× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13f5b7aeb4fc4e29dbb1d32d75d5f731f820dbd684d0341524dbd2c87281d7a4
File name: Setup.dll
Detection ratio: 28 / 56
Analysis date: 2016-05-27 07:13:32 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3224408 20160527
AegisLab Troj.Downloader.W32.Agent.lb6w 20160527
ALYac Trojan.GenericKD.3224408 20160527
Antiy-AVL Trojan[Ransom]/Win32.Mikhail 20160527
Arcabit Trojan.Generic.D313358 20160527
Avast Win32:Petya-B [Trj] 20160527
AVG Atros3.AUYN 20160527
Avira (no cloud) TR/AD.Petya.Y.rxxx 20160527
Baidu Win32.Trojan.WisdomEyes.151026.9950.9966 20160527
BitDefender Trojan.GenericKD.3224408 20160527
Bkav W32.HfsAutoB.F81D 20160526
CAT-QuickHeal Trojan.Dynamer.014855 20160527
Cyren W32/Injector.A.gen!Eldorado 20160527
Emsisoft Trojan.GenericKD.3224408 (B) 20160527
ESET-NOD32 a variant of Win32/Diskcoder.Petya.C 20160527
F-Prot W32/Injector.A.gen!Eldorado 20160527
F-Secure Trojan.GenericKD.3224408 20160527
GData Trojan.GenericKD.3224408 20160527
Jiangmin Trojan.Petr.a 20160527
Kaspersky Trojan-Ransom.Win32.Mikhail.a 20160527
McAfee-GW-Edition BehavesLike.Win32.Ramnit.nc 20160527
Microsoft Ransom:Win32/Mischa.A 20160527
eScan Trojan.GenericKD.3224408 20160527
nProtect Trojan.GenericKD.3224408 20160526
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20160527
Rising Malware.Generic!UXoD7xAuB0R@1 (Thunder) 20160527
Symantec Heur.AdvML.B 20160527
Zillya Trojan.Mikhail.Win32.4 20160526
AhnLab-V3 20160527
Alibaba 20160527
AVware 20160527
Baidu-International 20160526
ClamAV 20160527
CMC 20160523
Comodo 20160527
DrWeb 20160527
Fortinet 20160527
Ikarus 20160527
K7AntiVirus 20160527
K7GW 20160527
Kingsoft 20160527
Malwarebytes 20160527
McAfee 20160527
NANO-Antivirus 20160527
Panda 20160526
Sophos AV 20160527
SUPERAntiSpyware 20160527
Tencent 20160527
TheHacker 20160526
TrendMicro 20160527
TrendMicro-HouseCall 20160527
VBA32 20160525
VIPRE 20160526
ViRobot 20160527
Yandex 20160526
Zoner 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-09 14:34:59
Entry Point 0x0000ED70
Number of sections 5
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
CryptReleaseContext
CryptAcquireContextA
OpenProcessToken
CryptGenRandom
AdjustTokenPrivileges
DeviceIoControl
HeapFree
WriteProcessMemory
VirtualAllocEx
GetFileAttributesA
GetLastError
WaitForSingleObject
GetProcessTimes
VirtualProtect
GetModuleFileNameA
VerifyVersionInfoW
VerSetConditionMask
CreateRemoteThread
GetCurrentProcess
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetProcAddress
GetProcessHeap
GetModuleHandleA
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemDirectoryA
VirtualFree
CreateFileA
HeapAlloc
VirtualAlloc
ShellExecuteExA
GetWindowThreadProcessId
EnumWindows
CheckSumMappedFile
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:05:09 15:34:59+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
57344

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
14848

SubsystemVersion
5.1

EntryPoint
0xed70

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c8e4829dcba8b288bd0ed75717214db6
SHA1 285b0d8c5a1e2a263fe323fb217cf544ba5fa488
SHA256 13f5b7aeb4fc4e29dbb1d32d75d5f731f820dbd684d0341524dbd2c87281d7a4
ssdeep
1536:GQolLZrdlNmObmgsAaiAdkTx26d6/cY1LGXdp9VB3ZGMXwVai62snrS/FlG:glLnNui+kt4NLGC7Vag0S/Fl

authentihash 66c9c8fe978be5c3ee99a2f2df0679d8979fc838de93c271e31818ebd7a3d79f
imphash da9b8da0fb9dd58bb1c4f97f35636f66
File size 94.0 KB ( 96256 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-05-27 07:13:32 UTC ( 2 years, 11 months ago )
Last submission 2018-03-16 08:30:20 UTC ( 1 year, 2 months ago )
File names Setup.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!