× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ccb550a30065f5c464c0c888272808be1c48d744895f585f13d2f36ac489ec1
File name: updaterdll.dll
Detection ratio: 3 / 66
Analysis date: 2018-01-16 16:08:08 UTC ( 1 month ago )
Antivirus Result Update
Cylance Unsafe 20180116
Sophos ML heuristic 20170914
TrendMicro-HouseCall Suspicious_GEN.F47V0927 20180116
Ad-Aware 20180116
AegisLab 20180116
AhnLab-V3 20180116
Alibaba 20180116
ALYac 20180116
Antiy-AVL 20180116
Arcabit 20180116
Avast 20180116
Avast-Mobile 20180116
AVG 20180116
Avira (no cloud) 20180116
AVware 20180103
Baidu 20180116
BitDefender 20180116
Bkav 20180116
CAT-QuickHeal 20180116
ClamAV 20180116
CMC 20180116
Comodo 20180116
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20180116
DrWeb 20180116
eGambit 20180116
Emsisoft 20180116
Endgame 20171130
ESET-NOD32 20180116
F-Prot 20180116
F-Secure 20180116
Fortinet 20180116
GData 20180116
Ikarus 20180116
Jiangmin 20180116
K7AntiVirus 20180116
K7GW 20180116
Kaspersky 20180116
Kingsoft 20180116
Malwarebytes 20180116
MAX 20180116
McAfee 20180116
McAfee-GW-Edition 20180116
Microsoft 20180116
eScan 20180116
NANO-Antivirus 20180116
nProtect 20180116
Palo Alto Networks (Known Signatures) 20180116
Panda 20180116
Qihoo-360 20180116
Rising 20180116
SentinelOne (Static ML) 20180115
Sophos AV 20180116
SUPERAntiSpyware 20180116
Symantec 20180116
Symantec Mobile Insight 20180116
Tencent 20180116
TheHacker 20180115
TrendMicro 20180116
Trustlook 20180116
VBA32 20180116
VIPRE 20180116
ViRobot 20180116
Webroot 20180116
WhiteArmor 20180110
Yandex 20180112
Zillya 20180115
ZoneAlarm by Check Point 20180116
Zoner 20180116
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-01 11:25:47
Entry Point 0x00001000
Number of sections 1
PE sections
PE imports
GetPrivateProfileStringA
GetModuleHandleA
lstrcmpiA
lstrcpyA
VirtualProtect
GetModuleFileNameA
VirtualAlloc
GetProcAddress
GetLocalTime
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:01 12:25:47+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
2.5

FileTypeExtension
dll

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 0d32c8fbe85715ce31950b24355711b6
SHA1 c89e60aebbeba00368b86e9af7ff27bbf5452a58
SHA256 0ccb550a30065f5c464c0c888272808be1c48d744895f585f13d2f36ac489ec1
ssdeep
24:AePvbMy2w2MtzNt6JXStYtldNtU++aqwuVSuc3HaanSv:fPP21Mtn6JXS+tlTy++aq4KanQ

authentihash c9895efcfdd42e67f8a17013bd11e2a1c5d540072e11a8bfb603a637a8a022cd
imphash 2db7c61ccc5409240c7009c56af03a4c
File size 1.6 KB ( 1666 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2013-11-22 04:35:23 UTC ( 4 years, 3 months ago )
Last submission 2018-01-16 16:08:08 UTC ( 1 month ago )
File names Updaterdll.dll
updaterDLL.dll
updater.dll
updaterdll.dll
updaterdll.dll
updaterdll.dll
UpdaterDll.dll
updaterdll.dll
UpdaterDll (2).dll
_UpdaterDll.dll
updaterdll.dll
c89e60aebbeba00368b86e9af7ff27bbf5452a58
filename
UPDATERDLL.DLL
UpdaterDll.dll
200470228_0d32c8fbe85715ce31950b24355711b6
updaterdll.dll
updaterdll.dll
63.dll
updaterDll.dll
updaterdll.dll
UpdaterDll.dll
updaterdll.dll
85993660d9863097eba6e408c1f6acfe_UpdaterDll.dll.safe
updaterdll.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0606.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!