× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e780cda7f97c262bdc5834dcb0624400e34aaa6f9aa6d4dff72145d7dd9d688
File name: DownloadedDll.bin
Detection ratio: 10 / 54
Analysis date: 2014-06-23 02:13:50 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.11387973 20140623
Avast Win32:Dyre-B [Trj] 20140623
AVG PSW.Generic12.APOE 20140622
BitDefender Trojan.Generic.11387973 20140623
Emsisoft Trojan.Generic.11387973 (B) 20140623
ESET-NOD32 a variant of Win32/Battdil.A 20140622
F-Secure Trojan.Generic.11387973 20140622
GData Trojan.Generic.11387973 20140623
Microsoft TrojanSpy:Win32/Dyzap.C 20140623
eScan Trojan.Generic.11387973 20140623
AegisLab 20140623
Yandex 20140622
AhnLab-V3 20140622
AntiVir 20140622
Antiy-AVL 20140619
Baidu-International 20140622
Bkav 20140621
ByteHero 20140623
CAT-QuickHeal 20140621
ClamAV 20140622
CMC 20140622
Commtouch 20140623
Comodo 20140622
DrWeb 20140623
F-Prot 20140622
Fortinet 20140623
Ikarus 20140623
Jiangmin 20140622
K7AntiVirus 20140621
K7GW 20140621
Kaspersky 20140622
Kingsoft 20140623
Malwarebytes 20140623
McAfee 20140623
McAfee-GW-Edition 20140622
NANO-Antivirus 20140623
Norman 20140622
nProtect 20140622
Panda 20140622
Qihoo-360 20140623
Rising 20140622
Sophos AV 20140623
SUPERAntiSpyware 20140622
Symantec 20140623
Tencent 20140623
TheHacker 20140622
TotalDefense 20140622
TrendMicro 20140623
TrendMicro-HouseCall 20140623
VBA32 20140620
VIPRE 20140623
ViRobot 20140622
Zillya 20140623
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-11 04:35:43
Entry Point 0x000065C0
Number of sections 5
PE sections
Overlays
MD5 e2966a5ab2d600d85d0182e5f5eaf146
File type data
Offset 44032
Size 149979
Entropy 6.13
PE imports
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptCreateHash
CreateToolhelp32Snapshot
GetLastError
HeapFree
EnterCriticalSection
ReleaseMutex
lstrlenA
lstrcmpiA
OpenThread
WaitForSingleObject
HeapDestroy
GetTickCount
VirtualProtect
LoadLibraryA
lstrcmpiW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
GetProcAddress
FlushInstructionCache
SuspendThread
CreateThread
GetModuleFileNameW
lstrcmpA
ReadFile
WriteFile
CreateMutexW
CloseHandle
lstrcpynA
Thread32Next
Thread32First
GetModuleHandleW
LocalFree
ResumeThread
InitializeCriticalSection
HeapCreate
lstrcpyA
CreateFileW
VirtualFree
Sleep
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
StrStrIA
StrStrIW
StrToIntA
StrChrA
wsprintfA
HttpSendRequestA
InternetQueryDataAvailable
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetOpenA
InternetConnectA
WSAConnect
WSACloseEvent
WSARecv
inet_addr
WSASend
WSACreateEvent
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSASocketW
WSAResetEvent
WSASetLastError
htons
closesocket
WSAGetLastError
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2014:06:11 05:35:43+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
27136

LinkerVersion
10.0

EntryPoint
0x65c0

InitializedDataSize
15872

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 5f182f6c3ac21d8f06cc08e50c2a3fbc
SHA1 f63067dd287ed5d25f54e89926ee37a60723b879
SHA256 0e780cda7f97c262bdc5834dcb0624400e34aaa6f9aa6d4dff72145d7dd9d688
ssdeep
3072:aZL8Ax3EJiMOZXwltUt1vVhi5b4JBD4dSfuZL8Ax3EJiMOZXwl5+Sdunvu:0E4XXA0pi5EJB+E4XXI+SsW

authentihash 09523070189c70e8e64a43d90b86923cf574f178641e869294d7d168d180c361
imphash 4a7c58ad505c35c4e01ec4d218b1de31
File size 189.5 KB ( 194011 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2014-06-23 02:13:50 UTC ( 3 years, 3 months ago )
Last submission 2014-06-23 02:13:50 UTC ( 3 years, 3 months ago )
File names DownloadedDll.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!