× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2b13d3c5ea235393c21ee1f4ddd990542100e33ba01431898743f90bf86dd976
File name: 0375e9f29078b6a3eb1d854211c1942b.dll
Detection ratio: 49 / 60
Analysis date: 2017-05-23 21:10:32 UTC ( 1 year, 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.BProtector.10 20170523
AegisLab AdWare.W32.Esprot.argd!c 20170523
AhnLab-V3 PUP/Win32.MultiPlug.R133830 20170523
ALYac Gen:Variant.Adware.BProtector.10 20170523
Antiy-AVL GrayWare[RiskTool:not-a-virus]/Win32.SProtector.ds 20170523
Arcabit Trojan.Adware.BProtector.10 20170523
Avast Win32:Adware-DCE [PUP] 20170523
AVG Generic_r.AIF 20170523
Avira (no cloud) ADWARE/MultiPlug.Gen7 20170523
AVware Trojan.Win32.Generic!BT 20170523
BitDefender Gen:Variant.Adware.BProtector.10 20170523
CAT-QuickHeal RiskTool.SProtector.OD5 20170523
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/MultiPlug.O.gen!Eldorado 20170523
DrWeb Trojan.WebPick.3767 20170523
Emsisoft Gen:Variant.Adware.BProtector.10 (B) 20170523
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Adware.MultiPlug.NA 20170523
F-Prot W32/MultiPlug.O.gen!Eldorado 20170523
F-Secure Gen:Variant.Adware.BProtector 20170523
Fortinet Riskware/SProtector 20170523
GData Gen:Variant.Adware.BProtector.10 20170523
Ikarus PUA.SProtector 20170523
Sophos ML trojandropper.win32.sventore.b 20170519
Jiangmin AdWare.Generic.aadg 20170523
K7AntiVirus Trojan ( 0040fa3b1 ) 20170523
K7GW Unwanted-Program ( 0040fa3b1 ) 20170523
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic 20170523
Malwarebytes PUP.Optional.MultiPlug 20170523
McAfee Artemis!0375E9F29078 20170523
McAfee-GW-Edition BehavesLike.Win32.Multiplug.tc 20170523
eScan Gen:Variant.Adware.BProtector.10 20170523
NANO-Antivirus Riskware.Win32.SProtector.dqseym 20170523
Palo Alto Networks (Known Signatures) generic.pup 20170523
Panda Trj/Genetic.gen 20170523
Qihoo-360 Win32/Virus.RiskTool.9b9 20170523
Rising AdWare.Win32.MultiPlug.au (cloud:ayoE6Em4VwC) 20170523
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV BProtector (PUA) 20170523
SUPERAntiSpyware PUP.MultiPlug/Variant 20170523
Symantec ML.Attribute.HighConfidence 20170523
Tencent Win32.Adware.Generic.Dur 20170523
TrendMicro TROJ_GEN.R047C0WEC17 20170523
TrendMicro-HouseCall TROJ_GEN.R047C0WEC17 20170523
VIPRE Trojan.Win32.Generic!BT 20170523
Webroot W32.Adware.Gen 20170523
Yandex Riskware.Agent! 20170518
Zillya Adware.MultiPlug.Win32.360668 20170523
ZoneAlarm by Check Point not-a-virus:HEUR:AdWare.Win32.Generic 20170523
Alibaba 20170523
ClamAV 20170523
CMC 20170523
Comodo 20170523
Kingsoft 20170523
Microsoft 20170523
nProtect 20170523
Symantec Mobile Insight 20170523
TheHacker 20170522
TotalDefense 20170523
Trustlook 20170523
VBA32 20170523
ViRobot 20170523
WhiteArmor 20170517
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-31 05:34:23
Entry Point 0x00010430
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetCurrentProcessId
WriteConsoleW
LoadLibraryExW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetEnvironmentVariableW
SetLastError
InterlockedIncrement
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:31 06:34:23+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
336384

LinkerVersion
11.0

FileTypeExtension
dll

InitializedDataSize
1284608

SubsystemVersion
5.1

EntryPoint
0x10430

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 0375e9f29078b6a3eb1d854211c1942b
SHA1 f683fa8c0d2096b9bb3c753762b7bd57ea14fb9d
SHA256 2b13d3c5ea235393c21ee1f4ddd990542100e33ba01431898743f90bf86dd976
ssdeep
49152:UmNg9hwCasA7f+8rdYDABglBeoEpAYjF9AaPu:UmNqhJasA7VZYMNzpAoFmq

authentihash 6ce2daa3f9095198b4e042a55a17af9ef9dde4d6834fe5f077b7433205ab3a89
imphash 269fc7a4bb1467ff156118e9db7b2cda
File size 1.5 MB ( 1610752 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2015-04-15 19:46:09 UTC ( 4 years, 1 month ago )
Last submission 2016-02-28 17:41:53 UTC ( 3 years, 2 months ago )
File names 0375E9F29078B6A3EB1D854211C1942B
0375e9f29078b6a3eb1d854211c1942b.dll
RelayDefender_142268944804474.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02LC0EE515.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!