× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36f2917a790f7eb33b78d98221b04f8dd155d673581c0a52cf7231544a259bf5
File name: d2ef2da3-a5aa-4a0d-999a-ef4c8242b060.dll
Detection ratio: 4 / 66
Analysis date: 2018-04-08 17:05:53 UTC ( 1 year ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170201
Cylance Unsafe 20180408
Kaspersky Trojan.Win32.Corebot.bb 20180408
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180408
Ad-Aware 20180408
AegisLab 20180408
AhnLab-V3 20180407
Alibaba 20180408
ALYac 20180408
Antiy-AVL 20180408
Arcabit 20180408
Avast 20180408
Avast-Mobile 20180407
AVG 20180408
Avira (no cloud) 20180408
AVware 20180408
Baidu 20180408
BitDefender 20180408
Bkav 20180407
CAT-QuickHeal 20180408
ClamAV 20180408
CMC 20180407
Comodo 20180408
Cybereason 20180225
Cyren 20180408
DrWeb 20180408
eGambit 20180408
Emsisoft 20180408
Endgame 20180403
ESET-NOD32 20180408
F-Prot 20180408
F-Secure 20180408
Fortinet 20180408
GData 20180408
Ikarus 20180408
Sophos ML 20180121
Jiangmin 20180408
K7AntiVirus 20180404
K7GW 20180407
Kingsoft 20180408
Malwarebytes 20180408
MAX 20180408
McAfee 20180408
McAfee-GW-Edition 20180408
Microsoft 20180408
eScan 20180408
NANO-Antivirus 20180408
nProtect 20180408
Palo Alto Networks (Known Signatures) 20180408
Panda 20180408
Qihoo-360 20180408
Rising 20180408
SentinelOne (Static ML) 20180225
Sophos AV 20180408
SUPERAntiSpyware 20180408
Symantec 20180407
Symantec Mobile Insight 20180406
Tencent 20180408
TheHacker 20180404
TotalDefense 20180408
TrendMicro 20180408
TrendMicro-HouseCall 20180408
Trustlook 20180408
VBA32 20180406
VIPRE 20180408
ViRobot 20180407
WhiteArmor 20180408
Yandex 20180408
Zillya 20180406
Zoner 20180407
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-08 07:38:09
Entry Point 0x00001716
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedFlushSList
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetCurrentThreadId
OutputDebugStringA
WriteConsoleW
LeaveCriticalSection
MessageBoxA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2018:04:08 08:38:09+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
42496

LinkerVersion
14.0

EntryPoint
0x1716

InitializedDataSize
82944

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 ebce9fb5a5625ad1ea7b41a13b8c099e
SHA1 5eb7fb2315df631e33ea5ca749a2b555f7e98f48
SHA256 36f2917a790f7eb33b78d98221b04f8dd155d673581c0a52cf7231544a259bf5
ssdeep
1536:+fqkGsSjWeTvc9mWQE4H0zMnh3t0yDTuM+sWXGcdL8b6VZ2uNEBKX1VwW+D:cMPT09mWs04ZDiMYL8ba0ueBKXLwWM

authentihash 68ea713a945fe2cd023b40b6676e17e5cfd8d5b64c564b735e4fe30e14a47b77
imphash 78bb4a85a958b9597e4e3ff83a2af1f2
File size 109.5 KB ( 112128 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-04-08 17:05:53 UTC ( 1 year ago )
Last submission 2018-04-08 20:49:21 UTC ( 1 year ago )
File names d2ef2da3-a5aa-4a0d-999a-ef4c8242b060.dll
corebot.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!