× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 343630542a5c402c6b02482bcbcdc258385606e74f11ecb7ab9c545031383179
File name: Payload.dll
Detection ratio: 2 / 54
Analysis date: 2016-08-13 14:30:41 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.DTVirus 20160813
Kaspersky HEUR:Trojan.Win32.Generic 20160813
Ad-Aware 20160813
AegisLab 20160813
AhnLab-V3 20160813
Alibaba 20160812
ALYac 20160813
Antiy-AVL 20160813
Arcabit 20160813
Avast 20160813
AVG 20160813
Avira (no cloud) 20160813
AVware 20160813
Baidu 20160813
BitDefender 20160813
CAT-QuickHeal 20160813
ClamAV 20160813
CMC 20160811
Comodo 20160813
Cyren 20160813
DrWeb 20160813
Emsisoft 20160813
ESET-NOD32 20160813
F-Prot 20160813
F-Secure 20160813
Fortinet 20160813
GData 20160813
Ikarus 20160813
Jiangmin 20160813
K7AntiVirus 20160813
K7GW 20160813
Kingsoft 20160813
Malwarebytes 20160813
McAfee 20160813
McAfee-GW-Edition 20160813
Microsoft 20160813
eScan 20160813
NANO-Antivirus 20160813
nProtect 20160812
Panda 20160813
Qihoo-360 20160813
Rising 20160813
Sophos AV 20160813
SUPERAntiSpyware 20160813
Symantec 20160813
Tencent 20160813
TheHacker 20160812
TrendMicro 20160813
TrendMicro-HouseCall 20160813
VBA32 20160812
VIPRE 20160813
ViRobot 20160813
Zillya 20160812
Zoner 20160813
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-08 08:14:01
Entry Point 0x00005F17
Number of sections 5
PE sections
Overlays
MD5 7d0ebb99055e931e03f7981843fdb540
File type data
Offset 77824
Size 9648
Entropy 0.05
PE imports
SetSecurityDescriptorDacl
RegCloseKey
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetUserNameA
SetEntriesInAclA
RegOpenKeyExA
SetFileSecurityA
RegEnumKeyExA
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
LockFileEx
CreateThread
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
DeleteFileA
GetProcAddress
GetProcessHeap
FindFirstFileA
GetComputerNameA
FindNextFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WinExec
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetModuleFileNameExA
EnumProcesses
GetModuleBaseNameA
EnumProcessModules
SHGetFolderPathA
DispatchMessageA
GetMessageA
GetSystemMetrics
TranslateMessage
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetReadFile
socket
recv
inet_addr
connect
htons
closesocket
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2012:02:08 09:14:01+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
55296

LinkerVersion
9.0

EntryPoint
0x5f17

InitializedDataSize
21504

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 da74c3de10e616c81160db7755c71fef
SHA1 b18caea4b278608a3b0be5f2cba5fe1edde655d3
SHA256 343630542a5c402c6b02482bcbcdc258385606e74f11ecb7ab9c545031383179
ssdeep
768:EBXQLdegOxzClSO3U45QIWhdBaiE/UagTwrE44Up3TphBp57lwpg:4HWlTEaQtvzE/pgTIF1V5i+

authentihash d15149ec11ea922cfd05f2f05f1c27d851cba54640f9cfe0ba9094e25ef7f6ff
imphash 3c839fe1a534465392f1d907f35549df
File size 85.4 KB ( 87472 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-08-13 14:30:41 UTC ( 2 years, 8 months ago )
Last submission 2016-08-22 21:19:34 UTC ( 2 years, 8 months ago )
File names da74c3de10e616c81160db7755c71fef
Payload.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!