× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 189d05ce6dd0454207d7bf59f188cb479443fdee68ab2f2d487cb07b10a9692b
File name: up_unpacked.dll
Detection ratio: 14 / 57
Analysis date: 2015-05-15 10:08:08 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.187367 20150515
AhnLab-V3 Trojan/Win32.Rovnix 20150515
ALYac Gen:Variant.Graftor.187367 20150515
Avast Win64:Rovnix-I [Trj] 20150515
BitDefender Gen:Variant.Graftor.187367 20150515
Emsisoft Gen:Variant.Graftor.187367 (B) 20150515
ESET-NOD32 a variant of Win32/Rovnix.T 20150515
F-Secure Gen:Variant.Graftor.187367 20150515
GData Gen:Variant.Graftor.187367 20150515
Malwarebytes Trojan.Rovnix.Vh 20150515
McAfee BackDoor-FCOL!A04645D8CBFD 20150515
McAfee-GW-Edition BackDoor-FCOL!A04645D8CBFD 20150514
eScan Gen:Variant.Graftor.187367 20150515
Tencent Trojan.Win32.Qudamah.Gen.13 20150515
AegisLab 20150515
Yandex 20150514
Alibaba 20150515
Antiy-AVL 20150515
AVG 20150515
Avira (no cloud) 20150515
AVware 20150515
Baidu-International 20150515
Bkav 20150514
ByteHero 20150515
CAT-QuickHeal 20150515
ClamAV 20150515
CMC 20150513
Comodo 20150515
Cyren 20150515
DrWeb 20150515
F-Prot 20150515
Fortinet 20150515
Ikarus 20150515
Jiangmin 20150513
K7AntiVirus 20150515
K7GW 20150515
Kaspersky 20150515
Kingsoft 20150515
Microsoft 20150515
NANO-Antivirus 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
Rising 20150514
Sophos AV 20150515
SUPERAntiSpyware 20150515
Symantec 20150515
TheHacker 20150514
TotalDefense 20150522
TrendMicro 20150515
TrendMicro-HouseCall 20150515
VBA32 20150514
VIPRE 20150515
ViRobot 20150515
Zillya 20150515
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-14 21:06:15
Entry Point 0x0000B550
Number of sections 4
PE sections
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:04:14 22:06:15+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
44032

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0xb550

InitializedDataSize
45056

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a04645d8cbfd2f8d1225a1a6ebacd3ac
SHA1 6f2d2cdef02af0b85918a65bba3f16b4fdcfbb1d
SHA256 189d05ce6dd0454207d7bf59f188cb479443fdee68ab2f2d487cb07b10a9692b
ssdeep
1536:uxUrfUUCb1YsINV67T/4Es7lMLvruymPrg1o:uOrsNIr4T/4Es7mjrnmPr2o

authentihash ccfa78356d292b94924619bd4b3d4268d283c3bb67fae0f27abdde210b46ad95
File size 96.0 KB ( 98304 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-05-15 10:08:08 UTC ( 3 years, 7 months ago )
Last submission 2018-10-04 21:04:03 UTC ( 2 months, 1 week ago )
File names A04645D8CBFD2F8D1225A1A6EBACD3AC
A04645D8CBFD2F8D1225A1A6EBACD3AC.exe
up_unpacked.dll
a04645d8cbfd2f8d1225a1a6ebacd3ac.vir
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!