× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d7f44ac5fdb1a9c2ce6c7ac3f780e6a08f64c6f6f28a67413b35b009e1d1a24
File name: b012e3765850677f8a6ec321c55b819cf6783de3
Detection ratio: 26 / 67
Analysis date: 2017-11-02 17:37:43 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.MikeyB.87 20171102
Antiy-AVL Trojan/Win32.TSGeneric 20171102
Arcabit Trojan.MikeyB.87 20171102
Avast Win64:Malware-gen 20171102
AVG Win64:Malware-gen 20171102
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171101
BitDefender Gen:Variant.MikeyB.87 20171102
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171102
Emsisoft Gen:Variant.MikeyB.87 (B) 20171102
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win64/Kryptik.BHM 20171102
F-Secure Gen:Variant.MikeyB.87 20171102
Fortinet W64/Kryptik.BHM!tr 20171102
GData Gen:Variant.MikeyB.87 20171102
Sophos ML heuristic 20170914
Jiangmin Trojan.Dridex.df 20171102
Kaspersky Trojan.Win64.Dridex.obk 20171102
Malwarebytes Trojan.Dridex 20171102
MAX malware (ai score=82) 20171102
McAfee Artemis!81135FA4B14A 20171031
McAfee-GW-Edition Drixed-FHC!81135FA4B14A 20171102
eScan Gen:Variant.MikeyB.87 20171102
Rising Trojan.Win64/Kryptik!1.AE02 (CLASSIC) 20171102
SentinelOne (Static ML) static engine - malicious 20171019
ZoneAlarm by Check Point Trojan.Win64.Dridex.obk 20171102
AegisLab 20171102
AhnLab-V3 20171102
Alibaba 20170911
ALYac 20171102
Avast-Mobile 20171102
Avira (no cloud) 20171102
AVware 20171102
Bkav 20171102
CAT-QuickHeal 20171102
ClamAV 20171102
CMC 20171102
Comodo 20171102
Cybereason 20171030
Cyren 20171102
DrWeb 20171102
eGambit 20171102
F-Prot 20171102
Ikarus 20171102
K7AntiVirus 20171102
K7GW 20171102
Kingsoft 20171102
Microsoft 20171102
NANO-Antivirus 20171102
nProtect 20171102
Palo Alto Networks (Known Signatures) 20171102
Panda 20171102
Qihoo-360 20171102
Sophos AV 20171102
SUPERAntiSpyware 20171102
Symantec 20171102
Symantec Mobile Insight 20171101
Tencent 20171102
TheHacker 20171102
TotalDefense 20171102
TrendMicro 20171102
TrendMicro-HouseCall 20171102
Trustlook 20171102
VBA32 20171102
VIPRE 20171102
ViRobot 20171102
Webroot 20171102
WhiteArmor 20171024
Yandex 20171101
Zillya 20171102
Zoner 20171102
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-10-30 07:04:49
Entry Point 0x00001470
Number of sections 7
PE sections
PE imports
lstrlenW
GetModuleHandleW
ExitProcess
MulDiv
GetModuleFileNameA
AddRefActCtx
GetCurrentThreadId
GetBinaryTypeA
ICSendMessage
DefDriverProc
CoIsOle1Class
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.0

MachineType
AMD AMD64

TimeStamp
2017:10:30 08:04:49+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
417792

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
24576

ImageFileCharacteristics
Executable, Large address aware, DLL

EntryPoint
0x1470

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 81135fa4b14a33cdbda15ebc1ec58294
SHA1 b012e3765850677f8a6ec321c55b819cf6783de3
SHA256 0d7f44ac5fdb1a9c2ce6c7ac3f780e6a08f64c6f6f28a67413b35b009e1d1a24
ssdeep
12288:p1GapGNZjd8h/jB3wu8eX08FfXE6fGareOCE:/OdWlp8yJK0eOC

authentihash 488ad8605b8b95e55d1d9ae7e91b0d0dd315359c18a881e604852394aa681737
imphash 6d30f68a8217f2185ba72072e2b2ed9e
File size 432.0 KB ( 442368 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2017-11-02 17:37:43 UTC ( 1 year, 1 month ago )
Last submission 2017-11-02 17:37:43 UTC ( 1 year, 1 month ago )
File names b012e3765850677f8a6ec321c55b819cf6783de3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!