× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
File name: b87948722e04fa3edda45303d20c745a6301e567_dll.dl
Detection ratio: 45 / 50
Analysis date: 2014-03-06 09:30:14 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
AVG Ransomer.BKE 20140305
Ad-Aware Trojan.Generic.8640212 20140306
Agnitum Trojan.Agentb!KtNi9Mw1y0U 20140305
AhnLab-V3 Win-Trojan/Caphaw.284672 20140305
AntiVir TR/Skyspy.AJ 20140306
Antiy-AVL Trojan/Win32.Agentb 20140306
Avast Win32:Shylock-A [Trj] 20140306
Baidu-International Trojan.Win32.Agent.AqO 20140306
BitDefender Trojan.Generic.8640212 20140306
Bkav W32.ShylockYHPtv.Trojan 20140305
CAT-QuickHeal Trojan.Agentb.hxk 20140306
ClamAV Win.Trojan.Shylock 20140305
Commtouch W32/Trojan.WWEM-4364 20140306
Comodo UnclassifiedMalware 20140306
DrWeb BackDoor.Bulknet.841 20140306
ESET-NOD32 Win32/Caphaw.M 20140306
Emsisoft Trojan.Generic.8640212 (B) 20140306
F-Secure Trojan:W32/Agent.DUIE 20140306
Fortinet W32/Shylock.A!tr 20140306
GData Trojan.Generic.8640212 20140306
Ikarus Trojan-Spy.Agent 20140306
Jiangmin Trojan/Agentb.btw 20140306
K7AntiVirus Trojan ( 004208051 ) 20140305
K7GW Trojan ( 004208051 ) 20140305
Kaspersky Trojan.Win32.Agentb.hxk 20140306
Kingsoft Win32.Troj.Agentb.h.(kcloud) 20140306
Malwarebytes Trojan.Shylock 20140306
McAfee Generic.dx!8FBEB78B0698 20140306
McAfee-GW-Edition Generic.dx!8FBEB78B0698 20140306
MicroWorld-eScan Trojan.Generic.8640212 20140306
Microsoft Backdoor:Win32/Caphaw.N 20140306
NANO-Antivirus Trojan.Win32.Caphaw.bevzou 20140306
Norman Shylock.C 20140306
Panda Trj/Vilsel.AF 20140306
Rising PE:Trojan.Win32.Generic.1406EAEF!335997679 20140305
Sophos Troj/Shype-A 20140306
Symantec Trojan Horse 20140306
TheHacker Trojan/Caphaw.gen 20140305
TotalDefense Win32/Caphaw.DVbKIJ 20140306
TrendMicro WORM_KEPSY.A 20140306
TrendMicro-HouseCall WORM_KEPSY.A 20140306
VBA32 Trojan.Agentb 20140305
VIPRE Trojan.Win32.Generic!BT 20140306
ViRobot Backdoor.Win32.S.Shylock.284672 20140306
nProtect Trojan/W32.Agent.284672.FL 20140305
ByteHero 20140306
CMC 20140228
F-Prot 20140306
Qihoo-360 20140306
SUPERAntiSpyware 20140306
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-12 13:19:54
Link date 2:19 PM 1/12/2013
Entry Point 0x0003B31E
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetPixel
GetSystemTime
GetLastError
HeapFree
EnterCriticalSection
AreFileApisANSI
ReadFile
TerminateThread
lstrlenA
LoadLibraryW
WaitForSingleObject
LoadLibraryA
SetEvent
SetEndOfFile
GetTickCount
GetVersionExA
FlushFileBuffers
lstrcmpiW
LockFile
lstrlenW
DeleteCriticalSection
UnlockFile
GetFileSize
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
lstrcatW
lstrcpyA
GetProcessHeap
GetTempPathA
CreateMutexA
lstrcpyW
GetFullPathNameW
LockFileEx
CreateThread
GetFileAttributesA
SetFilePointer
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
GetDiskFreeSpaceA
WaitForMultipleObjects
GetFullPathNameA
FreeLibrary
GetFileAttributesW
QueryPerformanceCounter
InitializeCriticalSection
WriteFile
CreateFileW
CreateEventA
FindClose
InterlockedDecrement
Sleep
FormatMessageA
SetFileAttributesW
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetProcAddress
GetCurrentProcessId
SetLastError
InterlockedIncrement
SysFreeString
SysStringLen
SysAllocString
SHBindToParent
SHGetFolderPathW
SHParseDisplayName
StrRChrW
StrStrW
GetMessageA
MapVirtualKeyA
PostQuitMessage
FindWindowW
keybd_event
KillTimer
RegisterWindowMessageA
DefWindowProcA
FindWindowA
GetLastInputInfo
GetWindowRect
DispatchMessageA
PostMessageA
GetWindowDC
TranslateMessage
ReleaseDC
UnregisterClassA
IsWindowVisible
SendMessageA
CreateWindowExA
RegisterClassA
wsprintfA
FindWindowExA
SetTimer
SendMessageTimeoutA
FindWindowExW
wsprintfW
DestroyWindow
HttpSendRequestA
InternetSetOptionA
InternetConnectW
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
HttpOpenRequestW
strncmp
malloc
strstr
memmove
??2@YAPAXI@Z
realloc
memset
??3@YAXPAX@Z
free
_ftol2
_ftol2_sse
atoi
strrchr
memcpy
_wtoi
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:12 14:19:54+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
239616

LinkerVersion
10.0

FileAccessDate
2014:03:06 10:31:57+01:00

EntryPoint
0x3b31e

InitializedDataSize
45568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:03:06 10:31:57+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8fbeb78b06985c3188562e2f1b82d57d
SHA1 b87948722e04fa3edda45303d20c745a6301e567
SHA256 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
ssdeep
6144:g0SDGz306NZEoa0m6oA7UQ3TzUUtlR3Lr30SLH7O/I9GtzCAdIcjt5cQZ4dwk:C6NZBu5AlDrtlR7r3pH6CAuEtudw

imphash d42994f3567105f497515f6e78b08aed
File size 278.0 KB ( 284672 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2013-01-17 09:20:36 UTC ( 1 year, 3 months ago )
Last submission 2013-10-03 21:15:56 UTC ( 6 months, 3 weeks ago )
File names shylock-skype.exe
8fbeb78b06985c3188562e2f1b8
f
Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D
8fbeb78b06985c3188562e2f1b82d57d
file-5030647_dll
b87948722e04fa3edda45303d20c745a6301e567
b87948722e04fa3edda45303d20c745a6301e567_dll.dl
vti-rescan
4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
shylock-skype.dll
8fbeb78b06985c3188562e2f1b82d57d
msg.gsm
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!