× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 4580a67b6eedcf233f9c74723635d89f29ccf1cc58fe0c12ef0b8aa80e38aa73
Dateiname: dwmLzY.342
Erkennungsrate: 29 / 56
Analyse-Datum: 2016-11-30 16:18:44 UTC ( vor 2 Jahre, 5 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware Trojan.GenericKD.3792457 20161130
AegisLab Uds.Dangerousobject.Multi!c 20161130
Arcabit Trojan.Generic.D39DE49 20161130
Avast Win32:Malware-gen 20161130
AVG Ransom_r.AXC 20161130
Avira (no cloud) TR/AD.Locky.iywjd 20161130
BitDefender Trojan.GenericKD.3792457 20161130
Bkav W32.eHeur.Malware03 20161130
CAT-QuickHeal TrojanRansom.Locky 20161130
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Encoder.7186 20161130
Emsisoft Trojan.GenericKD.3792457 (B) 20161130
ESET-NOD32 Win32/Filecoder.Locky.D 20161130
F-Secure Trojan.GenericKD.3792457 20161130
GData Trojan.GenericKD.3792457 20161130
Ikarus Trojan-Ransom.Locky 20161130
K7AntiVirus Riskware ( 0040eff71 ) 20161130
K7GW Riskware ( 0040eff71 ) 20161130
Kaspersky Trojan-Ransom.Win32.Locky.wlp 20161130
Malwarebytes Ransom.Locky 20161130
McAfee Artemis!C7B49AE21E22 20161130
McAfee-GW-Edition Artemis!Trojan 20161130
Microsoft Ransom:Win32/Locky 20161130
eScan Trojan.GenericKD.3792457 20161130
Qihoo-360 Win32/Trojan.Ransom.e61 20161130
Rising Trojan.Ransom-Locky!8.4655-coCBSbOfps (cloud) 20161130
Sophos AV Mal/RansomDl-C 20161130
Symantec Ransom.Locky 20161130
VBA32 SScope.Malware-Cryptor.Filecoder 20161130
AhnLab-V3 20161130
Alibaba 20161130
ALYac 20161130
Antiy-AVL 20161130
AVware 20161130
Baidu 20161130
ClamAV 20161130
CMC 20161130
Comodo 20161130
Cyren 20161130
F-Prot 20161130
Fortinet 20161130
Sophos ML 20161128
Jiangmin 20161130
Kingsoft 20161130
NANO-Antivirus 20161130
nProtect 20161130
Panda 20161130
SUPERAntiSpyware 20161130
Tencent 20161130
TheHacker 20161130
TrendMicro 20161130
TrendMicro-HouseCall 20161130
Trustlook 20161130
VIPRE 20161130
ViRobot 20161130
WhiteArmor 20161125
Yandex 20161128
Zillya 20161130
Zoner 20161130
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-29 19:16:31
Entry Point 0x00001FA0
Number of sections 5
PE sections
PE imports
LoadLibraryA
VirtualAlloc
GetProcAddress
malloc
_adjust_fdiv
free
_onexit
__dllonexit
_initterm
memcpy
Ord(142)
PE exports
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:29 20:16:31+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
28672

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x1fa0

InitializedDataSize
176128

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c7b49ae21e22eab80c938e4a74d1bea6
SHA1 4a573351cf0dfe6f27ef3f2ad46547907974596f
SHA256 4580a67b6eedcf233f9c74723635d89f29ccf1cc58fe0c12ef0b8aa80e38aa73
ssdeep
3072:xoQAeYr6GYbh6dQLfl5ZUplMI3+5oJTlGtMG7JC/0eOAfONJIXItuVDadDBymHti:ZAzyh6GLfl7UpCy+GJC+QAc+Kb9

authentihash 301b5d5c035028b9aaa3b4a80cc970d9ee4130aacf3e0c024e5ead77506d6b5a
imphash f98c9199608bd8c29468ae6094396e95
File size 200.0 KB ( 204800 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-30 04:00:06 UTC ( vor 2 Jahre, 5 Monate )
Last submission 2017-08-04 01:30:29 UTC ( vor 1 Jahr, 9 Monate )
Dateinamen vADyznyRs.342
lVeckQArv.342
A.exe
dwmLzY.342
ulDCzqXCi.342
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!