home

D3DPROPB.exe

D3DPROPB

Microsoft

Publisher:
Microsoft

Product:
D3DPROPB

Version:
1.0.0.0

MD5:
df747a903487a0eb9fe0ffb234494cf4

SHA-1:
7b04be7dfd0d0acb36a0d65e057875fdaef87730

SHA-256:
a545272c9f9f106b90e9505178051f8ef0885dfcfb185cb7139218c0f924f44b

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/16/2024 9:57:00 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/PSW.Agent.NPP trojan
7.0.302.0

File size:
32 KB (32,768 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2016

Original file name:
D3DPROPB.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\d3dpropb.exe

File PE Metadata
Compilation timestamp:
1/17/2016 9:16:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:JfkI3oEskGyR0L9rf5AD6IgbVCl5ssfnyLk24jXPlYrv6a3XECXQ2Ecc8qihVIGy:mU7K5m5bDnu2XP2i2Ecc8qihVIGRLA

Entry address:
0x8A1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3584

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

The file D3DPROPB.exe has been seen being distributed by the following 5 URLs.

http://download1291.mediafire.com/q9ebup3p45rg/.../D3DPROPB.exe

http://download1291.mediafire.com/7du7ydpeji7g/.../D3DPROPB.exe

http://download1291.mediafire.com/smcrdnrdz41g/.../D3DPROPB.exe

http://download1291.mediafire.com/ku3paxg0rk8g/.../D3DPROPB.exe

http://download1291.mediafire.com/tbv6l3eemphg/.../D3DPROPB.exe

Scan D3DPROPB.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.