× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0001052623df2337bbb9198c63b6553d1255975f6646e11ef23b2690c220502b
File name: isheriff_95beaf0ed2c9ac462aa782012469e33d.bin
Detection ratio: 53 / 66
Analysis date: 2018-06-28 00:26:38 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.157599 20180627
AegisLab Troj.W32.ShipUp.to6E 20180628
AhnLab-V3 Trojan/Win32.Zbot.R58897 20180627
ALYac Gen:Variant.Kazy.157599 20180628
Antiy-AVL Trojan/Win32.ShipUp 20180628
Arcabit Trojan.Kazy.D2679F 20180627
Avast Win32:Injector-BOP [Trj] 20180627
AVG Win32:Injector-BOP [Trj] 20180627
Avira (no cloud) TR/Kazy.157599.5 20180628
AVware Trojan.Win32.Zbot.m (v) 20180627
Baidu Win32.Trojan.Agent.eq 20180627
BitDefender Gen:Variant.Kazy.157599 20180627
CAT-QuickHeal Trojan.Gepys 20180627
Comodo TrojWare.Win32.Kryptik.AYQE 20180628
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180628
Cyren W32/Trojan.AAOD-6719 20180627
DrWeb Trojan.Redirect.140 20180627
Emsisoft Gen:Variant.Kazy.157599 (B) 20180627
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.AXKZ 20180628
F-Secure Gen:Variant.Kazy.157599 20180628
Fortinet W32/Zbot.FG!tr 20180627
GData Gen:Variant.Kazy.157599 20180627
Ikarus Trojan.Win32.ShipUp 20180627
Sophos ML heuristic 20180601
Jiangmin Trojan/ShipUp.kr 20180627
K7AntiVirus Trojan ( 004ca0501 ) 20180627
K7GW Trojan ( 004ca0501 ) 20180627
Kaspersky HEUR:Trojan.Win32.Generic 20180627
MAX malware (ai score=82) 20180628
McAfee PWS-Zbot-FATG!95BEAF0ED2C9 20180627
McAfee-GW-Edition PWS-Zbot-FATG!95BEAF0ED2C9 20180627
Microsoft Trojan:Win32/Gepys.A 20180627
eScan Gen:Variant.Kazy.157599 20180627
NANO-Antivirus Trojan.Win32.ShipUp.bltmxx 20180627
Panda Trj/Hexas.HEU 20180626
Qihoo-360 Win32/Trojan.782 20180628
Rising Malware.Undefined!8.C (CLOUD) 20180627
Sophos AV Troj/Zbot-EKW 20180628
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20180628
Symantec Packed.Generic.459 20180627
TACHYON Trojan/W32.ShipUp.41472.B 20180628
Tencent Win32.Trojan.Generic.Hupq 20180628
TheHacker Trojan/Kryptik.axkz 20180628
TrendMicro TROJ_GEN.R002C0CF418 20180627
TrendMicro-HouseCall TROJ_GEN.R002C0CF418 20180628
VBA32 BScope.Trojan.ShipUp 20180627
VIPRE Trojan.Win32.Zbot.m (v) 20180628
ViRobot Trojan.Win32.Z.Zbot.41472.A 20180627
Webroot W32.Trojan.Gen 20180628
Yandex Trojan.Kryptik!PNZxlRVRaNk 20180627
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180627
Alibaba 20180627
Avast-Mobile 20180627
Babable 20180406
Bkav 20180627
ClamAV 20180627
CMC 20180627
Cybereason 20180225
eGambit 20180628
F-Prot 20180628
Kingsoft 20180628
Palo Alto Networks (Known Signatures) 20180628
SentinelOne (Static ML) 20180618
Symantec Mobile Insight 20180626
TotalDefense 20180628
Trustlook 20180628
Zillya 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-25 09:34:53
Entry Point 0x00006C20
Number of sections 6
PE sections
PE imports
GetLastError
CreateDirectoryA
SystemTimeToFileTime
ReadFile
GetLocaleInfoA
GetFileSize
SetFilePointer
lstrcmpiA
WriteFile
FindFirstFileA
lstrlenA
FindNextFileA
FindClose
CloseHandle
SetEndOfFile
CreateFileA
GetProcAddress
GetDiskFreeSpaceA
VirtualAlloc
LoadLibraryA
GetLocalTime
SetFocus
CharPrevA
GetParent
EndDialog
OffsetRect
ShowWindow
SetWindowPos
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
LoadStringA
SendMessageA
GetDlgItem
CreateDialogParamA
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetDesktopWindow
LoadIconW
SetForegroundWindow
IsDialogMessageA
DestroyWindow
_cexit
_acmdln
_controlfp
exit
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:25 10:34:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20992

LinkerVersion
9.0

FileTypeExtension
dll

InitializedDataSize
19456

SubsystemVersion
5.0

EntryPoint
0x6c20

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 95beaf0ed2c9ac462aa782012469e33d
SHA1 d1e3c1924e277fc1aa7dd25969cc9bed80a75f47
SHA256 0001052623df2337bbb9198c63b6553d1255975f6646e11ef23b2690c220502b
ssdeep
384:HDVMo/LwGrdXlXFAoFV3wR6frmNI2EPnm5Ebwr6ZsMBjM23MCjVqyA:pMotrdXlXFvVgR4mB0wrasM223/Vg

authentihash bbb0adf2fdf111e1f91ff91028b814ea26fc47559d23bfd7f060bfb7c822cf71
imphash 450e5806d5b28e24c78d476f11dbbfdc
File size 40.5 KB ( 41472 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2013-03-25 16:06:39 UTC ( 5 years, 5 months ago )
Last submission 2016-06-05 06:51:59 UTC ( 2 years, 3 months ago )
File names jpzrefd.dll
95beaf0ed2c9ac462aa782012469e33d
isheriff_95beaf0ed2c9ac462aa782012469e33d.bin
hscqbfn.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!