× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0080d3240bf986192c7d00c8c1f3af0be6ffab350949b9ad3a2bf44ae7e343e2
File name: jwgkvsq.bin
Detection ratio: 56 / 64
Analysis date: 2018-01-19 05:01:05 UTC ( 14 hours, 26 minutes ago )
Antivirus Result Update
Ad-Aware Worm.Generic.47221 20180119
AegisLab W32.W.Kido.ih!c 20180119
AhnLab-V3 Worm/Win32.Conficker.R1330 20180119
ALYac Worm.Generic.47221 20180119
Antiy-AVL Worm[Net]/Win32.Kido 20180119
Arcabit Worm.Generic.DB875 20180119
Avast Win32:Evo-gen [Susp] 20180119
AVG Win32:Evo-gen [Susp] 20180119
Avira (no cloud) TR/Dropper.Gen 20180119
AVware Worm.Win32.Downad.Gen (v) 20180119
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20180118
BitDefender Worm.Generic.47221 20180119
Bkav W32.ConfickerMT01E.Worm 20180119
CAT-QuickHeal Worm.Conficker.Gen 20180118
ClamAV Win.Dropper.Agent-35454 20180118
CMC Net-Worm.Win32.Conficker.1!O 20180116
Comodo NetWorm.Win32.Kido.A 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180119
Cyren W32/Conficker!Generic 20180119
DrWeb Win32.HLLW.Shadow.based 20180119
eGambit Unsafe.AI_Score_98% 20180119
Emsisoft Worm.Generic.47221 (B) 20180119
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 a variant of Win32/Conficker.X 20180119
F-Prot W32/Conficker!Generic 20180119
GData Win32.Worm.Downadup.A@gen 20180119
Sophos ML heuristic 20170914
Jiangmin Worm/Kido.fb 20180119
K7AntiVirus Trojan ( 00394c0e1 ) 20180118
K7GW Trojan ( 00394c0e1 ) 20180118
Kaspersky Net-Worm.Win32.Kido.ih 20180119
McAfee Artemis!137F3E5C07A9 20180119
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20180118
Microsoft Worm:Win32/Conficker.C 20180119
eScan Worm.Generic.47221 20180119
NANO-Antivirus Trojan.Win32.Kido.cvqaba 20180119
nProtect Worm/W32.Kido.161475 20180119
Panda Trj/Genetic.gen 20180118
Qihoo-360 Malware.Radar01.Gen 20180119
Rising Worm.Conficker!8.278 (TFE:5:G2NZ0PVZYoR) 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Conficker-A 20180119
SUPERAntiSpyware Trojan.Conficker/Variant 20180119
Symantec W32.Downadup.B 20180118
Tencent Win32.Worm-net.Kido.Dwtr 20180119
TheHacker W32/Kido.ih 20180115
TotalDefense Win32/Conficker.B 20180118
TrendMicro WORM_DOWNAD.AD 20180119
TrendMicro-HouseCall WORM_DOWNAD.AD 20180119
VBA32 Worm.Win32.kido.106 20180118
VIPRE Worm.Win32.Downad.Gen (v) 20180119
ViRobot Worm.Win32.Conficker.161475 20180119
Webroot W32.Worm.Conficker.Gen 20180119
Yandex Trojan.Conficker.Gen!Pac 20180112
ZoneAlarm by Check Point Net-Worm.Win32.Kido.ih 20180119
Alibaba 20180118
Avast-Mobile 20180118
Cybereason 20171103
Fortinet 20180119
Kingsoft 20180119
Malwarebytes 20180118
MAX 20180119
Palo Alto Networks (Known Signatures) 20180119
Symantec Mobile Insight 20180118
Trustlook 20180119
Zoner 20180119
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-02-20 17:52:51
Entry Point 0x00019310
Number of sections 3
PE sections
Overlays
MD5 4bb5be3fb3d0c85199930fe66d25621e
File type data
Offset 84992
Size 76483
Entropy 8.00
PE imports
IsValidAcl
GetPixel
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(66)
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1999:02:20 18:52:51+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
86016

LinkerVersion
7.0

EntryPoint
0x19310

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
4.9

OSVersion
4.0

UninitializedDataSize
16384

File identification
MD5 137f3e5c07a9c3cecb8f5163ba5b1edb
SHA1 daf56d504605945923bf9286469115f60cfb8be0
SHA256 0080d3240bf986192c7d00c8c1f3af0be6ffab350949b9ad3a2bf44ae7e343e2
ssdeep
3072:bQVyRZ6zQqKftjWteZ0RgIC7QcIqRoa43JmxI43t/cWDf:2cUGtjWtq0rwQq7MJmVth

authentihash a0ae4f6d4e76993f6495fd31c0764b7b491c813d5a5dd63e66a40b2a50116b8c
imphash 33b67f4fd3b9d521f65a51584990661e
File size 157.7 KB ( 161475 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Clipper DOS Executable (2.8%)
Tags
pedll upx overlay

VirusTotal metadata
First submission 2009-02-17 11:09:55 UTC ( 8 years, 11 months ago )
Last submission 2016-01-26 21:53:18 UTC ( 1 year, 11 months ago )
File names 0080d3240bf986192c7d00c8c1f3af0be6ffab350949b9ad3a2bf44ae7e343e2
0080d3240bf986192c7d00c8c1f3af0be6ffab350949b9ad3a2bf44ae7e343e2-161475
137f3e5c07a9c3cecb8f5163ba5b1edbdaf56d504605945923bf9286469115f60cfb8be0161475.dll
137f3e5c07a9c3cecb8f5163ba5b1edb
jwgkvsq.bin
daf56d504605945923bf9286469115f60cfb8be0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!