× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c192700bd93c6c15f95be69666095e5bc7add21ab8f784e5e51c061cbff349c
File name: up.bin
Detection ratio: 2 / 57
Analysis date: 2015-05-15 09:36:04 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AVG Win32/Heim 20150515
Tencent Trojan.Win32.YY.Gen.10 20150515
Ad-Aware 20150515
AegisLab 20150515
Yandex 20150514
AhnLab-V3 20150515
Alibaba 20150515
ALYac 20150515
Antiy-AVL 20150515
Avast 20150515
Avira (no cloud) 20150515
AVware 20150515
Baidu-International 20150515
BitDefender 20150515
Bkav 20150514
ByteHero 20150515
CAT-QuickHeal 20150515
ClamAV 20150515
CMC 20150513
Comodo 20150515
Cyren 20150515
DrWeb 20150515
Emsisoft 20150515
ESET-NOD32 20150515
F-Prot 20150515
F-Secure 20150515
Fortinet 20150515
GData 20150515
Ikarus 20150515
Jiangmin 20150513
K7AntiVirus 20150515
K7GW 20150515
Kaspersky 20150515
Kingsoft 20150515
Malwarebytes 20150515
McAfee 20150515
McAfee-GW-Edition 20150514
Microsoft 20150515
eScan 20150515
NANO-Antivirus 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
Rising 20150514
Sophos AV 20150515
SUPERAntiSpyware 20150515
Symantec 20150515
TheHacker 20150514
TotalDefense 20150514
TrendMicro 20150515
TrendMicro-HouseCall 20150515
VBA32 20150514
VIPRE 20150515
ViRobot 20150515
Zillya 20150514
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-25 01:10:45
Entry Point 0x00015D9F
Number of sections 7
PE sections
PE imports
ImpersonateAnonymousToken
CryptSetProviderW
AdjustTokenPrivileges
LookupAccountSidA
RegRestoreKeyW
GetSecurityInfo
LsaOpenPolicy
RegFlushKey
QueryServiceStatus
SystemFunction019
SetEntriesInAuditListW
RegReplaceKeyW
BuildImpersonateTrusteeW
ConvertSecurityDescriptorToAccessNamedW
RegQueryValueW
EncryptFileA
BuildExplicitAccessWithNameA
GetKernelObjectSecurity
GetAuditedPermissionsFromAclW
TraceEventInstance
BuildSecurityDescriptorW
SetEntriesInAccessListW
SetEntriesInAclW
NotifyChangeEventLog
MakeSelfRelativeSD
LsaGetSystemAccessAccount
ImpersonateLoggedOnUser
ConvertSecurityDescriptorToAccessW
LsaDeleteTrustedDomain
BuildTrusteeWithSidW
GetSystemTime
SetHandleCount
DeleteTimerQueue
LocalAlloc
ExitProcess
SwitchToThread
WritePrivateProfileStringA
GlobalGetAtomNameA
CreateDirectoryA
SetErrorMode
GetAtomNameW
FoldStringW
Process32FirstW
GetFileType
GetTimeFormatW
InterlockedExchangeAdd
GetModuleHandleA
GlobalAddAtomA
GetComputerNameA
EnumSystemLanguageGroupsW
GlobalMemoryStatusEx
SetThreadExecutionState
SetVolumeLabelW
MoveFileA
IsBadHugeWritePtr
FindAtomW
CreateEventW
OpenSemaphoreA
FindNextChangeNotification
SetFileAttributesW
SetMessageWaitingIndicator
DefineDosDeviceA
GetPrivateProfileSectionA
WNetGetNetworkInformationA
WNetGetProviderNameW
WNetDisconnectDialog
WNetGetConnectionW
WNetAddConnection2W
WNetGetConnectionA
WNetAddConnection2A
WNetGetUniversalNameA
WNetGetLastErrorA
WNetEnumResourceA
WNetGetResourceInformationW
WNetAddConnectionW
MultinetGetConnectionPerformanceA
WNetGetLastErrorW
WNetAddConnectionA
WNetGetResourceInformationA
WNetCloseEnum
WNetAddConnection3W
WNetCancelConnection2W
WNetGetResourceParentA
WNetConnectionDialog1W
WNetSetLastErrorW
WNetGetResourceParentW
WNetAddConnection3A
HDC_UserUnmarshal
HICON_UserUnmarshal
CoGetApartmentID
CreateFileMoniker
CoGetTreatAsClass
CoRegisterSurrogateEx
CoAddRefServerProcess
IsAccelerator
ReadClassStm
CoLockObjectExternal
OleDoAutoConvert
CoResumeClassObjects
HENHMETAFILE_UserMarshal
CoAllowSetForegroundWindow
StgCreatePropSetStg
StgCreateStorageEx
OleInitialize
HBITMAP_UserFree
OleGetIconOfFile
HDC_UserFree
OleRegEnumVerbs
UtConvertDvtd32toDvtd16
CoQueryAuthenticationServices
OleMetafilePictFromIconAndLabel
OleQueryCreateFromData
StgIsStorageFile
CoGetClassVersion
SetConvertStg
CreateGenericComposite
HGLOBAL_UserMarshal
RpcAsyncRegisterInfo
NdrStubCall2
NdrNonConformantStringMemorySize
NdrAllocate
RpcSmSetThreadHandle
I_RpcTransDatagramAllocate2
RpcAsyncAbortCall
NdrPointerMemorySize
UuidToStringW
I_RpcNsBindingSetEntryNameA
I_RpcIfInqTransferSyntaxes
I_RpcServerSetAddressChangeFn
NdrVaryingArrayMarshall
NdrServerInitializePartial
RpcServerInqDefaultPrincNameA
NdrContextHandleSize
RpcIfIdVectorFree
NdrConformantStructBufferSize
RpcBindingSetAuthInfoA
I_RpcFree
RpcServerUseProtseqW
RpcServerUseAllProtseqs
NdrByteCountPointerMarshall
NdrComplexStructUnmarshall
NdrConformantStructFree
RpcBindingCopy
RpcServerUseProtseqIfExA
NdrProxyInitialize
NdrNonEncapsulatedUnionMemorySize
RpcMgmtInqServerPrincNameW
AcceptSecurityContext
QueryContextAttributesW
ApplyControlToken
SaslGetProfilePackageA
AddSecurityPackageW
ImpersonateSecurityContext
DeleteSecurityPackageW
QuerySecurityPackageInfoA
LsaLookupAuthenticationPackage
LsaLogonUser
ExportSecurityContext
QueryCredentialsAttributesA
SaslIdentifyPackageW
EnumerateSecurityPackagesW
DecryptMessage
SaslIdentifyPackageA
LsaEnumerateLogonSessions
LsaRegisterPolicyChangeNotification
CompleteAuthToken
QuerySecurityPackageInfoW
SaslEnumerateProfilesW
LsaFreeReturnBuffer
SaslAcceptSecurityContext
FreeContextBuffer
SaslEnumerateProfilesA
UnsealMessage
SHBindToParent
SHPathPrepareForWriteA
ExtractAssociatedIconExW
DragQueryFileA
ExtractIconW
SHLoadNonloadedIconOverlayIdentifiers
SHGetFileInfoA
SHFormatDrive
ShellExecuteExA
SHEmptyRecycleBinW
ShellExecuteExW
SHGetIconOverlayIndexW
SHGetFileInfoW
SHInvokePrinterCommandA
SHGetPathFromIDListA
SHFileOperationA
SHLoadInProc
SHFreeNameMappings
ExtractAssociatedIconA
SHGetFolderPathW
ExtractIconExA
SHGetInstanceExplorer
SHGetNewLinkInfoW
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2011:06:25 02:10:45+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
86016

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x15d9f

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
7.4

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 742e30b5ba7793bea18b3972292d139e
SHA1 635dab691945ab8b901b927ee1abaa41605c120e
SHA256 0c192700bd93c6c15f95be69666095e5bc7add21ab8f784e5e51c061cbff349c
ssdeep
3072:tQug/3mJbF1cGGqiBwdQ1bhr2b7yt8sPDNzMwqCZA/4VB3s:UeVcGG/wdwVZFDNgwqL/q

authentihash 7ca2c7fe2d8d1f679db10ba285138abbd6ab024d138e3c3769944b1cff7a4cc8
imphash 4f7fed4bdf564ca5fa086c14f5b7be82
File size 161.0 KB ( 164864 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll

VirusTotal metadata
First submission 2015-05-15 09:36:04 UTC ( 3 years, 7 months ago )
Last submission 2018-10-04 18:40:35 UTC ( 2 months, 1 week ago )
File names up.bin
742E30B5BA7793BEA18B3972292D139E
742e30b5ba7793bea18b3972292d139e
742E30B5BA7793BEA18B3972292D139E.exe
742e30b5ba7793bea18b3972292d139e.vir
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0VES15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!