× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4125ab0e94922047ca0d8d2c62a0ea9851d0cf79e09a1ece13d3cb827d46426d
File name: elevate_x86.dll
Detection ratio: 7 / 56
Analysis date: 2016-12-07 20:50:21 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Qhost.ln8i 20161207
AVG Ransomer.MMD 20161207
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161207
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML generic.a 20161202
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161207
Symantec Heur.AdvML.B 20161207
Ad-Aware 20161207
AhnLab-V3 20161207
Alibaba 20161207
ALYac 20161207
Antiy-AVL 20161207
Arcabit 20161207
Avast 20161207
Avira (no cloud) 20161207
AVware 20161207
BitDefender 20161207
Bkav 20161207
CAT-QuickHeal 20161207
ClamAV 20161207
CMC 20161207
Comodo 20161207
Cyren 20161207
DrWeb 20161207
Emsisoft 20161207
ESET-NOD32 20161207
F-Prot 20161207
F-Secure 20161207
Fortinet 20161207
GData 20161207
Ikarus 20161207
Jiangmin 20161207
K7AntiVirus 20161207
K7GW 20161207
Kaspersky 20161207
Kingsoft 20161207
Malwarebytes 20161207
McAfee 20161205
McAfee-GW-Edition 20161207
Microsoft 20161207
eScan 20161207
NANO-Antivirus 20161207
nProtect 20161207
Panda 20161207
Rising 20161207
Sophos AV 20161207
SUPERAntiSpyware 20161207
Tencent 20161207
TheHacker 20161130
TrendMicro 20161207
TrendMicro-HouseCall 20161207
Trustlook 20161207
VBA32 20161207
VIPRE 20161207
ViRobot 20161207
WhiteArmor 20161207
Yandex 20161206
Zillya 20161207
Zoner 20161207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-29 12:40:06
Entry Point 0x000011E0
Number of sections 4
PE sections
Overlays
MD5 ae976418191467af7e2e0bcbb8315157
File type data
Offset 4096
Size 11260
Entropy 5.22
PE imports
HeapAlloc
GetProcessHeap
ShellExecuteW
SHCreateItemFromParsingName
CoInitializeEx
CoCreateInstance
CoUninitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:29 13:40:06+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2048

LinkerVersion
12.0

EntryPoint
0x11e0

InitializedDataSize
1536

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 0cd94baa2dccc0e7c2008b7948cebfe3
SHA1 638f5cb926dcb2030fd9d22d3d9e318e7905d068
SHA256 4125ab0e94922047ca0d8d2c62a0ea9851d0cf79e09a1ece13d3cb827d46426d
ssdeep
192:SAMmvXRhCwyZ9Zj33m9s349c5AAcdsiTkYKohS1qqNS59R1:SAXnyZnrW9S49q7cdsGKohpZR1

authentihash 1abd21cece647b01e1e737c4c869355549d6389e86bbff01b8899ff45bf8784b
imphash 26de9dd288c6059cc3c20c32ad085b64
File size 15.0 KB ( 15356 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-07 20:50:21 UTC ( 1 year ago )
Last submission 2016-12-07 20:50:21 UTC ( 1 year ago )
File names elevate_x86.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!