× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1aa578609273d57a40269a85d2715bcbe1d9d5c6dcad79354b77bc0b0cf89fcf
File name: 94fd7c297e7ddc4dc2ba51af095685d0.virobj
Detection ratio: 47 / 67
Analysis date: 2018-04-20 13:57:18 UTC ( 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.254430 20180420
AegisLab Gen.Variant.Razy!c 20180420
ALYac Gen:Variant.Razy.254430 20180420
Antiy-AVL Trojan/Win32.SGeneric 20180418
Arcabit Trojan.Razy.D3E1DE 20180420
Avast Win32:Malware-gen 20180420
AVG Win32:Malware-gen 20180420
Avira (no cloud) TR/AD.Emotet.ssylw 20180420
AVware Trojan.Win32.Generic!BT 20180420
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180419
BitDefender Gen:Variant.Razy.254430 20180420
CAT-QuickHeal Trojan.IGENERIC 20180419
Comodo UnclassifiedMalware 20180420
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180420
Cyren W32/Trojan.SNYH-8200 20180420
Emsisoft Gen:Variant.Razy.254430 (B) 20180420
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GDJX 20180420
Fortinet W32/Dridex.BT!tr 20180420
GData Gen:Variant.Razy.254430 20180420
Ikarus Trojan.Win32.Crypt 20180420
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052af241 ) 20180420
K7GW Trojan ( 0052af241 ) 20180420
Kaspersky Trojan-Banker.Win32.Emotet.afsq 20180420
MAX malware (ai score=98) 20180420
McAfee GenericRXEB-YO!94FD7C297E7D 20180420
McAfee-GW-Edition GenericRXEB-YO!94FD7C297E7D 20180420
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180420
eScan Gen:Variant.Razy.254430 20180420
NANO-Antivirus Trojan.Win32.Kryptik.exsrkw 20180420
Palo Alto Networks (Known Signatures) generic.ml 20180420
Panda Trj/CI.A 20180419
Qihoo-360 Win32/Trojan.a27 20180420
Rising Trojan.Kryptik!8.8 (TFE:5:SdrjgGRylx) 20180420
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180420
Symantec Packed.Generic.517 20180420
Tencent Win32.Trojan-banker.Emotet.Hvtd 20180420
TrendMicro TSPY_EMOTET.SMZD177 20180420
TrendMicro-HouseCall TSPY_EMOTET.SMZD177 20180420
VBA32 BScope.TrojanBanker.Emotet 20180420
VIPRE Trojan.Win32.Generic!BT 20180420
Webroot W32.Infostealer.Dridex 20180420
Yandex Trojan.Kryptik!Xk/DmvNuZA4 20180419
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.afsq 20180420
AhnLab-V3 20180420
Alibaba 20180420
Avast-Mobile 20180420
Babable 20180406
Bkav 20180410
ClamAV 20180420
CMC 20180420
Cybereason None
DrWeb 20180420
eGambit 20180420
F-Prot 20180420
F-Secure 20180420
Jiangmin 20180420
Kingsoft 20180420
Malwarebytes 20180420
nProtect 20180420
SUPERAntiSpyware 20180420
Symantec Mobile Insight 20180419
TheHacker 20180415
TotalDefense 20180420
Trustlook 20180420
ViRobot 20180420
Zillya 20180420
Zoner 20180419
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Product PyWin32
File version 2.7.219.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-05 09:27:42
Entry Point 0x000017D0
Number of sections 8
PE sections
PE imports
CryptGetDefaultProviderW
capGetDriverDescriptionA
GetCurrentThreadId
ConvertDefaultLocale
GetModuleHandleA
GetModuleFileNameA
GetBinaryTypeA
wglGetProcAddress
IsCharAlphaW
GetClassInfoExW
GetActiveWindow
IsZoomed
GetFocus
GetSysColor
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
107702811

LinkerVersion
12.255

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.23539

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x17d0

MIMEType
application/octet-stream

FileVersion
2.7.219.0

TimeStamp
2018:02:05 10:27:42+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
2.7.219.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
12288

ProductName
PyWin32

ProductVersionNumber
6.1.7601.23539

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 94fd7c297e7ddc4dc2ba51af095685d0
SHA1 f964639735c48e7b4bc148107eb81490d013851a
SHA256 1aa578609273d57a40269a85d2715bcbe1d9d5c6dcad79354b77bc0b0cf89fcf
ssdeep
6144:Gs12Syb85XEQJoXTLjjxcSZOySWdslnnQrGg9L7ETGD+Fx48Brx7+x6WSNzd:n2SW85qPjuChUnnr4ceviV7oFSNzd

authentihash 9d9e5ad011c40959dae28d931d0463920ad31389ab4e22c2f1924c49b2211ec9
imphash 15d7ffaa84285b99d099b647b0ba99b5
File size 472.0 KB ( 483328 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-25 20:01:04 UTC ( 8 months, 3 weeks ago )
Last submission 2018-04-20 13:57:18 UTC ( 8 months ago )
File names 94fd7c297e7ddc4dc2ba51af095685d0
94fd7c297e7ddc4dc2ba51af095685d0.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!