× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9
File name: 192608ff371400c1_shell.fne
Detection ratio: 17 / 66
Analysis date: 2018-10-27 04:53:57 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
ALYac Worm.Autorun.RF 20181027
Bkav W32.Ongame0XV.Trojan 20181025
CAT-QuickHeal Trojan.Agen 20181026
ClamAV Win.Worm.Autorun-6749 20181026
CMC Malware.Win32.Generic!O 20181026
Cylance Unsafe 20181027
Cyren W32/Agent.GFWT-5901 20181027
F-Prot W32/Agent.KET 20181027
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181026
K7GW Riskware ( 0040eff71 ) 20181025
Malwarebytes Worm.AutoRun 20181027
MAX malware (ai score=99) 20181027
Sophos AV W32/SillyFDC-DX 20181027
SUPERAntiSpyware Trojan.Agent/Gen 20181022
TotalDefense Win32/Agent.BLH 20181026
ViRobot Adware.Agent.Do.40960 20181026
Ad-Aware 20181027
AegisLab 20181027
AhnLab-V3 20181027
Alibaba 20180921
Antiy-AVL 20181026
Arcabit 20181027
Avast 20181027
Avast-Mobile 20181026
AVG 20181027
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181027
Comodo 20181027
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
DrWeb 20181027
eGambit 20181027
Emsisoft 20181027
Endgame 20180730
ESET-NOD32 20181026
F-Secure 20181027
Fortinet 20181027
GData 20181027
Ikarus 20181026
Jiangmin 20181027
Kaspersky 20181027
Kingsoft 20181027
McAfee 20181027
McAfee-GW-Edition 20181027
Microsoft 20181027
eScan 20181027
NANO-Antivirus 20181027
Palo Alto Networks (Known Signatures) 20181027
Panda 20181026
Qihoo-360 20181027
Rising 20181027
SentinelOne (Static ML) 20181011
Symantec 20181026
Symantec Mobile Insight 20181026
TACHYON 20181027
Tencent 20181027
TheHacker 20181025
TrendMicro 20181027
TrendMicro-HouseCall 20181027
Trustlook 20181027
VBA32 20181026
Webroot 20181027
Yandex 20181026
Zillya 20181026
ZoneAlarm by Check Point 20181027
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-24 05:19:43
Entry Point 0x00002A5F
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetFileType
GetWindowsDirectoryA
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetSystemPowerState
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
IsBadReadPtr
TlsSetValue
IsBadCodePtr
ExitProcess
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
SHGetFileInfoA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
IsWindow
GetParent
EnableWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
SetForegroundWindow
GetForegroundWindow
ExitWindowsEx
CoCreateInstance
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2008:05:24 06:19:43+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x2a5f

InitializedDataSize
45056

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 d54753e7fc3ea03aec0181447969c0e8
SHA1 824e7007b6569ae36f174c146ae1b7242f98f734
SHA256 192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9
ssdeep
768:Pw7QWaOn79Tm7UmuRDR73FjLo4RIqF6bw:Pw7579Tm7V4jxo4RIq0w

authentihash 820300a5977f9a9c1a630194702dabbf730f5fb7619859c4d6cff97014b2d2b4
imphash 7bfe20f314273547fb9502c64706871e
File size 40.0 KB ( 40960 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2008-09-13 06:32:12 UTC ( 10 years, 3 months ago )
Last submission 2018-10-27 04:53:57 UTC ( 1 month, 2 weeks ago )
File names smona131921317733326395135
smona130846225637874420402
56814.vsz
shell.fne
shell.fne.1305017476.qtn
D54753E7FC3EA03AEC0181447969C0E8
c25ed4cb38d5d5e95a267979f0f3f9398c04a1bf5822dceb03d6f6d9b4832dfb227f1e6868327e52a0303f45c36b9ba806e75b16bd7419a7c5203c2ecbae838f
xx
192608ff371400c1_shell.fne
smona131436432685616860465
smona130872654558124850866
smona131211906754736778382
smona132079192509285219675
smona131581560197920212347
smona132239592770205412068
smona131039586263057769618
824e7007b6569ae36f174c146ae1b7242f98f734
VirusShare_d54753e7fc3ea03aec0181447969c0e8
smona_192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9.bin
shell.dll-d54753e7fc3ea03aec0181447969c0e8
smona132030304863905189331
8e0aa700.001
shell.fne.infected
shell.fne
D54753E7FC3EA03AEC0181447969C0E8.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!