× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2179d5bf0b096162eb19c23746c1b645a7d585104407679fbd756d6e2dac3799
File name: ba6d916e590e037596aef06bf09d5796
Detection ratio: 9 / 66
Analysis date: 2018-05-31 14:41:26 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.Agent 20180531
Avast Win64:Malware-gen 20180531
AVG Win64:Malware-gen 20180531
Cylance Unsafe 20180531
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/GenKryptik.CBFR 20180531
Fortinet W64/Kryptik.BIW!tr 20180531
Sophos ML heuristic 20180503
Webroot W32.Trojan.Gen 20180531
Ad-Aware 20180531
AegisLab 20180531
AhnLab-V3 20180531
Alibaba 20180530
ALYac 20180531
Arcabit 20180531
Avast-Mobile 20180531
Avira (no cloud) 20180531
AVware 20180531
Babable 20180406
Baidu 20180531
BitDefender 20180531
Bkav 20180531
CAT-QuickHeal 20180531
ClamAV 20180531
CMC 20180529
Comodo 20180531
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180531
DrWeb 20180531
eGambit 20180531
Emsisoft 20180531
F-Prot 20180531
F-Secure 20180531
GData 20180531
Ikarus 20180531
Jiangmin 20180531
K7AntiVirus 20180530
K7GW 20180531
Kaspersky 20180531
Kingsoft 20180531
Malwarebytes 20180531
MAX 20180531
McAfee 20180530
McAfee-GW-Edition 20180531
Microsoft 20180531
eScan 20180531
NANO-Antivirus 20180531
nProtect 20180531
Palo Alto Networks (Known Signatures) 20180531
Panda 20180531
Qihoo-360 20180531
Rising 20180531
SentinelOne (Static ML) 20180225
Sophos AV 20180531
SUPERAntiSpyware 20180531
Symantec 20180531
Symantec Mobile Insight 20180525
Tencent 20180531
TheHacker 20180531
TotalDefense 20180531
TrendMicro 20180531
TrendMicro-HouseCall 20180531
Trustlook 20180531
VBA32 20180531
VIPRE 20180531
ViRobot 20180531
Yandex 20180529
Zillya 20180530
ZoneAlarm by Check Point 20180531
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-05-30 12:17:53
Entry Point 0x000015E0
Number of sections 9
PE sections
PE imports
lstrcpyA
GetModuleHandleW
I_RpcGetExtendedError
GetTabbedTextExtentW
isalpha
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:05:30 13:17:53+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x15e0

InitializedDataSize
679936

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ba6d916e590e037596aef06bf09d5796
SHA1 a123b477223848576d7620e114495183111c3c5f
SHA256 2179d5bf0b096162eb19c23746c1b645a7d585104407679fbd756d6e2dac3799
ssdeep
12288:ynfq943cv9VeGdrVZxM27BOr69gFmqndQh9:q3cvjeGFVZxM2xuoqq

authentihash c588149ec7179f943277ab4ce7be628decf63af86a15cfa48b0abe962ab9d4b7
imphash 0274b181afd9275e4a9b5d9982692281
File size 644.0 KB ( 659456 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-05-31 14:41:26 UTC ( 6 months, 2 weeks ago )
Last submission 2018-05-31 14:41:26 UTC ( 6 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!