× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ab319b722282de4006eb7c3a2f1b9029e866e3eeb2505cab7fb5befe1f36b55
File name: elevate_x64.dll
Detection ratio: 11 / 55
Analysis date: 2016-12-07 20:50:35 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Malware.Gdld!!.41467A60 20161207
AegisLab Troj.W32.Qhost.ln8i 20161207
ALYac Generic.Malware.Gdld!!.41467A60 20161207
Arcabit Generic.Malware.Gdld!!.41467A60 20161207
AVG Ransomer.MME 20161207
BitDefender Generic.Malware.Gdld!!.41467A60 20161207
CrowdStrike Falcon (ML) malicious_confidence_99% (D) 20161024
F-Secure Generic.Malware.Gdld!!.41467A60 20161207
GData Generic.Malware.Gdld!!.41467A60 20161207
Sophos ML worm.win32.gamarue.z 20161202
eScan Generic.Malware.Gdld!!.41467A60 20161207
AhnLab-V3 20161207
Alibaba 20161207
Antiy-AVL 20161207
Avast 20161207
Avira (no cloud) 20161207
AVware 20161207
Baidu 20161207
Bkav 20161207
CAT-QuickHeal 20161207
ClamAV 20161207
CMC 20161207
Comodo 20161207
Cyren 20161207
DrWeb 20161207
ESET-NOD32 20161207
F-Prot 20161207
Fortinet 20161207
Ikarus 20161207
Jiangmin 20161207
K7AntiVirus 20161207
K7GW 20161207
Kaspersky 20161207
Kingsoft 20161207
Malwarebytes 20161207
McAfee 20161205
McAfee-GW-Edition 20161207
Microsoft 20161207
NANO-Antivirus 20161207
nProtect 20161207
Panda 20161207
Qihoo-360 20161207
Rising 20161207
Sophos AV 20161207
SUPERAntiSpyware 20161207
Symantec 20161207
Tencent 20161207
TheHacker 20161130
TrendMicro 20161207
TrendMicro-HouseCall 20161207
Trustlook 20161207
VBA32 20161207
VIPRE 20161207
ViRobot 20161207
WhiteArmor 20161207
Yandex 20161206
Zillya 20161207
Zoner 20161207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-11-29 12:40:10
Entry Point 0x00001210
Number of sections 4
PE sections
Overlays
MD5 2cf7420ff412cae40ee14c221004f0fa
File type data
Offset 5120
Size 6136
Entropy 4.51
PE imports
HeapAlloc
GetProcessHeap
ShellExecuteW
SHCreateItemFromParsingName
CoInitializeEx
CoCreateInstance
CoUninitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2016:11:29 13:40:10+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
2560

LinkerVersion
12.0

EntryPoint
0x1210

InitializedDataSize
2048

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 54fb6dbad73eee5d8638c0869c35ed8f
SHA1 5f07372cc7fbe077f5992266d7de1f43303d0e69
SHA256 4ab319b722282de4006eb7c3a2f1b9029e866e3eeb2505cab7fb5befe1f36b55
ssdeep
192:09Zj33m9s349c5AAcdsiTkYKohS1qqNS59R:0nrW9S49q7cdsGKohpZR

authentihash 0785547ba923f56089d39bdf87b6c8adcf7e30a696a17e68bf3535ed53128a72
imphash 26de9dd288c6059cc3c20c32ad085b64
File size 11.0 KB ( 11256 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
64bits assembly pedll overlay

VirusTotal metadata
First submission 2016-12-07 20:50:35 UTC ( 10 months, 2 weeks ago )
Last submission 2016-12-07 20:50:35 UTC ( 10 months, 2 weeks ago )
File names elevate_x64.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!