× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e2e2768d6983373d5d23ae03aa149b75c9f7d08e129d37bb1e7098301e57dd5
File name: 9cff4061c873bc9bc8db8778333c094b
Detection ratio: 9 / 67
Analysis date: 2018-06-20 17:01:21 UTC ( 5 months, 4 weeks ago )
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20180620
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9970 20180620
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180620
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.PUPXAX.hh 20180620
Qihoo-360 HEUR/QVM40.1.F961.Malware.Gen 20180620
Symantec Packed.Generic.517 20180620
Ad-Aware 20180620
AegisLab 20180620
AhnLab-V3 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Arcabit 20180620
Avast 20180620
Avast-Mobile 20180620
AVG 20180620
AVware 20180620
Babable 20180406
BitDefender 20180620
Bkav 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
Cyren 20180620
DrWeb 20180620
eGambit 20180620
Emsisoft 20180620
ESET-NOD32 20180620
F-Prot 20180620
F-Secure 20180620
Fortinet 20180620
Ikarus 20180620
Jiangmin 20180620
K7AntiVirus 20180620
K7GW 20180620
Kaspersky 20180620
Kingsoft 20180620
Malwarebytes 20180620
MAX 20180620
McAfee 20180620
Microsoft 20180620
eScan 20180620
NANO-Antivirus 20180620
Palo Alto Networks (Known Signatures) 20180620
Panda 20180620
Rising 20180620
SentinelOne (Static ML) 20180618
Sophos AV 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180620
TrendMicro 20180620
TrendMicro-HouseCall 20180620
Trustlook 20180620
VBA32 20180620
VIPRE 20180620
ViRobot 20180620
Webroot 20180620
Yandex 20180620
Zillya 20180620
ZoneAlarm by Check Point 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-21 05:12:34
Entry Point 0x00001C50
Number of sections 4
PE sections
PE imports
CryptGetDefaultProviderW
RegDeleteValueA
GetUserDefaultUILanguage
SetCriticalSectionSpinCount
GetCurrentDirectoryW
GetModuleHandleA
GetSystemDefaultUILanguage
SetLocaleInfoA
PeekConsoleInputW
IsDebuggerPresent
GetThreadLocale
OpenMutexW
GetCurrentThreadId
GetModuleFileNameA
GetBinaryTypeA
GetCurrentThread
wglGetProcAddress
NdrUserMarshalMarshall
NdrUserMarshalBufferSize
GetActiveWindow
GetCursor
GetOpenClipboardWindow
DeletePortW
Ord(31)
Ord(160)
iswctype
GetClassFileOrMime
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2018:06:21 06:12:34+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
557056

LinkerVersion
12.0

EntryPoint
0x1c50

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9cff4061c873bc9bc8db8778333c094b
SHA1 fe014b94e2e5623e5da056ccc6671915ac258eec
SHA256 2e2e2768d6983373d5d23ae03aa149b75c9f7d08e129d37bb1e7098301e57dd5
ssdeep
6144:wfkTbtuD6mOdY090bFaQuR7SLrVjX9LP940YeotL5V8CRxUBZk+/X1iOpJ1:wsypOd/90JaQNLrhXHhDMFtxUBZ5liO

authentihash 7f21abe9d1e07cc87b62467f8e67978eee90ea64b102353c29f452475c7a3885
imphash 6a1ab16027c1acf84e7118d722a85cc0
File size 560.0 KB ( 573440 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-06-20 17:01:21 UTC ( 5 months, 4 weeks ago )
Last submission 2018-06-20 17:01:21 UTC ( 5 months, 4 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!