× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3151f9be115bd7fcfd6abad94680ab6b5bb1b6c81b6865e542a7b431c7ea45d9
File name: 3151f9be115bd7fcfd6abad94680ab6b5bb1b6c81b6865e542a7b431c7ea45d9
Detection ratio: 24 / 67
Analysis date: 2018-02-23 10:45:14 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.C2411201 20180222
Antiy-AVL Trojan/Win32.Agent 20180223
Avast Win64:Malware-gen 20180223
AVG Win64:Malware-gen 20180223
AVware Trojan.Win32.Generic!BT 20180223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9705 20180208
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180223
eGambit Unsafe.AI_Score_95% 20180223
Endgame malicious (high confidence) 20180216
ESET-NOD32 a variant of Win64/GenKryptik.BQFJ 20180223
Fortinet W64/Dridex.AM!tr 20180223
GData Win64.Trojan.Agent.Q2BQAB 20180223
Sophos ML heuristic 20180121
Kaspersky Trojan.Win32.Agent.qwfuox 20180223
McAfee Trojan-FOXN!4796D47EB1AE 20180221
McAfee-GW-Edition Artemis!Trojan 20180223
Rising Trojan.Win64/Kryptik!1.AE80 (CLASSIC) 20180223
Sophos AV Mal/Generic-S 20180223
Symantec Trojan.Cridex 20180223
TrendMicro-HouseCall TROJ_GEN.R004H0DBL18 20180223
VIPRE Trojan.Win32.Generic!BT 20180223
Webroot W32.Trojan.Gen 20180223
ZoneAlarm by Check Point Trojan.Win32.Agent.qwfuox 20180223
Ad-Aware 20180223
AegisLab 20180223
Alibaba 20180223
ALYac 20180223
Arcabit 20180223
Avast-Mobile 20180222
Avira (no cloud) 20180223
BitDefender 20180223
Bkav 20180212
CAT-QuickHeal 20180223
ClamAV 20180223
CMC 20180223
Comodo 20180223
Cybereason 20180205
Cyren 20180223
DrWeb 20180223
Emsisoft 20180223
F-Prot 20180223
F-Secure 20180223
Ikarus 20180223
Jiangmin 20180223
K7AntiVirus 20180223
K7GW 20180223
Kingsoft 20180223
Malwarebytes 20180223
MAX 20180223
Microsoft 20180223
eScan 20180223
NANO-Antivirus 20180223
nProtect 20180223
Palo Alto Networks (Known Signatures) 20180223
Panda 20180222
Qihoo-360 20180223
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180223
Symantec Mobile Insight 20180220
Tencent 20180223
TheHacker 20180219
TotalDefense 20180223
TrendMicro 20180223
Trustlook 20180223
VBA32 20180222
ViRobot 20180223
WhiteArmor 20180223
Yandex 20180222
Zillya 20180222
Zoner 20180223
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-02-16 07:10:56
Entry Point 0x000017A0
Number of sections 11
PE sections
PE imports
GetModuleHandleA
GetBinaryTypeW
lstrlenA
GetModuleFileNameW
ProcessIdToSessionId
ExitProcess
GetSystemRegistryQuota
GetCurrentThreadId
GetSystemPowerStatus
EndDeferWindowPos
WaitMessage
VkKeyScanA
OemToCharA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:02:16 08:10:56+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x17a0

InitializedDataSize
667648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4796d47eb1ae2c03c98d31c4bb9e7327
SHA1 cea4d5817cb90342b070145f75abf02787c1765e
SHA256 3151f9be115bd7fcfd6abad94680ab6b5bb1b6c81b6865e542a7b431c7ea45d9
ssdeep
12288:8wB7Ep8FHKJX2+bFyl9AUavivpkU85o7/k4qQ2g9EaASMOl:8wB7JHf0Fybb5pgk/qQiXk

authentihash 3a764e9d54e0494ff3f2ad5a3e146b1d837b4e4acc1d2fd0920c08c97f368f46
imphash a17d40f25979fa5efc2effd88508fe2b
File size 668.0 KB ( 684032 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-02-23 10:45:14 UTC ( 9 months, 2 weeks ago )
Last submission 2018-02-23 10:45:14 UTC ( 9 months, 2 weeks ago )
File names 3151f9be115bd7fcfd6abad94680ab6b5bb1b6c81b6865e542a7b431c7ea45d9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!