× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1267e22c9a1d996e2a03a1a39c061030f435edb59b4224b6557975dbcc96633f
File name: bad.exe
Detection ratio: 10 / 56
Analysis date: 2016-12-09 10:18:11 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20161207
Bkav W32.eHeur.Malware03 20161208
Comodo TrojWare.Win32.Yakes.FHUC 20161209
CrowdStrike Falcon (ML) malicious_confidence_68% (D) 20161024
GData Win32.Trojan-Ransom.Locky.DD 20161209
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161209
Tencent Win32.Trojan.Raas.Auto 20161209
TrendMicro Ransom_HPLOCKY.SMJBB 20161209
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20161209
VBA32 SScope.Malware-Cryptor.Filecoder 20161208
Ad-Aware 20161209
AegisLab 20161209
AhnLab-V3 20161209
Alibaba 20161209
ALYac 20161209
Antiy-AVL 20161209
Arcabit 20161209
Avast 20161209
AVG 20161209
Avira (no cloud) 20161209
AVware 20161209
BitDefender 20161209
CAT-QuickHeal 20161209
ClamAV 20161209
CMC 20161209
Cyren 20161209
DrWeb 20161209
Emsisoft 20161209
ESET-NOD32 20161209
F-Prot 20161209
F-Secure 20161209
Fortinet 20161209
Ikarus 20161209
Sophos ML 20161202
Jiangmin 20161208
K7AntiVirus 20161209
K7GW 20161209
Kaspersky 20161209
Kingsoft 20161209
Malwarebytes 20161209
McAfee 20161209
McAfee-GW-Edition 20161208
Microsoft 20161209
eScan 20161209
NANO-Antivirus 20161209
nProtect 20161209
Panda 20161208
Rising 20161209
Sophos AV 20161209
SUPERAntiSpyware 20161209
Symantec 20161209
TheHacker 20161130
Trustlook 20161209
VIPRE 20161209
ViRobot 20161209
WhiteArmor 20161207
Yandex 20161208
Zillya 20161207
Zoner 20161209
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-09 08:40:28
Entry Point 0x00001E50
Number of sections 3
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
CompareStringW
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
WriteFile
GetCurrentProcess
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
GetEnvironmentVariableA
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHQueryInfoKeyA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:09 09:40:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
40960

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
180224

SubsystemVersion
4.0

EntryPoint
0x1e50

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a48063ab566414bbba0f267d1053cff7
SHA1 aad18e428e8fe640d17ae8c8d5c3a8e39d33da2b
SHA256 1267e22c9a1d996e2a03a1a39c061030f435edb59b4224b6557975dbcc96633f
ssdeep
6144:npCu3OePinhdFubftjsI/R0Vr2OU257bMS:9OgQG1gV5f

authentihash 2384628269071cfaa22feb019a4d3e0c8f482d7801f266d1b77f9bdcb8461bab
imphash 2e169b273e2fb7b7cb684b67c6f95a63
File size 220.0 KB ( 225280 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-12-09 10:18:11 UTC ( 2 years, 4 months ago )
Last submission 2016-12-13 12:50:29 UTC ( 2 years, 4 months ago )
File names bad.exe
BUNDY.exe
clsooach1.feds
34f43.dat
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!