× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4305d80956fed689dde2dcfae7f12ecad695681206aa6bd30831b5a72c0d1733
File name: 008d9a5cc0ae67a1e1c5f42ab439e82c
Detection ratio: 50 / 61
Analysis date: 2017-06-05 04:56:22 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.Locky.72 20170605
AegisLab Troj.Ransom.W32.Locky!c 20170605
AhnLab-V3 Trojan/Win32.Agent.C1651963 20170605
ALYac Gen:Variant.Ransom.Locky.72 20170605
Arcabit Trojan.Ransom.Locky.72 20170605
Avast Win32:Cryptor 20170605
AVG Ransom_r.ATQ 20170604
Avira (no cloud) TR/AD.Locky.ximsv 20170604
AVware Trojan.Win32.Generic!BT 20170605
Baidu Win32.Trojan.Kryptik.azc 20170601
BitDefender Gen:Variant.Ransom.Locky.72 20170605
CAT-QuickHeal Ransom.Locky.A6 20170603
Comodo TrojWare.Win32.Ransom.Locky.LT 20170605
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Locky.BO.gen!Eldorado 20170605
DrWeb Trojan.Encoder.3976 20170605
Emsisoft Gen:Variant.Ransom.Locky.72 (B) 20170605
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of Win32/Kryptik.FJKA 20170605
F-Prot W32/Locky.BO.gen!Eldorado 20170605
F-Secure Gen:Variant.Ransom.Locky.72 20170605
Fortinet W32/Kryptik.FJIJ!tr 20170605
GData Gen:Variant.Ransom.Locky.72 20170605
Ikarus Trojan-Ransom.Locky 20170604
Sophos ML virus.win32.sality.am 20170604
K7AntiVirus Trojan ( 004fca081 ) 20170604
K7GW Trojan ( 004fca081 ) 20170605
Kaspersky HEUR:Trojan.Win32.Generic 20170605
Malwarebytes Ransom.Locky 20170604
McAfee RDN/Generic.grp 20170605
McAfee-GW-Edition RDN/Generic.grp 20170604
Microsoft Ransom:Win32/Locky!rfn 20170605
eScan Gen:Variant.Ransom.Locky.72 20170605
NANO-Antivirus Trojan.Win32.Locky.eihcuq 20170605
Palo Alto Networks (Known Signatures) generic.ml 20170605
Panda Trj/Genetic.gen 20170604
Qihoo-360 Win32/Trojan.Ransom.41f 20170605
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/RansomDl-B 20170605
SUPERAntiSpyware Ransom.Locky/Variant 20170605
Symantec Ransom.Locky 20170604
Tencent Win32.Trojan.Raasj.Auto 20170605
TheHacker Trojan/Kryptik.fjka 20170605
TrendMicro Ransom_LOCKY.DLDTAQD 20170605
TrendMicro-HouseCall Ransom_LOCKY.DLDTAQD 20170605
VIPRE Trojan.Win32.Generic!BT 20170605
ViRobot Trojan.Win32.Z.Locky.160256.AU[h] 20170605
Yandex Trojan.Locky! 20170602
Zillya Trojan.Locky.Win32.2009 20170602
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170605
Alibaba 20170605
Bkav 20170602
ClamAV 20170605
CMC 20170605
Jiangmin 20170605
Kingsoft 20170605
nProtect 20170605
Rising 20170603
Symantec Mobile Insight 20170605
TotalDefense 20170605
Trustlook 20170605
VBA32 20170602
Webroot 20170605
WhiteArmor 20170601
Zoner 20170605
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 2015 IObit. All Rights Reserved.

Product Driver Booster
Original name Backup.dll
Internal name Backup
File version 3.0.3.0
Description Driver Booster Backup
Comments Driver Booster Backup
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-08 17:00:38
Entry Point 0x00007F0B
Number of sections 6
PE sections
PE imports
RegOpenKeyA
GetSystemWindowsDirectoryA
GetCurrentProcess
GlobalFindAtomW
lstrcmpA
ExitProcess
GetProcessHeap
SendMessageA
wsprintfA
CharUpperA
isdigit
malloc
exit
free
Number of PE resources by type
RT_ICON 4
RT_BITMAP 2
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
LegalTrademarks
IObit

SubsystemVersion
5.1

Comments
Driver Booster Backup

InitializedDataSize
197120

ImageVersion
8.0

ProductName
Driver Booster

FileVersionNumber
3.0.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
Backup.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.3.0

TimeStamp
2016:11:08 18:00:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Backup

ProductVersion
3.0.3.0

FileDescription
Driver Booster Backup

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2015 IObit. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
IObit

CodeSize
35840

FileSubtype
0

ProductVersionNumber
3.0.3.0

EntryPoint
0x7f0b

ObjectFileType
Executable application

File identification
MD5 008d9a5cc0ae67a1e1c5f42ab439e82c
SHA1 e0275017b11ba6df939b9821788d5058c52a76b5
SHA256 4305d80956fed689dde2dcfae7f12ecad695681206aa6bd30831b5a72c0d1733
ssdeep
3072:DYzAN3ohRYjh8Ipix1uEGfIxHc83QMizRrTN:DYkN3ohEh/piaIxBgvJT

authentihash ca7caafdcbdf88688a1b302e36a29ba686f7b0f1eb537682d0a87feb9e5d810e
imphash d9915e5a4be1800df551a11f66a315db
File size 156.5 KB ( 160256 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-08 21:05:08 UTC ( 2 years, 3 months ago )
Last submission 2018-06-25 21:26:08 UTC ( 7 months, 4 weeks ago )
File names ddbrfj.EXE
aa
Backup.dll
output.104920796.txt
VirusShare_008d9a5cc0ae67a1e1c5f42ab439e82c
ThrRYNd3J9xADFm.dll
ddbrfj
Backup
output.102994667.txt
Vy3d4RSW.hta
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!