× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 179ae6784f8ddd44bdc1c9dc098cd80ad96c0649d7543665f3ede52795871520
File name: aktrfgmzx.343
Detection ratio: 6 / 57
Analysis date: 2016-12-01 22:27:51 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9967 20161201
Bkav W32.eHeur.Malware03 20161201
Comodo TrojWare.Win32.Kryptik.XJV 20161201
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161201
VBA32 BScope.Malware-Cryptor.Filecoder 20161201
Ad-Aware 20161201
AegisLab 20161201
AhnLab-V3 20161201
Alibaba 20161201
ALYac 20161201
Antiy-AVL 20161201
Arcabit 20161201
Avast 20161201
AVG 20161201
Avira (no cloud) 20161201
AVware 20161201
BitDefender 20161201
CAT-QuickHeal 20161201
ClamAV 20161201
CMC 20161201
Cyren 20161201
DrWeb 20161201
Emsisoft 20161201
ESET-NOD32 20161201
F-Prot 20161201
F-Secure 20161201
Fortinet 20161201
GData 20161201
Ikarus 20161201
Sophos ML 20161128
Jiangmin 20161201
K7AntiVirus 20161201
K7GW 20161201
Kaspersky 20161201
Kingsoft 20161201
Malwarebytes 20161201
McAfee 20161201
McAfee-GW-Edition 20161201
Microsoft 20161201
eScan 20161201
NANO-Antivirus 20161201
nProtect 20161201
Panda 20161201
Rising 20161201
Sophos AV 20161201
SUPERAntiSpyware 20161201
Symantec 20161201
Tencent 20161201
TheHacker 20161130
TotalDefense 20161201
TrendMicro 20161201
TrendMicro-HouseCall 20161201
Trustlook 20161201
VIPRE 20161201
ViRobot 20161201
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161201
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-01 19:47:44
Entry Point 0x00002120
Number of sections 4
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
ExitProcess
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
GlobalSize
DeleteCriticalSection
MultiByteToWideChar
SetFilePointerEx
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
WideCharToMultiByte
SetFilePointer
InterlockedExchange
WriteFile
CloseHandle
GetModuleHandleW
TerminateProcess
GlobalAlloc
VirtualAlloc
SetLastError
LeaveCriticalSection
malloc
_adjust_fdiv
__dllonexit
_onexit
free
_initterm
memcpy
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:12:01 20:47:44+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
12288

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x2120

InitializedDataSize
167936

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 337b70a80a8ba86a0f22dfabbb164cce
SHA1 2d129af48e8c1b2cc8de8f7f2b7516baf8eca3b2
SHA256 179ae6784f8ddd44bdc1c9dc098cd80ad96c0649d7543665f3ede52795871520
ssdeep
3072:rIyuXgNBogRYX4/gZkTdMjpJw7ggFX82WEuWyetGg/ZFxILg9:qwros/gGTWjpJwcgXVWv4tjZFS+

authentihash 26211a0f007537c25702b24b530d5e5d758b6ab796e08075f4a5436c90a58915
imphash 91972ede92a45ea9d4b769a86df3e73b
File size 176.0 KB ( 180224 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-12-01 22:27:51 UTC ( 2 years, 2 months ago )
Last submission 2017-08-04 00:43:35 UTC ( 1 year, 6 months ago )
File names decrypted-dll.bin
YlEKVnx.343
VBS.exe
nEeJnfEY.343
aktrfgmzx.343
X.exe
A.exe
UBdWMDk.343
ysXDcsUiAQ.343
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!