× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e0e736df5ec171fb0c4b6cc522e6d18fe25fc1b18959ccdb27e4c8521b2c0a3
File name: 0e0e736df5ec171fb0c4b6cc522e6d18fe25fc1b18959ccdb27e4c8521b2c0a3
Detection ratio: 33 / 64
Analysis date: 2018-03-20 15:02:21 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.138199 20180321
AegisLab Gen.Variant.Ursu!c 20180321
ALYac Gen:Variant.Ursu.138199 20180321
Antiy-AVL Trojan/Win32.SGeneric 20180320
Arcabit Trojan.Ursu.D21BD7 20180321
Avast Win32:Malware-gen 20180321
AVG Win32:Malware-gen 20180321
Avira (no cloud) TR/AD.Dridex.qmsso 20180320
AVware Trojan.Win32.Generic!BT 20180321
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180320
BitDefender Gen:Variant.Ursu.138199 20180321
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180321
Cyren W32/Trojan.CCAH-8267 20180321
Emsisoft Gen:Variant.Ursu.138199 (B) 20180321
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Kryptik.GDJX 20180321
Fortinet W32/Dridex.BT!tr 20180321
GData Gen:Variant.Ursu.138199 20180321
Ikarus Trojan.Win32.Crypt 20180320
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052af241 ) 20180320
K7GW Trojan ( 0052af241 ) 20180320
MAX malware (ai score=98) 20180321
McAfee GenericRXEB-YO!66034294E67C 20180321
McAfee-GW-Edition GenericRXEB-YO!66034294E67C 20180321
eScan Gen:Variant.Ursu.138199 20180321
Panda Trj/CI.A 20180320
Qihoo-360 Win32/Trojan.6bc 20180321
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180321
Symantec Packed.Generic.517 20180320
VIPRE Trojan.Win32.Generic!BT 20180321
AhnLab-V3 20180320
Alibaba 20180321
Avast-Mobile 20180320
Bkav 20180320
CAT-QuickHeal 20180320
ClamAV 20180321
CMC 20180321
Comodo 20180321
Cybereason 20180225
DrWeb 20180321
eGambit 20180321
F-Prot 20180321
F-Secure 20180321
Jiangmin 20180321
Kaspersky 20180321
Kingsoft 20180321
Malwarebytes 20180321
Microsoft 20180321
NANO-Antivirus 20180321
nProtect 20180321
Palo Alto Networks (Known Signatures) 20180321
Rising 20180321
SUPERAntiSpyware 20180321
Symantec Mobile Insight 20180311
Tencent 20180321
TheHacker 20180319
TotalDefense 20180320
Trustlook 20180321
VBA32 20180320
ViRobot 20180321
WhiteArmor 20180223
Yandex 20180320
Zillya 20180320
ZoneAlarm by Check Point 20180321
Zoner 20180321
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Product PyWin32
File version 2.7.219.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-16 07:10:44
Entry Point 0x00001860
Number of sections 10
PE sections
PE imports
CryptGetDefaultProviderW
capGetDriverDescriptionA
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
GetBinaryTypeA
wglGetProcAddress
IsCharAlphaW
GetClassInfoExW
GetActiveWindow
IsZoomed
GetFocus
GetSysColor
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
107702811

LinkerVersion
12.255

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.23539

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1860

MIMEType
application/octet-stream

FileVersion
2.7.219.0

TimeStamp
2018:02:16 08:10:44+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
2.7.219.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
12288

ProductName
PyWin32

ProductVersionNumber
6.1.7601.23539

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 66034294e67c0465453fc080b22ae76a
SHA1 35d6dcad623768160f50b86ccd27e4a67ecef0b2
SHA256 0e0e736df5ec171fb0c4b6cc522e6d18fe25fc1b18959ccdb27e4c8521b2c0a3
ssdeep
6144:sPAgVgrCO3Ja3kjWI4y2vheweOtni9WkVd1fYqDhvaEiMBo3XwN46lvA:s4gOX5aXI4xh6gkVLhvatgN40vA

authentihash ca2bb7e49b4587a65699f632cf0abd9c6ae844609637060821b784d31127ea85
imphash 72ae5d53685a561c7a835477fa2fff01
File size 480.0 KB ( 491520 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-19 13:09:55 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-20 15:02:21 UTC ( 8 months, 3 weeks ago )
File names 66034294e67c0465453fc080b22ae76a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!