× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d39e5779d50098187b2fb1f970996e34117a460fcfa242bfbc567eccbf1d37c
File name: 9832594.dll
Detection ratio: 62 / 67
Analysis date: 2018-07-23 17:41:31 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Downadup.Gen 20180723
AegisLab Worm.Win32.Kido.p!c 20180723
AhnLab-V3 Win32/Kido.worm.160852 20180723
ALYac Win32.Worm.Downadup.Gen 20180723
Antiy-AVL Worm[Net]/Win32.Kido 20180723
Arcabit Win32.Worm.Downadup.Gen 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) WORM/Conficker.C.19 20180723
AVware Trojan.Win32.Generic!BT 20180723
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180723
BitDefender Win32.Worm.Downadup.Gen 20180723
Bkav W32.ConfickerBU.Worm 20180723
CAT-QuickHeal Worm.ConfickerBot 20180723
ClamAV Win.Worm.Kido-237 20180723
CMC Net-Worm.Win32.Conficker.1!O 20180723
Comodo NetWorm.Win32.Kido.A 20180723
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180723
Cyren W32/Conficker!Generic 20180723
DrWeb Trojan.Click1.59765 20180723
Emsisoft Win32.Worm.Downadup.Gen (B) 20180723
Endgame malicious (moderate confidence) 20180711
ESET-NOD32 Win32/Conficker.BL 20180723
F-Prot W32/Conficker!Generic 20180723
F-Secure Worm:W32/Downadup.gen!A 20180723
Fortinet W32/Conficker.A!worm 20180723
GData Win32.Trojan.Agent.4CSXL8 20180723
Ikarus Trojan.Win32.Genome 20180723
Sophos ML heuristic 20180717
Jiangmin TrojanDownloader.Delf.aggs 20180723
K7AntiVirus Trojan ( 00394c0e1 ) 20180723
K7GW Trojan ( 00394c0e1 ) 20180723
Kaspersky Net-Worm.Win32.Kido.ih 20180723
Kingsoft Worm.Kido.ih.(kcloud) 20180723
Malwarebytes Worm.Conficker 20180723
McAfee Generic.ru 20180723
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20180723
Microsoft Worm:Win32/Conficker.C 20180723
eScan Win32.Worm.Downadup.Gen 20180723
NANO-Antivirus Trojan.Win32.Kido.efgscb 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/WLT.A 20180723
Qihoo-360 Trojan.Generic 20180723
Rising Trojan.Win32.Generic.14C8D7BA (C64:YzY0OpTOKFt1foxC) 20180723
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Conficker-A 20180723
SUPERAntiSpyware Trojan.Conficker/Variant 20180722
Symantec W32.Downadup.B 20180723
Tencent Win32.Worm-net.Kido.Hupp 20180723
TheHacker W32/Kido.ib 20180723
TotalDefense Win32/Kido!generic 20180722
TrendMicro WORM_DOWNAD.AD 20180723
TrendMicro-HouseCall WORM_DOWNAD.AD 20180723
VBA32 Worm.Win32.kido.109 20180723
VIPRE Trojan.Win32.Generic!BT 20180723
ViRobot Worm.Win32.Conficker.160852 20180723
Webroot W32.Malware.Heur 20180723
Yandex Worm.Kido!H2aIHGfl3PA 20180720
Zillya Worm.Kido.Win32.60 20180723
ZoneAlarm by Check Point Net-Worm.Win32.Kido.ih 20180723
Zoner I-Worm.Conficker.AK 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
Cybereason 20180225
eGambit 20180723
MAX 20180723
TACHYON 20180723
Trustlook 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-04-19 16:16:42
Entry Point 0x00019F00
Number of sections 3
PE sections
Overlays
MD5 19533a9cb0f6a7668c0a19585febbe87
File type data
Offset 83968
Size 76884
Entropy 8.00
PE imports
IsValidAcl
GdiFlush
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(524)
CoGetCurrentProcess
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2000:04:19 17:16:42+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
86016

LinkerVersion
2.25

EntryPoint
0x19f00

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
4.0

OSVersion
4.0

UninitializedDataSize
20480

File identification
MD5 9a6d0f06905087144c30779efe594db0
SHA1 c87cd7babcec426850e090f2ffc8da64f4a09b7a
SHA256 3d39e5779d50098187b2fb1f970996e34117a460fcfa242bfbc567eccbf1d37c
ssdeep
3072:CW/UAJCHfExscicHwXot3mNkc1l7CyxT+jWbzqQRbdv+8WppADCJ:CWbCHcichc17um+QRp+NkCJ

authentihash 86f912e151c7403d64b516ab1af501f0055ac4cf63d973af612138d2078c51f7
imphash 43e0e9ddcdf3b6dcc67b7d38b4aade5a
File size 157.1 KB ( 160852 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
OS/2 Executable (generic) (2.7%)
Tags
pedll upx overlay

VirusTotal metadata
First submission 2009-01-14 10:51:54 UTC ( 9 years, 10 months ago )
Last submission 2018-05-24 17:38:41 UTC ( 6 months ago )
File names smona132718168452711535744
x
9a6d0f06905087144c30779efe594db0
9a6d0f06905087144c30779efe594db0
001203510
9a6d0f06905087144c30779efe594db0c87cd7babcec426850e090f2ffc8da64f4a09b7a160852.dll
3d39e5779d50098187b2fb1f970996e34117a460fcfa242bfbc567eccbf1d37c-160852
virus.xxx
c87cd7babcec426850e090f2ffc8da64f4a09b7a
unamwoz.dll
9a6d0f06905087144c30779efe594db0
9832594.dll
9a6d0f06905087144c30779efe594db0.bin
jwgkvsq.vmx
9a6d0f06905087144c30779efe594db0c87cd7babcec426850e090f2ffc8da64f4a09b7a160852.dll
zfyspqu.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!