× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
File name: Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D
Detection ratio: 53 / 65
Analysis date: 2018-07-15 12:14:15 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.146141 20180715
AegisLab Troj.W32.Agentb.hxk!c 20180715
ALYac Gen:Variant.Kazy.146141 20180715
Antiy-AVL Trojan/Win32.Agentb 20180715
Arcabit Trojan.Kazy.D23ADD 20180715
Avast Win32:Shylock-A [Trj] 20180715
AVG Win32:Shylock-A [Trj] 20180715
Avira (no cloud) TR/SkySpy.EB 20180714
AVware Trojan.Win32.Generic!BT 20180715
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9979 20180712
BitDefender Gen:Variant.Kazy.146141 20180715
Bkav W32.ShylockYHPtv.Trojan 20180713
CAT-QuickHeal Backdoor.Caphaw 20180714
ClamAV Win.Trojan.Shylock-9 20180715
Comodo UnclassifiedMalware 20180715
Cyren W32/Caphaw.SROK-1235 20180715
DrWeb BackDoor.Bulknet.841 20180715
Emsisoft Gen:Variant.Kazy.146141 (B) 20180715
ESET-NOD32 Win32/Caphaw.M 20180715
F-Prot W32/Caphaw.H 20180715
F-Secure Trojan:W32/Agent.DUIE 20180715
Fortinet W32/Shylock.A!tr 20180715
GData Gen:Variant.Kazy.146141 20180715
Ikarus Trojan-Spy.Agent 20180715
Jiangmin Trojan/Agentb.oe 20180715
K7AntiVirus Trojan ( 004208051 ) 20180715
K7GW Trojan ( 004208051 ) 20180715
Kaspersky Trojan.Win32.Agentb.hxk 20180715
Kingsoft Win32.Troj.Agentb.h.(kcloud) 20180715
Malwarebytes Trojan.Shylock 20180715
MAX malware (ai score=100) 20180715
McAfee GenericRXDK-MP!8FBEB78B0698 20180715
McAfee-GW-Edition GenericRXDK-MP!8FBEB78B0698 20180715
Microsoft Backdoor:Win32/Caphaw.N 20180715
eScan Gen:Variant.Kazy.146141 20180715
NANO-Antivirus Trojan.Win32.Caphaw.bevzou 20180715
Palo Alto Networks (Known Signatures) generic.ml 20180715
Panda Trj/Vilsel.AF 20180715
Qihoo-360 Win32/Trojan.c16 20180715
Sophos AV Troj/Shype-A 20180715
SUPERAntiSpyware Trojan.Agent/Gen 20180715
Symantec Trojan Horse 20180714
TACHYON Trojan/W32.Agent.284672.FL 20180715
Tencent Win32.Trojan.Agentb.Eflm 20180715
TheHacker Trojan/Caphaw.gen 20180712
TrendMicro WORM_KEPSY.A 20180715
TrendMicro-HouseCall WORM_KEPSY.A 20180715
VBA32 Trojan.Agentb 20180713
VIPRE Trojan.Win32.Generic!BT 20180715
ViRobot Backdoor.Win32.S.Shylock.284672 20180714
Webroot W32.Shylock.Gen 20180715
Zillya Trojan.Agentb.Win32.485 20180713
ZoneAlarm by Check Point Trojan.Win32.Agentb.hxk 20180715
AhnLab-V3 20180715
Alibaba 20180713
Avast-Mobile 20180715
Babable 20180406
CMC 20180714
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180715
Endgame 20180711
Sophos ML 20180601
Rising 20180715
SentinelOne (Static ML) 20180701
TotalDefense 20180715
Trustlook 20180715
Yandex 20180713
Zoner 20180714
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-12 13:19:54
Entry Point 0x0003B31E
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetPixel
GetSystemTime
GetLastError
GetProcAddress
HeapFree
EnterCriticalSection
AreFileApisANSI
ReadFile
TerminateThread
lstrlenA
LoadLibraryW
WaitForSingleObject
LoadLibraryA
SetEvent
SetEndOfFile
GetTickCount
GetVersionExA
FlushFileBuffers
lstrcmpiW
LockFile
lstrlenW
DeleteCriticalSection
UnlockFile
GetFileSize
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
lstrcatW
lstrcpyA
GetProcessHeap
GetTempPathA
CreateMutexA
lstrcpyW
GetFullPathNameW
LockFileEx
CreateThread
GetFileAttributesA
SetFilePointer
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
GetDiskFreeSpaceA
WaitForMultipleObjects
GetFullPathNameA
FreeLibrary
GetFileAttributesW
QueryPerformanceCounter
InitializeCriticalSection
WriteFile
CreateFileW
CreateEventA
FindClose
InterlockedDecrement
Sleep
FormatMessageA
SetFileAttributesW
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
SysFreeString
SysStringLen
SysAllocString
SHBindToParent
SHGetFolderPathW
SHParseDisplayName
StrRChrW
StrStrW
GetMessageA
MapVirtualKeyA
PostQuitMessage
FindWindowW
keybd_event
KillTimer
RegisterWindowMessageA
DefWindowProcA
FindWindowA
GetLastInputInfo
GetWindowRect
DispatchMessageA
PostMessageA
GetWindowDC
TranslateMessage
ReleaseDC
UnregisterClassA
IsWindowVisible
SendMessageA
CreateWindowExA
RegisterClassA
wsprintfA
FindWindowExA
SetTimer
SendMessageTimeoutA
FindWindowExW
wsprintfW
DestroyWindow
HttpSendRequestA
InternetSetOptionA
InternetConnectW
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
HttpOpenRequestW
strncmp
malloc
strstr
memmove
??2@YAPAXI@Z
realloc
memset
??3@YAXPAX@Z
free
_ftol2
_ftol2_sse
atoi
strrchr
memcpy
_wtoi
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:01:12 14:19:54+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
239616

LinkerVersion
10.0

EntryPoint
0x3b31e

InitializedDataSize
45568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 8fbeb78b06985c3188562e2f1b82d57d
SHA1 b87948722e04fa3edda45303d20c745a6301e567
SHA256 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
ssdeep
6144:g0SDGz306NZEoa0m6oA7UQ3TzUUtlR3Lr30SLH7O/I9GtzCAdIcjt5cQZ4dwk:C6NZBu5AlDrtlR7r3pH6CAuEtudw

authentihash 6db3599228d30be7c4877834bd5bbdd395c5fe3de7d9c0bbe51e34f6e4d67cf5
imphash d42994f3567105f497515f6e78b08aed
File size 278.0 KB ( 284672 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2013-01-17 09:20:36 UTC ( 5 years, 6 months ago )
Last submission 2018-07-15 12:14:15 UTC ( 1 week ago )
File names b87948722e04fa3edda45303d20c745a6301e567
shylock-skype.exe
8fbeb78b06985c3188562e2f1b8
f
Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D
8fbeb78b06985c3188562e2f1b82d57d
file-5030647_dll
myfile.exe
b87948722e04fa3edda45303d20c745a6301e567_dll.dl
vti-rescan
4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
shylock-skype.dll
Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D.exe
8fbeb78b06985c3188562e2f1b82d57d
msg.gsm
8fbeb78b06985c3188562e2f1b82d57d.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!