× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 327b36c8718224e596a033275166b4342840ed6901bcda280fb02f1566b8ad91
Dateiname: api-mt-win-core-sysinfo-l1-1-0.dll
Erkennungsrate: 34 / 55
Analyse-Datum: 2016-02-24 16:08:55 UTC ( vor 2 Jahre, 9 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Application.Agent.MQ 20160224
AegisLab Troj.W32.Gen!c 20160224
Yandex Trojan.FireHooker! 20160221
Arcabit Application.Agent.MQ 20160224
Avast Win32:Rootkit-gen [Rtk] 20160224
AVG Atros2.CCYK 20160224
Avira (no cloud) TR/FireHooker.1825 20160224
AVware Trojan.Win32.Generic!BT 20160224
Baidu-International Trojan.Win32.FireHooker.a 20160224
BitDefender Application.Agent.MQ 20160224
CAT-QuickHeal Trojan.FireHooker.r5 20160224
Comodo UnclassifiedMalware 20160224
Cyren W32/Application.OIEN-2074 20160224
ESET-NOD32 Win32/FireHooker.A 20160224
Fortinet W32/FireHooker.A!tr 20160224
GData Application.Agent.MQ 20160224
Ikarus Trojan.Win32.FireHooker 20160224
Jiangmin Trojan.FireHooker.a 20160224
K7AntiVirus Riskware ( 0040eff71 ) 20160224
K7GW Riskware ( 0040eff71 ) 20160224
Kaspersky Trojan.Win32.FireHooker.a 20160224
Malwarebytes Trojan.Agent.WSB 20160224
McAfee RDN/Generic.dx 20160224
McAfee-GW-Edition RDN/Generic.dx 20160224
eScan Application.Agent.MQ 20160224
NANO-Antivirus Trojan.Win32.ATRAPS.eacnyb 20160224
Sophos AV Troj/Spy-AGC 20160224
Symantec Trojan.Gen 20160224
Tencent Win32.Trojan.Firehooker.Lnyp 20160224
TrendMicro TROJ_FIREHOOKER.A 20160224
TrendMicro-HouseCall TROJ_FIREHOOKER.A 20160224
VBA32 Trojan.FireHooker 20160224
VIPRE Trojan.Win32.Generic!BT 20160224
Zillya Downloader.Nemucod.Win32.176 20160223
AhnLab-V3 20160224
Alibaba 20160224
ALYac 20160224
Antiy-AVL 20160224
Bkav 20160224
ByteHero 20160224
ClamAV 20160224
CMC 20160223
DrWeb 20160224
Emsisoft 20160224
F-Prot 20160224
F-Secure 20160224
Microsoft 20160224
nProtect 20160224
Panda 20160223
Qihoo-360 20160224
Rising 20160224
SUPERAntiSpyware 20160224
TheHacker 20160222
ViRobot 20160224
Zoner 20160224
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-15 05:33:33
Entry Point 0x00001476
Number of sections 5
PE sections
PE imports
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptHashData
CryptDestroyHash
CryptCreateHash
VirtualProtect
LoadLibraryA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
StrStrIA
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:07:15 06:33:33+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x1476

InitializedDataSize
2560

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 39fb495b34e37f7543ca978f89c2bc85
SHA1 d45985a4a3152cad455e60ddcd0b5b84ef51ba17
SHA256 327b36c8718224e596a033275166b4342840ed6901bcda280fb02f1566b8ad91
ssdeep
48:ScBImKctBzOzDCXqAX5BSVMT179Tx1hOWqCRuqSjMb:VfT/zOzDaq5VMTR1hOhSx3

authentihash 8f304a4dc8d8a6c20131a290f5d536742d60783ad65e8a4d2c643801f404b9ab
imphash 6d71e0ad7201a9152891292a43ad4303
File size 5.0 KB ( 5120 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-08-15 13:01:33 UTC ( vor 3 Jahre, 3 Monate )
Last submission 2018-05-11 23:57:01 UTC ( vor 7 Monate )
Dateinamen d3d932.dll
uDWM32.dll
msvcp210_clr0400.dll
api-mt-win-core-sysinfo-l1-1-0.dll
fltLib32.dll.xBAD
dxtmsftd.dll
es32.dll
scanseuting.dll
srwmi32.dll
mswebdwd.dll
sppc32.dll
NcaApi32.dll
KBDUKX32.DLL
Wpc32.dll
rasmansd.dll
wshnetbt.dll
netbiosd.dll
apqd3b3.tmp
NlsData1022.dll
iptecsnp.dll
mdmsegistration.dll
UIHub32.dll
stcljent.dll
nsisvc32.dll
drmv2clu.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0EKU15.

Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!