Upload files

By using Saferwall you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more

Summary
Like

Analyse score

2/ 13

2 antivirus venders flagged
this file as malicious

Signature

Signed file, invalid signature

Last scanned

First submission

File type

dll

dll

Basic properties

CRC32

0x19d1cb32

MD5

dd17351326170f652ec8c059cd9f85d5

Magic

PE32+ executable (native) x86-64, for MS Windows

SHA1

c9e08548ed9ce8e3b1a155fce14327f26dc796f9

SHA256

0ea3b04db70cdab8406134c3fc93e63545683a98c17acf811299824f5b5e7559

SHA512

6cfe9f9e648a2fffd15f49b1234de699cc8396a4b7c63592f8608f75c60c10d0ad430e15ad210d321be2bbb751c8764575d15d739965477f3d86ce33e3860d1d

SSDeep

768:ZkCOeX2Yg5KY6VgQqdzfVJdf/aEB2zBdZp0IfKg589z1hE/:nzn68BaIfR/

Size

44.15KB

TLSH

16134a42c7551cc6eebbce3965e89627ff30b8468730c2eb1215c0159f62be2a978356

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(2008 SP1)[-]
  • PE+(64): linker: Microsoft Linker(9.0)[Driver64,signed]
TrID
  • 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 11.0% (.ICL) Windows Icons Library (generic) (2059/9)
  • 10.9% (.EXE) OS/2 Executable (generic) (2029/13)
  • 10.7% (.EXE) Generic Win/DOS Executable (2002/3)
  • 10.7% (.EXE) DOS Executable Generic (2000/1)
Tags

ExifTool File Metadata

CharacterSet

Windows, Latin1

CodeSize

21.00KB

CompanyName

wj32

EntryPoint

0x9064

ExifToolVersionNumber

12.96

FileDescription

KProcessHacker

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Win32

FileSize

45 kB

FileSubtype

7

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

3.0

FileVersionNumber

3.0.0.0

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

6.1

InitializedDataSize

5.50KB

LanguageCode

English (U.S.)

LegalCopyright

Licensed under the GNU GPL, v3.

LinkerVersion

9.0

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Driver

OriginalFileName

kprocesshacker.sys

OsVersion

6.1

PeType

PE32+

ProductName

KProcessHacker

ProductVersion

3.0

ProductVersionNumber

3.0.0.0

Subsystem

Native

SubsystemVersion

6.1

UninitializedDataSize

0

Submissions

Published Name Source Country
0ea3b04db70cdab8406134c3fc93e63545683a98c17acf811299824f5b5e7559 web
N/A