» {21bbd1a0-176d-423d-9c12-f382eade06b2}
Overview
Analysis
File Details

{21bbd1a0-176d-423d-9c12-f382eade06b2}

Port Optimizer for Terminal Server

HON HAI PRECISION INDUSTRY CO. LTD.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file {21bbd1a0-176d-423d-9c12-f382eade06b2}, “Port Optimizer for Terminal Server” has been detected as malware by 36 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation (signed by HON HAI PRECISION INDUSTRY CO. LTD.)

Product:

Microsoft® Windows® Operating System

Description:

Port Optimizer for Terminal Server

Version:

6.1.7601 built by: WinDDK

MD5:

92e724291056a5e30eca038ee637a23f

SHA-1:

478c076749bef74eaf9bed4af917aee228620b23

SHA-256:

bc4ae56434b45818f57724f4cd19354a13e5964fd097d1933a30e2e31c9bdfa5

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

5/7/2024 9:54:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14722087

508

Agnitum Outpost

Trojan.Duqu2

7.1.1

AhnLab V3 Security

Trojan/Win64.Duqu

2015.06.30

Avira AntiVirus

TR/Duqu.268

8.3.1.6

Arcabit

Trojan.Generic.DE0A427

1.0.0.425

avast!

Win32:Duqu-S [Trj]

2014.9-150914

AVG

Generic_r

2016.0.2986

Baidu Antivirus

Trojan.Win64.Duqu

4.0.3.15914

Bitdefender

Trojan.Generic.14722087

1.0.20.1285

Comodo Security

TrojWare.Win64.Duqu.CERT

22630

Dr.Web

Trojan.Duqu.5

9.0.1.0257

Emsisoft Anti-Malware

Trojan.Win32.Duqu

8.15.09.14.03

ESET NOD32

Win64/Duqu.AC (variant)

9.11866

Fortinet FortiGate

W64/Duqu.AC!tr

9/14/2015

F-Secure

Trojan.Generic.14722087

11.2015-14-09_2

G Data

Trojan.Generic.14722087

15.9.25

IKARUS anti.virus

Trojan.Win32.Duqu2

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16409

Kaspersky

HEUR:Trojan.Win32.Duqu2

14.0.0.1427

Malwarebytes

Trojan.Duqu

v2015.09.14.03

McAfee

PWS-Duqu.b

5600.6642

Microsoft Security Essentials

Trojan:Win32/Duqu2.I!dha

1.1.11804.0

MicroWorld eScan

Trojan.Generic.14722087

16.0.0.771

NANO AntiVirus

Trojan.Win64.Duqu2.dtaxgj

0.30.24.2266

nProtect

Trojan/W64.Duqu2.27448

15.06.30.01

Panda Antivirus

Trj/Chgt.O

15.09.14.03

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

Trojan.Duqu.r6

9.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.18C1D4CE!415356110

23.00.65.15912

Sophos

Troj/Duqu-K

4.98

Trend Micro House Call

TROJ64_DUQU.MS

7.2.257

Trend Micro

TROJ64_DUQU.MS

10.465.14

Vba32 AntiVirus

Trojan.Duqu2

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

41586

ViRobot

Trojan.Win64.S.Duqu.27448[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Duqu.Win32.22

2.0.0.2258

File size:

26.8 KB (27,448 bytes)

Product version:

6.1.7601

Original file name:

termport.sys

Digital Signature

Signed by:

HON HAI PRECISION INDUSTRY CO. LTD.

Authority:

VeriSign, Inc.

Valid from:

8/25/2012 3:00:00 AM

Valid to:

8/26/2015 2:59:59 AM

Subject:

CN=HON HAI PRECISION INDUSTRY CO. LTD., OU=PCEG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=HON HAI PRECISION INDUSTRY CO. LTD., L=TU-CHENG, S=TAIWAN, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

256541E204619033F8B09F9EB7C88EF8

File PE Metadata

Compilation timestamp:

7/23/2004 6:14:28 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:jaJB7eGNRlY9uqxVUttxgjnvHiPzxkBIMl0m13gZ91UWIbWwnYPLQa6jVBtTeMrD:j87jg31QZ98/ym9/

Entry address:

0x7324

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, C6, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 50, 00, 6F, 00, 72, 00, 74, 00, 4F, 00, 70, 00, 74, 00, 69, 00, 6D, 00, 69, 00, 7A, 00, 65, 00, 72, 00, 54, 00, 65, 00, 72, 00, 6D, 00, 53, 00, 72, 00, 76, 00, 00, 00, CC, CC, 28, 75, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 76, 00, 00, 70, 41, 00, 00, B8, 73, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 7A, 00, 00, 00, 40, 00, 00... 
[+]

Code size:

14 KB (14,336 bytes)

Remove {21bbd1a0-176d-423d-9c12-f382eade06b2} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.