× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a47807ec7c21ce64c4c3ad22ae30caa8701e161abc251ee05fd0567f683361c
File name: 2a02912728b77f6a5cc57812dac7be62
Detection ratio: 36 / 64
Analysis date: 2018-03-25 19:46:08 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.84536 20180325
AhnLab-V3 Trojan/Win32.Refinka.R214002 20180325
ALYac Gen:Variant.Symmi.84536 20180325
Antiy-AVL Trojan/Win32.TSGeneric 20180325
Arcabit Trojan.Symmi.D14A38 20180325
Avast Win32:GenMalicious-NYM [Trj] 20180325
AVG Win32:GenMalicious-NYM [Trj] 20180325
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9824 20180323
BitDefender Gen:Variant.Symmi.84536 20180325
Bkav HW32.Packed.B8C6 20180325
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180325
Emsisoft Gen:Variant.Symmi.84536 (B) 20180325
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Kryptik.FXXN 20180325
F-Secure Gen:Variant.Symmi.84536 20180325
Fortinet W32/Dridex.BT!tr 20180325
GData Gen:Variant.Symmi.84536 20180325
Ikarus Trojan-PSW.Win32.Tepfer 20180325
Kaspersky HEUR:Trojan.Win32.Generic 20180325
MAX malware (ai score=88) 20180325
McAfee Trojan-FOKZ!2A02912728B7 20180325
McAfee-GW-Edition BehavesLike.Win32.Vundo.fc 20180325
Microsoft Trojan:Win32/Tiggre!plock 20180325
eScan Gen:Variant.Symmi.84536 20180325
NANO-Antivirus Trojan.Win32.Refinka.eufwhc 20180325
Panda Trj/GdSda.A 20180325
Qihoo-360 HEUR/QVM40.1.107E.Malware.Gen 20180325
Rising Trojan.Kryptik!8.8 (TFE:1:zS39VsZW4FT) 20180325
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180325
Symantec Packed.Generic.517 20180324
TrendMicro TROJ_KRYPTIK_GK10002D.UVPM 20180325
TrendMicro-HouseCall TROJ_KRYPTIK_GK10002D.UVPM 20180325
VBA32 Trojan.Refinka 20180323
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180325
AegisLab 20180325
Alibaba 20180323
Avast-Mobile 20180325
Avira (no cloud) 20180325
AVware 20180325
CAT-QuickHeal 20180325
ClamAV 20180325
CMC 20180325
Comodo 20180325
Cybereason None
Cyren 20180325
DrWeb 20180325
eGambit 20180325
F-Prot 20180325
Sophos ML 20180121
Jiangmin 20180325
K7AntiVirus 20180325
K7GW 20180325
Kingsoft 20180325
Malwarebytes 20180325
nProtect 20180325
Palo Alto Networks (Known Signatures) 20180325
SUPERAntiSpyware 20180325
Symantec Mobile Insight 20180311
Tencent 20180325
TheHacker 20180319
TotalDefense 20180325
Trustlook 20180325
VIPRE 20180325
ViRobot 20180325
Zillya 20180323
Zoner 20180325
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-18 11:33:35
Entry Point 0x00003170
Number of sections 7
PE sections
PE imports
AddAccessDeniedAceEx
AddAuditAccessAceEx
SetNamedSecurityInfoA
GetSidIdentifierAuthority
AVIStreamStart
PrintDlgA
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertStrToNameW
GetTextCharsetInfo
ExcludeClipRect
DeleteColorSpace
TextOutA
Escape
GetCharWidth32A
CreateMetaFileW
ImmNotifyIME
GetFullPathNameA
BuildCommDCBA
GetFileTime
FindAtomW
GetConsoleAliasExesLengthA
ReleaseSemaphore
GetNumaHighestNodeNumber
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameW
EraseTape
CreateProcessW
UnhandledExceptionFilter
EnumCalendarInfoW
SetFilePointerEx
GetModuleFileNameA
GetCurrentThreadId
GetBinaryTypeA
ResumeThread
MprInfoBlockSet
NetServerGetInfo
NetLocalGroupAddMembers
BSTR_UserSize
VarCyFromR8
NdrSimpleTypeMarshall
RpcServerRegisterIf
I_RpcMapWin32Status
CM_Get_Resource_Conflict_DetailsW
SetupDiCreateDeviceInfoA
CM_Get_Sibling
CM_Set_DevNode_Registry_PropertyW
PathCreateFromUrlW
StrToIntA
StrCmpNA
PathSearchAndQualifyW
RevertSecurityContext
EmptyClipboard
CreatePopupMenu
MapDialogRect
GetKBCodePage
ImpersonateDdeClientWindow
LoadMenuW
WinHelpA
LoadImageA
GetMonitorInfoA
DrawTextW
DefMDIChildProcA
InvertRect
OpenDesktopA
waveInAddBuffer
OpenPrinterA
EnumJobsW
vprintf
memcmp
HPALETTE_UserUnmarshal
IIDFromString
HICON_UserMarshal
OleFlushClipboard
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:10:18 12:33:35+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20480

LinkerVersion
12.0

EntryPoint
0x3170

InitializedDataSize
335872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
107702811

File identification
MD5 2a02912728b77f6a5cc57812dac7be62
SHA1 ac163dec52eaf5d069c01ccd50bc1e1408cf4212
SHA256 4a47807ec7c21ce64c4c3ad22ae30caa8701e161abc251ee05fd0567f683361c
ssdeep
6144:RzeMhSoT7S0RkdLK32DivTEKiLjaucWAf8IRVF6i+valbu7RzuEnMSu5HSsI796K:F00RAKRIKyjauXAf8a6i+vaYt3nMS2HG

imphash 62338fe2ec1b32c361588f530191a516
File size 344.0 KB ( 352256 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-25 19:46:08 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-25 19:46:08 UTC ( 8 months, 3 weeks ago )
File names 2a02912728b77f6a5cc57812dac7be62
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!