× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c28510841b63a0e75a76421a469d2e0a703a190c1a92cc3de44c2104765d196
File name: tonight.dll
Detection ratio: 44 / 56
Analysis date: 2015-07-27 16:06:16 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.8011456 20150727
Yandex TrojanSpy.Ursnif!2HgzaT2lkH8 20150727
AhnLab-V3 Win-Trojan/Ursnif.90624 20150727
ALYac Trojan.Generic.8011456 20150727
Antiy-AVL Trojan[Spy]/Win64.Ursnif 20150727
Arcabit Trojan.Generic.D7A3EC0 20150727
Avast Win64:Spyware-gen [Spy] 20150727
AVG PSW.Generic10.OEQ 20150727
Avira (no cloud) TR/Agent.adsg.2 20150727
AVware Trojan.Win32.Generic!BT 20150727
Baidu-International Trojan.Win64.Ursnif.d 20150727
BitDefender Trojan.Generic.8011456 20150727
CAT-QuickHeal TrojanSpy.Ursnif.rw5 20150727
Comodo UnclassifiedMalware 20150727
Cyren W64/Ursnif.M 20150727
Emsisoft Trojan.Generic.8011456 (B) 20150727
ESET-NOD32 Win64/PSW.Papras.S 20150727
F-Prot W64/Ursnif.M 20150727
F-Secure Trojan.Generic.8011456 20150727
Fortinet W64/Papras.S!tr 20150727
GData Trojan.Generic.8011456 20150727
Ikarus Trojan-Spy.Win64 20150727
Jiangmin TrojanSpy.Ursnif.al 20150726
K7AntiVirus Riskware ( 0015e4f01 ) 20150727
K7GW Riskware ( 0015e4f01 ) 20150727
Kaspersky Trojan-Spy.Win64.Ursnif.d 20150727
McAfee Generic.nk 20150727
McAfee-GW-Edition Generic.nk 20150726
Microsoft Backdoor:Win64/Vawtrak.A 20150727
eScan Trojan.Generic.8011456 20150727
nProtect Trojan/W32.Agent.90624.VM 20150727
Panda Trj/Agent.MIZ 20150727
Qihoo-360 Win32/Trojan.Spy.5f8 20150727
Rising PE:Trojan.Win32.Generic.13E384E6!333677798 20150722
Sophos AV Troj/SinkHole-A 20150727
Symantec Trojan Horse 20150727
Tencent Win32.Trojan-Spy.Ursnif.bvlk 20150727
TheHacker Trojan/PSW.Papras.s 20150723
TotalDefense Win64/Ursnif.TG 20150727
TrendMicro TROJ_URSNIF.EK 20150727
TrendMicro-HouseCall TROJ_URSNIF.EK 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Trojan.Win64.A.Ursnif.90624[h] 20150727
Zoner Trojan.Generic 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
ClamAV 20150727
DrWeb 20150727
Kingsoft 20150727
Malwarebytes 20150727
NANO-Antivirus 20150727
SUPERAntiSpyware 20150727
VBA32 20150727
Zillya 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright (C) 2010

Publisher Weco Pyrotechnische Fabrik
Product Their everybody bar flat.
Original name tonight.dll
Internal name tonight.dll
File version 3,5,3,4
Description Their everybody bar flat.
PE header basic information
Target machine x64
Compilation timestamp 2012-09-03 14:09:37
Entry Point 0x00010654
Number of sections 5
PE sections
PE imports
GetModuleHandleA
lstrlenA
LoadLibraryW
lstrcpyA
CreateMutexW
VirtualProtect
GetProcAddress
GetDlgItemTextA
PE exports
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_STRING 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
29696

ImageVersion
0.0

ProductName
Their everybody bar flat.

FileVersionNumber
3.5.3.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Their everybody bar flat.

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
dll

OriginalFileName
tonight.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3,5,3,4

TimeStamp
2012:09:03 14:09:37+00:00

FileType
Win64 DLL

PEType
PE32+

InternalName
tonight.dll

ProductVersion
3,5,3,4

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2010

MachineType
AMD AMD64

CompanyName
Weco Pyrotechnische Fabrik

CodeSize
64000

FileSubtype
0

ProductVersionNumber
3.5.3.4

EntryPoint
0x10654

ObjectFileType
Dynamic link library

File identification
MD5 7d44da41295536c365b18af1fc429fe6
SHA1 571075cfbefb18ba423809d71a986018bc459e0e
SHA256 0c28510841b63a0e75a76421a469d2e0a703a190c1a92cc3de44c2104765d196
ssdeep
1536:AodsrVQ/NUVD1K1ZuFqF8nzxlNcyprIDBTfYIk8BAVZpE:A95Ql8D1IZuMAztcyprIpgUBAq

authentihash 90bfc313495146773e47ea521a102aee3151bcd9375f3a214a15597c93f9b02f
imphash 47865626fd6db5dab5413d1038f00b04
File size 88.5 KB ( 90624 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2012-09-06 19:16:37 UTC ( 6 years ago )
Last submission 2014-03-31 07:02:19 UTC ( 4 years, 6 months ago )
File names 7d44da41295536c365b18af1fc429fe6.dll
Bltrmazkhrlr.dat
CFU2ZH.xml
tonight.dll
Xexvpbwwqtr.dat
7d44da41295536c365b18af1fc429fe6_Gobgkuinloxti.dat
7d44da41295536c365b18af1fc429fe6
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!