× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e823a5b64ee761b70315548d484b5b9c4b61968b5068f9a8687c612ddbfeb80
File name: OwaAuth.dll
Detection ratio: 33 / 62
Analysis date: 2018-07-03 00:23:10 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5221867 20180703
AegisLab Backdoor.W32.Luckyowa!c 20180703
AhnLab-V3 Backdoor/Win32.LuckyOWA.C2018806 20180702
ALYac Trojan.GenericKD.5221867 20180703
Antiy-AVL Trojan[Backdoor]/Win32.LuckyOWA 20180703
Arcabit Trojan.Generic.D4FADEB 20180703
Avast Win32:Malware-gen 20180703
AVG Win32:Malware-gen 20180703
AVware Trojan.Win32.Generic!BT 20180703
BitDefender Trojan.GenericKD.5221867 20180703
CAT-QuickHeal Backdoor.Luckyowa 20180702
Cyren W32/Trojan.ETQF-0510 20180703
Emsisoft Trojan.GenericKD.5221867 (B) 20180703
ESET-NOD32 a variant of Generik.MUPJEC 20180703
F-Secure Trojan.GenericKD.5221867 20180703
Fortinet W32/LuckyOWA.C!tr.bdr 20180703
GData Trojan.GenericKD.5221867 20180703
K7AntiVirus Riskware ( 0040eff71 ) 20180702
K7GW Riskware ( 0040eff71 ) 20180703
Kaspersky Backdoor.Win32.LuckyOWA.c 20180703
MAX malware (ai score=98) 20180703
McAfee Trojan-FMWJ!CD5AAA37EE16 20180703
McAfee-GW-Edition Trojan-FMWJ!CD5AAA37EE16 20180702
eScan Trojan.GenericKD.5221867 20180703
NANO-Antivirus Trojan.Win32.LuckyOWA.epowji 20180703
Palo Alto Networks (Known Signatures) generic.ml 20180703
Sophos AV Mal/Generic-S 20180703
Symantec Trojan.Maljava 20180702
Tencent Win32.Backdoor.Luckyowa.Tafa 20180703
VIPRE Trojan.Win32.Generic!BT 20180703
ViRobot Trojan.Win32.S.Agent.13312.JO 20180703
Webroot W32.Trojan.GenKD 20180703
ZoneAlarm by Check Point Backdoor.Win32.LuckyOWA.c 20180703
Avast-Mobile 20180702
Avira (no cloud) 20180702
Babable 20180406
Baidu 20180702
Bkav 20180702
ClamAV 20180702
CMC 20180702
Comodo 20180702
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
DrWeb 20180703
eGambit 20180703
Endgame 20180612
F-Prot 20180703
Sophos ML 20180601
Jiangmin 20180703
Kingsoft 20180703
Malwarebytes 20180702
Microsoft 20180703
Panda 20180702
Qihoo-360 20180703
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180702
TACHYON 20180703
TheHacker 20180628
TotalDefense 20180702
Trustlook 20180703
VBA32 20180629
Yandex 20180702
Zillya 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright Microsoft® Exchange

Product Microsoft® Exchange
Original name OwaAuth.dll
Internal name OwaAuth.dll
File version 14.0.639.21
Description OwaAuth
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-05 13:15:21
Entry Point 0x0000495E
Number of sections 3
.NET details
Module Version ID dfc5a310-0316-4807-9136-ac23ea8a24cc
TypeLib ID 6e227ff3-b8c2-4597-bd76-f3b37187370d
PE sections
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

SubsystemVersion
4.0

InitializedDataSize
2048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.639.21

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
OwaAuth

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0x495e

OriginalFileName
OwaAuth.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Exchange

FileVersion
14.0.639.21

TimeStamp
2015:11:05 14:15:21+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
OwaAuth.dll

ProductVersion
14.0.639.21

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
10752

ProductName
Microsoft Exchange

ProductVersionNumber
14.0.639.21

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
14.0.639.21

File identification
MD5 cd5aaa37ee165071f914ceec8fd09e0f
SHA1 2b5aa30f8f0575bdfe1ddebc8dac8c56a91137a8
SHA256 0e823a5b64ee761b70315548d484b5b9c4b61968b5068f9a8687c612ddbfeb80
ssdeep
192:mjN8GAToRfzmoFbPVb5kRzI1J9ovFhUYwzdaYQfFfm3chTyD4JVayd7ohFWeYjW:mX7PBNVkCD9gqdanftHy4ThYFWeYjW

authentihash f3c5505d8f1e0751ed4582a7a15e97b8251f4b8a914c76d9137a93898dd06ff9
imphash dae02f32a21e03ce65412f6e56942daa
File size 13.0 KB ( 13312 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (93.2%)
Win32 Dynamic Link Library (generic) (2.5%)
Win32 Executable (generic) (1.7%)
OS/2 Executable (generic) (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
assembly pedll

VirusTotal metadata
First submission 2016-09-14 15:17:23 UTC ( 2 years, 6 months ago )
Last submission 2018-03-27 13:29:45 UTC ( 12 months ago )
File names OwaAuth.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!