× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3de5def1abc38e0f94eab65caaad1ec031b0d90fde638ea5b5572ee7f7a02d50
File name: OvkcHfKYGiT1.dll
Detection ratio: 6 / 57
Analysis date: 2016-09-28 15:45:30 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Sophos ML backdoor.win32.drixed.m 20160917
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20160928
Rising Malware.Generic!5faYPNjN82Q@2 (thunder) 20160928
Tencent Win32.Trojan.Raas.Auto 20160928
Ad-Aware 20160928
AegisLab 20160928
AhnLab-V3 20160928
Alibaba 20160928
ALYac 20160928
Antiy-AVL 20160928
Arcabit 20160928
Avast 20160928
AVG 20160928
Avira (no cloud) 20160928
AVware 20160928
BitDefender 20160928
Bkav 20160928
CAT-QuickHeal 20160928
ClamAV 20160928
CMC 20160928
Comodo 20160928
Cyren 20160928
DrWeb 20160928
Emsisoft 20160928
ESET-NOD32 20160928
F-Prot 20160926
F-Secure 20160928
Fortinet 20160928
GData 20160928
Ikarus 20160928
Jiangmin 20160928
K7AntiVirus 20160928
K7GW 20160928
Kaspersky 20160928
Kingsoft 20160928
Malwarebytes 20160928
McAfee 20160928
McAfee-GW-Edition 20160927
Microsoft 20160928
eScan 20160928
NANO-Antivirus 20160927
nProtect 20160928
Panda 20160928
Sophos AV 20160928
SUPERAntiSpyware 20160928
Symantec 20160928
TheHacker 20160927
TrendMicro 20160928
TrendMicro-HouseCall 20160928
VBA32 20160928
VIPRE 20160928
ViRobot 20160928
Yandex 20160927
Zillya 20160928
Zoner 20160928
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DEVRTL.DLL
Internal name DEVRTL.dll
File version 6.1.7601.17621 (win7sp1_gdr.110523-2108)
Description Device Management Run Time Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-28 17:15:17
Entry Point 0x00001023
Number of sections 8
PE sections
PE imports
WriteEncryptedFileRaw
OpenBackupEventLogW
GetAce
QueryServiceConfigW
QueryServiceConfig2A
SetSecurityDescriptorRMControl
CryptHashSessionKey
ConvertToAutoInheritPrivateObjectSecurity
SetSecurityDescriptorSacl
AllocateLocallyUniqueId
NotifyBootConfigStatus
ObjectCloseAuditAlarmW
OpenThreadToken
DeleteAce
CryptGetProvParam
EnumServicesStatusExA
AccessCheckAndAuditAlarmA
SetAclInformation
FreeSid
ChangeServiceConfigA
BackupEventLogA
QueryServiceLockStatusW
RegQueryMultipleValuesA
OpenSCManagerA
GetSecurityDescriptorRMControl
SetSecurityDescriptorGroup
ObjectOpenAuditAlarmW
RegOpenUserClassesRoot
IsSystemResumeAutomatic
IsDebuggerPresent
GetTickCount
GetCommandLineA
FindResourceA
MoveFileExA
DsReplicaConsistencyCheck
DsAddSidHistoryA
DsMakeSpnW
DsInheritSecurityIdentityA
DsReplicaDelA
DsListSitesA
DsServerRegisterSpnW
DsBindWithCredA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17621

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x1023

OriginalFileName
DEVRTL.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17621 (win7sp1_gdr.110523-2108)

TimeStamp
2016:09:28 18:15:17+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DEVRTL.dll

ProductVersion
6.1.7601.17621

FileDescription
Device Management Run Time Library

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
73728

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17621

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 1eca04670a4bbac14e34942ff0542ea2
SHA1 c235c52204d5e4624ccaf42a74464fa78369a7be
SHA256 3de5def1abc38e0f94eab65caaad1ec031b0d90fde638ea5b5572ee7f7a02d50
ssdeep
3072:HjB7rmZx26bzFDkolAw6xFkmFaxAARFdZVk:HjB7y+wlgFkmU5RFr

authentihash cd67ef22651c1de4078711d2535d6f3c0200cb9a4c7d177e39d1c68340c3f097
imphash daccda8a3760317c1af641568ba8ff88
File size 224.0 KB ( 229376 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2016-09-28 15:45:30 UTC ( 2 years, 4 months ago )
Last submission 2016-09-30 21:37:15 UTC ( 2 years, 4 months ago )
File names OvkcHfKYGiT1.dll
mxwPfrLCC1.dll1
rsGOCz1.dll.3884.dr
xCIJMFyB1.dll
5.exe
XAVflEcqrr2.dll
qSacubzwHRL1.dll
DEVRTL.DLL
DEVRTL.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!