× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1235997c2dcb273cb04bbf9e1534bd1acb3ea1c5901e93308a72cff470896ae3
File name: 9a21726fdd1054098d4e75c84fde5b7f
Detection ratio: 27 / 67
Analysis date: 2018-07-09 11:01:36 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.353629 20180709
ALYac Gen:Variant.Razy.353629 20180709
Antiy-AVL Trojan[Banker]/Win64.Emotet 20180709
Avast Win64:Malware-gen 20180709
AVG Win64:Malware-gen 20180709
AVware Trojan.Win32.Generic!BT 20180709
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20180709
BitDefender Gen:Variant.Razy.353629 20180709
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180709
Emsisoft Gen:Variant.Razy.353629 (B) 20180709
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win64/Kryptik.BKP 20180709
F-Secure Gen:Variant.Razy.353629 20180709
Fortinet W64/Kryptik.BKA!tr 20180709
GData Gen:Variant.Razy.353629 20180709
Ikarus Trojan.Win64.Krypt 20180709
Sophos ML heuristic 20180601
Jiangmin Trojan.Banker.Emotet.bfi 20180709
Kaspersky HEUR:Trojan.Win32.Generic 20180709
MAX malware (ai score=89) 20180709
eScan Gen:Variant.Razy.353629 20180709
VIPRE Trojan.Win32.Generic!BT 20180709
Webroot W32.Malware.Gen 20180709
Yandex Trojan.PWS.Emotet! 20180706
Zillya Trojan.Emotet.Win64.6 20180706
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180709
AegisLab 20180709
AhnLab-V3 20180709
Arcabit 20180709
Avast-Mobile 20180709
Avira (no cloud) 20180709
Babable 20180406
Bkav 20180706
CAT-QuickHeal 20180709
ClamAV 20180709
CMC 20180709
Comodo 20180709
Cybereason 20180225
Cyren 20180709
DrWeb 20180709
eGambit 20180709
F-Prot 20180709
K7AntiVirus 20180709
K7GW 20180709
Kingsoft 20180709
Malwarebytes 20180709
McAfee 20180709
McAfee-GW-Edition 20180709
Microsoft 20180709
NANO-Antivirus 20180709
Palo Alto Networks (Known Signatures) 20180709
Panda 20180708
Qihoo-360 20180709
Rising 20180709
SentinelOne (Static ML) 20180701
Sophos AV 20180709
SUPERAntiSpyware 20180708
Symantec 20180709
TACHYON 20180709
Tencent 20180709
TheHacker 20180709
TotalDefense 20180709
TrendMicro 20180709
TrendMicro-HouseCall 20180709
Trustlook 20180709
VBA32 20180707
ViRobot 20180709
Zoner 20180708
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-06-21 09:42:38
Entry Point 0x000015F0
Number of sections 5
PE sections
PE imports
RegUnLoadKeyA
GetSidLengthRequired
CryptDestroyHash
CryptVerifyCertificateSignature
SetTextAlign
CreateHatchBrush
GetProductInfo
GetNamedPipeInfo
GetFileSize
GetModuleFileNameW
GetExitCodeProcess
AllocConsole
SignalObjectAndWait
ReadFileEx
DeleteTimerQueueEx
GetModuleHandleW
GetBinaryTypeA
NetServerTransportEnum
VarR4FromCy
NdrAsyncClientCall
NdrSimpleStructBufferSize
SetupGetLineTextA
StrCmpNA
wnsprintfA
SendNotifyMessageA
CreateMenu
MessageBoxW
GetDesktopWindow
EnumDisplaySettingsExW
SetWindowLongA
MonitorFromRect
timeEndPeriod
g_rgSCardT1Pci
SCardConnectW
StringFromCLSID
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:06:21 10:42:38+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
12288

LinkerVersion
12.0

EntryPoint
0x15f0

InitializedDataSize
614400

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9a21726fdd1054098d4e75c84fde5b7f
SHA1 1b0bcf4c9190698dd9dd0d42b9ded21df492a549
SHA256 1235997c2dcb273cb04bbf9e1534bd1acb3ea1c5901e93308a72cff470896ae3
ssdeep
6144:HX6NZBQ5+xxP948CNheBohmGyPJLxfEbxiQSQoZbWjU4PERteRrDuUCOt20tB4mO:3YZ9xR9kbethlREbxxJoZbRz5HGtBwd

authentihash 86954d1cdd37faf4f202bef56550e7ded9c42479ee03bda7b82240f8d83eb63d
imphash 052d8ae72ddb91a1d848618ad4317b82
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-07-09 11:01:36 UTC ( 5 months, 1 week ago )
Last submission 2018-07-09 11:01:36 UTC ( 5 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!