× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 057e58bacb051ede7e15e0263cac20a7e877f5825122bd527668deab857951f2
File name: worker32_dll.dll
Detection ratio: 16 / 57
Analysis date: 2015-06-21 13:31:56 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.130532 20150621
ALYac Gen:Variant.Zusy.130532 20150621
Arcabit Trojan.Zusy.D1FDE4 20150621
Avast Win32:Dridex-V [Trj] 20150621
AVG Generic_r.FBS 20150621
BitDefender Gen:Variant.Zusy.130532 20150621
Emsisoft Gen:Variant.Zusy.130532 (B) 20150621
ESET-NOD32 a variant of Win32/Dridex.M 20150621
F-Secure Trojan:W32/Dridex.E 20150621
GData Gen:Variant.Zusy.130532 20150621
Ikarus Trojan.Win32.Dridex 20150621
Malwarebytes Trojan.Dridex.32 20150621
McAfee Drixed-FAI!BF4A1017671C 20150621
McAfee-GW-Edition Drixed-FAI!BF4A1017671C 20150621
eScan Gen:Variant.Zusy.130532 20150621
Tencent Trojan.Win32.YY.Gen.29 20150621
AegisLab 20150621
Yandex 20150621
AhnLab-V3 20150621
Alibaba 20150620
Antiy-AVL 20150621
Avira (no cloud) 20150621
AVware 20150621
Baidu-International 20150621
Bkav 20150620
ByteHero 20150621
CAT-QuickHeal 20150620
ClamAV 20150621
CMC 20150618
Comodo 20150621
Cyren 20150621
DrWeb 20150621
F-Prot 20150621
Fortinet 20150621
Jiangmin 20150620
K7AntiVirus 20150621
K7GW 20150621
Kaspersky 20150621
Kingsoft 20150621
Microsoft 20150621
NANO-Antivirus 20150621
nProtect 20150619
Panda 20150621
Qihoo-360 20150621
Rising 20150618
Sophos AV 20150621
SUPERAntiSpyware 20150621
Symantec 20150621
TheHacker 20150620
TotalDefense 20150621
TrendMicro 20150621
TrendMicro-HouseCall 20150621
VBA32 20150620
VIPRE 20150621
ViRobot 20150621
Zillya 20150620
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-29 14:46:50
Entry Point 0x00034F39
Number of sections 5
PE sections
PE imports
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
GetConsoleOutputCP
OutputDebugStringW
LoadLibraryW
GetConsoleCP
GetDriveTypeA
LCMapStringA
IsDebuggerPresent
DebugBreak
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
HeapSize
RtlUnwind
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
GetModuleHandleW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetHandleCount
GetCommandLineA
WaitForMultipleObjects
GetProcessHeap
TlsFree
GetFileType
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
GetStringTypeA
SetFilePointer
DeleteCriticalSection
ReadFile
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
SetEndOfFile
GetACP
HeapReAlloc
GetStringTypeW
DecodePointer
HeapDestroy
SetFileAttributesA
GetOEMCP
TerminateProcess
QueryPerformanceCounter
GetProcAddress
HeapCreate
SetLastError
CreateFileW
VirtualQuery
InterlockedDecrement
Sleep
IsBadReadPtr
GetTickCount
TlsSetValue
CreateFileA
EncodePointer
OutputDebugStringA
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:05:29 15:46:50+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
251904

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x34f39

InitializedDataSize
76288

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 bf4a1017671ccd0cc31fc80f0c52f4e0
SHA1 28576cff40a75e0e9c15df1e24d62d46a3f4f3e6
SHA256 057e58bacb051ede7e15e0263cac20a7e877f5825122bd527668deab857951f2
ssdeep
6144:qjqiRYuAvFdwbg+ZTDkTigIkTGyfJUkipHYWhEv9lJ8lyTBDTMLDJ0:qm4YlfYkTigIkTZfJUkCThGlJ8lyThR

authentihash 89ef23ddb3335ea3aafb53a4d4a524acb0baf6c82c8ffd7da6dda4b0b3621677
imphash 693e26837ae78f553f5a37ac6d64a2e1
File size 311.0 KB ( 318464 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-21 13:31:56 UTC ( 3 years, 11 months ago )
Last submission 2018-10-04 22:47:36 UTC ( 7 months, 2 weeks ago )
File names BF4A1017671CCD0CC31FC80F0C52F4E0
bf4a1017671ccd0cc31fc80f0c52f4e0.virobj
BF4A1017671CCD0CC31FC80F0C52F4E0.exe
worker32_dll.dll
worker32_dll.dll
bf4a1017671ccd0cc31fc80f0c52f4e0.vir
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0DFS15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!