× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4142d9a14e28c5b9affac8b83746f9ac5d8e91d736993a0a75b01125b4a7f7b7
File name: d1cd92ee9d67ff99710f1857a96a6862
Detection ratio: 28 / 55
Analysis date: 2017-01-20 23:21:34 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CAKE 20170120
ALYac Trojan.Agent.CAKE 20170120
Antiy-AVL Trojan[Ransom]/Win32.Locky 20170120
Arcabit Trojan.Agent.CAKE 20170120
Avast Win32:Malware-gen 20170120
AVG Crypt_r.CFB 20170120
Baidu Win32.Trojan.Kryptik.awz 20170120
BitDefender Trojan.Agent.CAKE 20170120
ClamAV Win.Ransomware.Locky-31469 20170120
Comodo TrojWare.Win32.Ransom.NCrypt.TQF 20170120
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Damaged_File.gen!Eldorado 20170120
DrWeb Trojan.Encoder.3976 20170120
Emsisoft Trojan.Agent.CAKE (B) 20170120
F-Prot W32/Damaged_File.gen!Eldorado 20170120
F-Secure Trojan.Agent.CAKE 20170120
Fortinet W32/Kryptik.FIKB!tr 20170120
GData Trojan.Agent.CAKE 20170120
Ikarus Trojan.Agent 20170120
Sophos ML virus.win32.winemm.b 20170111
Jiangmin Trojan.Locky.ceq 20170120
Kaspersky Trojan-Ransom.Win32.Locky.cxp 20170120
McAfee Artemis!D1CD92EE9D67 20170120
McAfee-GW-Edition Artemis!Trojan 20170120
eScan Trojan.Agent.CAKE 20170120
Rising Malware.Generic!Zl459GVA8AN@1 (thunder) 20170120
Symantec ML.Relationship.HighConfidence [Trojan.Gen] 20170120
Yandex Trojan.Locky! 20170120
AegisLab 20170120
AhnLab-V3 20170120
Alibaba 20170120
Avira (no cloud) 20170120
AVware 20170120
CAT-QuickHeal 20170120
CMC 20170120
ESET-NOD32 20170120
K7AntiVirus 20170120
K7GW 20170120
Kingsoft 20170121
Malwarebytes 20170120
Microsoft 20170120
NANO-Antivirus 20170120
nProtect 20170120
Panda 20170120
Qihoo-360 20170121
Sophos AV 20170120
SUPERAntiSpyware 20170120
Tencent 20170121
TheHacker 20170117
TotalDefense 20170120
TrendMicro 20170121
Trustlook 20170121
VBA32 20170120
VIPRE 20170120
ViRobot 20170120
WhiteArmor 20170120
Zillya 20170120
Zoner 20170120
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-31 06:12:58
Entry Point 0x0000A049
Number of sections 5
PE sections
Overlays
MD5 4aff338a0cda84d68374f5c477013963
File type data
Offset 37888
Size 2712
Entropy 7.25
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:10:31 07:12:58+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
123904

LinkerVersion
10.0

Warning
Error processing PE data dictionary

EntryPoint
0xa049

InitializedDataSize
113152

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d1cd92ee9d67ff99710f1857a96a6862
SHA1 12d666b83dc029fbdffa973568bde74dc1197c8e
SHA256 4142d9a14e28c5b9affac8b83746f9ac5d8e91d736993a0a75b01125b4a7f7b7
ssdeep
768:NG5aEIKhrJ5tPabliZORzeR3czw+E77uNuNnL7eBfQI:tq+E77VL7eBB

authentihash e8eae707dc90e6b3ab29252d8fcb4ea5e142c3e86a81881a31081c22d009c985
File size 39.6 KB ( 40600 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
corrupt pedll overlay

VirusTotal metadata
First submission 2017-01-20 23:21:34 UTC ( 2 years, 1 month ago )
Last submission 2017-01-20 23:21:34 UTC ( 2 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!