
Malwarebytes 20170526
Microsoft 20170526
NANO-Antivirus 20170526
nProtect 20170526
Panda 20170525
Qihoo-360 20170526
Rising 20170524
Sophos AV 20170526
SUPERAntiSpyware 20170526
Symantec Mobile Insight 20170526
Tencent 20170526
TheHacker 20170525
TrendMicro 20170526
TrendMicro-HouseCall 20170525
VBA32 20170525
VIPRE 20170526
ViRobot 20170526
WhiteArmor 20170524
Yandex 20170518
Zillya 20170525
Zoner 20170526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Microsoft Corporation. All rights reserved.

Product Windows Software Development Kit for Windows 8.1
Original name sdksetup.exe
Internal name setup
File version 8.100.26936
Description Windows Software Development Kit for Windows 8.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-11 11:54:20
Entry Point 0x0000734C
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
GetStartupInfoA
GetTempPathA
GetDriveTypeW
GlobalAddAtomW
ConnectNamedPipe
GetCPInfo
GetModuleHandleA
GetEnvironmentStringsW
ExitProcess
FlushFileBuffers
VirtualProtect
GetCommandLineA
GetVersion
DeleteVolumeMountPointA
GetLocalTime
EscapeCommFunction
SendDlgItemMessageA
SetDlgItemTextA
SetWindowTextA
LoadStringA
GetTopWindow
GetWindowRect
MoveWindow
GetDesktopWindow
wsprintfA
SetWindowLongA
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.100.26936.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
41984

EntryPoint
0x734c

OriginalFileName
sdksetup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Microsoft Corporation. All rights reserved.

FileVersion
8.100.26936

TimeStamp
2017:01:11 12:54:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
8.100.26936

FileDescription
Windows Software Development Kit for Windows 8.1

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
151040

ProductName
Windows Software Development Kit for Windows 8.1

ProductVersionNumber
8.100.26936.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 af7078278c943d35bd910989865857e5
SHA1 bd60c974ab62e65d98dd322a461f0dcbbb0a30ab
SHA256 aceba8db5676fd88c2ee3c63d99a6ef1a1b54d740ac25c2e6f4195ef08db0cc6
ssdeep
3072:yJ62ConbLBG9MOqqk7xPUjdYgOAQrfzaPFEDYrt5WQhMxT58/oUCwYpNRBVUcam8:yJNCovBc3lVjdYJtfz2FEDXWW58/WUc6

authentihash 9115438c61391f944c5e77582bfc72ae3bbffc700b60c314542ea2b1b25fa4fe
imphash 834dff1adf8af66acec7a3e87469d26f
File size 189.0 KB ( 193536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-25 19:21:25 UTC ( 2 months, 4 weeks ago )
Last submission 2017-05-26 08:20:02 UTC ( 2 months, 4 weeks ago )
File names BN5145.tmp
setup
BNC9D7.tmp.3704.dr
BN4411.tmp
BND2B1.exe
sdksetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications