× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12923e913b0642b71ffef9e65dd363c26468a8cdff6351818d67ca8cba270c83
File name: a5baa566a3e9675d304e56e3cf512916
Detection ratio: 6 / 63
Analysis date: 2018-06-21 17:00:40 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20180621
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180621
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win64/GenKryptik.CDEW 20180621
Sophos ML heuristic 20180601
Ad-Aware 20180621
AegisLab 20180621
AhnLab-V3 20180621
Alibaba 20180621
Antiy-AVL 20180621
Arcabit 20180621
Avast 20180621
Avast-Mobile 20180621
AVG 20180621
Avira (no cloud) 20180621
Babable 20180406
BitDefender 20180621
Bkav 20180621
CAT-QuickHeal 20180621
ClamAV 20180621
CMC 20180621
Comodo 20180621
Cybereason 20180225
Cyren 20180621
DrWeb 20180621
eGambit 20180621
Emsisoft 20180621
F-Prot 20180621
F-Secure 20180621
Fortinet 20180621
GData 20180621
Ikarus 20180621
Jiangmin 20180621
K7AntiVirus 20180621
K7GW 20180621
Kaspersky 20180621
Kingsoft 20180621
MAX 20180621
McAfee 20180621
McAfee-GW-Edition 20180621
Microsoft 20180621
eScan 20180621
NANO-Antivirus 20180621
Palo Alto Networks (Known Signatures) 20180621
Panda 20180621
Qihoo-360 20180621
Rising 20180621
SentinelOne (Static ML) 20180618
Sophos AV 20180621
SUPERAntiSpyware 20180621
Symantec 20180621
Symantec Mobile Insight 20180619
TACHYON 20180621
Tencent 20180621
TheHacker 20180621
TotalDefense 20180621
TrendMicro 20180621
TrendMicro-HouseCall 20180621
Trustlook 20180621
VBA32 20180621
VIPRE 20180621
ViRobot 20180621
Webroot 20180621
Zillya 20180621
ZoneAlarm by Check Point 20180621
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-06-21 09:42:38
Entry Point 0x000015F0
Number of sections 5
PE sections
PE imports
RegUnLoadKeyA
GetSidLengthRequired
CryptDestroyHash
CryptVerifyCertificateSignature
SetTextAlign
CreateHatchBrush
GetProductInfo
GetNamedPipeInfo
GetFileSize
GetModuleFileNameW
GetExitCodeProcess
AllocConsole
SignalObjectAndWait
ReadFileEx
DeleteTimerQueueEx
GetModuleHandleW
GetBinaryTypeA
NetServerTransportEnum
VarR4FromCy
NdrAsyncClientCall
NdrSimpleStructBufferSize
SetupGetLineTextA
StrCmpNA
wnsprintfA
SendNotifyMessageA
CreateMenu
MessageBoxW
GetDesktopWindow
EnumDisplaySettingsExW
SetWindowLongA
MonitorFromRect
timeEndPeriod
g_rgSCardT1Pci
SCardConnectW
StringFromCLSID
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:06:21 10:42:38+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
12288

LinkerVersion
12.0

EntryPoint
0x15f0

InitializedDataSize
614400

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a5baa566a3e9675d304e56e3cf512916
SHA1 c26a0736828189230231fe56b5f260a4542d10f0
SHA256 12923e913b0642b71ffef9e65dd363c26468a8cdff6351818d67ca8cba270c83
ssdeep
6144:CX6NZBQ5+xxP948CNheBohmGyPJLxfEbxiQSQoZbWjU4PERteRrDuUCOt20tB4mO:aYZ9xR9kbethlREbxxJoZbRz5HGtBwd

authentihash a6373d695c99cd5e47e776cdb55026fd9b7ca52955cc858a24fb6e4907803e94
imphash 052d8ae72ddb91a1d848618ad4317b82
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-06-21 17:00:40 UTC ( 5 months, 3 weeks ago )
Last submission 2018-06-21 17:00:40 UTC ( 5 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!