× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 053e51da8f8e2c53f7e11ea305fa8a09554c24a67ef0b4ec0db3eec993ae59a1
File name: LKrsKLwQvEM1.dll
Detection ratio: 9 / 56
Analysis date: 2016-12-06 22:09:01 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Locky.R191630 20161206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161206
Bkav W32.eHeur.Malware03 20161206
Comodo TrojWare.Win32.Kryptik.XJV 20161206
CrowdStrike Falcon (ML) malicious_confidence_85% (D) 20161024
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161206
Symantec Ransom.Locky 20161206
Tencent Win32.Trojan.Raas.Auto 20161206
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20161206
Ad-Aware 20161206
AegisLab 20161206
Alibaba 20161206
ALYac 20161206
Antiy-AVL 20161206
Arcabit 20161206
Avast 20161206
AVG 20161206
Avira (no cloud) 20161206
AVware 20161206
BitDefender 20161206
CAT-QuickHeal 20161206
ClamAV 20161206
CMC 20161206
Cyren 20161206
DrWeb 20161206
Emsisoft 20161206
ESET-NOD32 20161206
F-Prot 20161206
F-Secure 20161206
Fortinet 20161206
GData 20161206
Ikarus 20161206
Sophos ML 20161202
Jiangmin 20161206
K7AntiVirus 20161206
K7GW 20161206
Kaspersky 20161206
Kingsoft 20161206
Malwarebytes 20161206
McAfee 20161205
McAfee-GW-Edition 20161206
Microsoft 20161206
eScan 20161206
NANO-Antivirus 20161206
nProtect 20161206
Panda 20161206
Rising 20161206
Sophos AV 20161206
SUPERAntiSpyware 20161206
TheHacker 20161130
TotalDefense 20161206
TrendMicro 20161206
Trustlook 20161206
VBA32 20161206
VIPRE 20161206
ViRobot 20161206
WhiteArmor 20161125
Yandex 20161206
Zillya 20161205
Zoner 20161206
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 17:57:59
Entry Point 0x00002140
Number of sections 3
PE sections
PE imports
TerminateProcess
EnterCriticalSection
LoadLibraryW
lstrcmpA
WriteFile
ExitProcess
CloseHandle
GetProcAddress
VirtualAlloc
malloc
_adjust_fdiv
free
_onexit
__dllonexit
_initterm
memcpy
SHQueryValueExA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:06 18:57:59+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
8192

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
163840

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x2140

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 43a83766a120ef53189bb1c262f06fa9
SHA1 ca3a168706817e194c478cca2b35707649dd4441
SHA256 053e51da8f8e2c53f7e11ea305fa8a09554c24a67ef0b4ec0db3eec993ae59a1
ssdeep
3072:vbVQEHtkPtoN2rPVnJW8wBVY7zNosCieafX6bfF6rxZZWud3+Z9:vbVQOtkCN2BnJW5aLFfAfgr+9

authentihash 532fbc11f100b8cc497aaab10f1ceeae6ac7b79a059edf2e1c0bf9cb1c4a11b3
imphash 7e6f041c8e3ac9484239cc597feb2c6d
File size 172.0 KB ( 176128 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-12-06 22:09:01 UTC ( 2 years, 2 months ago )
Last submission 2017-08-03 21:19:22 UTC ( 1 year, 6 months ago )
File names LKrsKLwQvEM1.dll
msTTSUO1.dll
WwuCwmn4.dll.564.dr
01.exe
JDaLakYFRbP2.dll
wAPDVXM1.dll
MHOST_27.exe
yihSSBc3.dll
djFesic1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!