× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 033f17b386feaf3ab87639880e9ba23f0e2f046c28733ed64def847ad583da4c
File name: aakelwb.dll
Detection ratio: 47 / 65
Analysis date: 2018-08-01 23:59:31 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.156537 20180802
AegisLab Troj.Ransom.W32.Agent.hvn!c 20180801
AhnLab-V3 Trojan/Win32.Shipup.R58491 20180801
ALYac Gen:Variant.Kazy.156537 20180801
Antiy-AVL Trojan[Ransom]/Win32.Agent 20180802
Arcabit Trojan.Kazy.D26379 20180801
Avast Win32:Gepys-J [Trj] 20180801
AVG Win32:Gepys-J [Trj] 20180801
Avira (no cloud) TR/Crypt.EPACK.Gen2 20180801
AVware Trojan.Win32.Cridex.c (v) 20180727
Baidu Win32.Trojan.Agent.eq 20180801
BitDefender Gen:Variant.Kazy.156537 20180802
CMC Trojan-Ransom.Win32.Agent!O 20180801
Comodo TrojWare.Win32.Kryptik.AYQE 20180801
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180802
DrWeb Trojan.Redirect.140 20180802
Emsisoft Gen:Variant.Kazy.156537 (B) 20180802
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.AXBQ 20180801
F-Secure Gen:Variant.Kazy.156537 20180801
Fortinet W32/Kryptik.AXBQ!tr 20180801
GData Gen:Variant.Kazy.156537 20180801
Ikarus Trojan-Spy.Win32.Zbot 20180801
Sophos ML heuristic 20180717
Jiangmin Trojan/Agent.hfjv 20180801
K7AntiVirus Riskware ( 0040eff71 ) 20180801
K7GW Riskware ( 0040eff71 ) 20180802
Kaspersky Trojan-Ransom.Win32.Agent.hvm 20180801
MAX malware (ai score=88) 20180802
McAfee PWS-Zbot-FANV 20180801
McAfee-GW-Edition PWS-Zbot-FAKU!99641AF0155D 20180802
eScan Gen:Variant.Kazy.156537 20180801
NANO-Antivirus Trojan.Win32.Agent.bqocvv 20180802
Panda Generic Malware 20180801
Qihoo-360 HEUR/Malware.QVM40.Gen 20180802
Rising Ransom.Agent!8.6B7 (CLOUD) 20180802
Sophos AV Troj/Zbot-EHY 20180802
SUPERAntiSpyware Trojan.Agent/Gen-Zbot 20180801
Symantec Packed.Generic.459 20180801
Tencent Win32.Trojan.Agent.cgci 20180802
TheHacker Trojan/Kryptik.axbq 20180730
VBA32 BScope.Trojan.ShipUp 20180801
VIPRE Trojan.Win32.Cridex.c (v) 20180802
Webroot W32.Malware.Gen 20180802
Zillya Trojan.Agent.Win32.356904 20180801
ZoneAlarm by Check Point Trojan-Ransom.Win32.Agent.hvm 20180802
Alibaba 20180713
Avast-Mobile 20180801
Bkav 20180801
CAT-QuickHeal 20180801
ClamAV 20180801
Cybereason 20180225
Cyren 20180801
eGambit 20180802
F-Prot 20180801
Kingsoft 20180802
Malwarebytes 20180801
Palo Alto Networks (Known Signatures) 20180802
SentinelOne (Static ML) 20180701
Symantec Mobile Insight 20180801
TACHYON 20180801
TotalDefense 20180801
TrendMicro 20180801
TrendMicro-HouseCall 20180801
Trustlook 20180802
ViRobot 20180801
Yandex 20180731
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-20 08:14:45
Entry Point 0x000068F0
Number of sections 6
PE sections
PE imports
RegOpenKeyExW
DeviceIoControl
FormatMessageW
GetDriveTypeW
ReadFile
GetModuleHandleA
LocalFree
CreateFileW
GetStartupInfoA
ExitProcess
CloseHandle
VirtualAlloc
GetModuleHandleW
GetLastError
SetFocus
AnimateWindow
MessageBoxW
EnableWindow
EndDialog
IsDlgButtonChecked
DialogBoxParamW
GetDesktopWindow
LoadStringW
LoadCursorW
LoadIconW
GetDlgItem
DialogBoxParamA
LoadCursorA
_cexit
__p__fmode
_c_exit
_except_handler3
_acmdln
_exit
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:03:20 09:14:45+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
23552

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x68f0

InitializedDataSize
17408

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 99641af0155de3c70a1e9c5986d4d7d9
SHA1 c79efdd3a194cc5c830d59efecfed1b5dbf375d5
SHA256 033f17b386feaf3ab87639880e9ba23f0e2f046c28733ed64def847ad583da4c
ssdeep
384:UVCMkDyTPb/rdXlXFAoFV3wBk039gVrMJ7WsMBjM23pv5:Uc1qTrdXlXFvVg60NqrMQsM223P

authentihash 114a4055c59062d31a9f38be21f909f6cd320b7a422812a0db14aa23dea79c51
imphash c7196f1516533230075c4e5a97c14d4b
File size 41.0 KB ( 41984 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2013-03-21 00:06:00 UTC ( 6 years ago )
Last submission 2013-03-26 15:25:56 UTC ( 6 years ago )
File names aakelwb.dll
vti-rescan
ltrzitb.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!