× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d1c5c14f8a1e8644ce6f2b7fe5aada7fb72b2e4b0d27b2f23fd48d3826221df
File name: 58692ccca8e32b7c7f48e76be001bfa0.virobj
Detection ratio: 52 / 67
Analysis date: 2018-04-18 10:43:07 UTC ( 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.415887 20180418
AegisLab Troj.W32.Generic!c 20180418
AhnLab-V3 Trojan/Win32.Refinka.R214002 20180418
ALYac Gen:Variant.Graftor.415887 20180418
Antiy-AVL Trojan/Win32.AGeneric 20180418
Arcabit Trojan.Graftor.D6588F 20180418
Avast Win32:Malware-gen 20180418
AVG Win32:Malware-gen 20180418
Avira (no cloud) TR/Crypt.ZPACK.nklmm 20180418
AVware Trojan.Win32.Generic!BT 20180418
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180417
BitDefender Gen:Variant.Graftor.415887 20180418
Bkav HW32.Packed.F3CA 20180410
CAT-QuickHeal Trojan.CeeInject 20180418
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180418
Cyren W32/Trojan.DKUK-6105 20180418
eGambit Unsafe.AI_Score_86% 20180418
Emsisoft Gen:Variant.Graftor.415887 (B) 20180418
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.FXJN 20180418
F-Secure Gen:Variant.Graftor.415887 20180418
Fortinet W32/Dridex.BT!tr 20180418
GData Gen:Variant.Graftor.415887 20180418
Ikarus Trojan.Win32.Refinka 20180418
Sophos ML heuristic 20180121
Jiangmin Trojan.Generic.bmnrz 20180418
K7AntiVirus Trojan ( 00518a681 ) 20180418
K7GW Trojan ( 00518a681 ) 20180418
Kaspersky HEUR:Trojan.Win32.Generic 20180418
MAX malware (ai score=99) 20180418
McAfee GenericRXDL-DC!58692CCCA8E3 20180418
McAfee-GW-Edition BehavesLike.Win32.Conficker.fc 20180417
Microsoft VirTool:Win32/CeeInject 20180418
eScan Gen:Variant.Graftor.415887 20180418
NANO-Antivirus Trojan.Win32.AD.etfrvr 20180418
nProtect Trojan/W32.Refinka.331776.C 20180418
Palo Alto Networks (Known Signatures) generic.ml 20180418
Panda Trj/CI.A 20180417
Qihoo-360 Win32/Trojan.e6d 20180418
Rising Trojan.Refinka!8.EBC2 (TFE:5:FoO7jvgnaUG) 20180418
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180417
Symantec Packed.Generic.517 20180417
Tencent Win32.Trojan.Generic.Swbh 20180418
TrendMicro TSPY_EMOTET.SMZD177 20180418
TrendMicro-HouseCall TSPY_EMOTET.SMZD177 20180418
VIPRE Trojan.Win32.Generic!BT 20180418
ViRobot Trojan.Win32.Z.Kryptik.331776.JI 20180418
Webroot W32.Infostealer.Dridex 20180418
Zillya Trojan.Kryptik.Win32.1294460 20180418
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180418
Alibaba 20180418
Avast-Mobile 20180418
ClamAV 20180418
CMC 20180418
Comodo 20180418
Cybereason 20180225
DrWeb 20180418
F-Prot 20180418
Kingsoft 20180418
Malwarebytes 20180418
SUPERAntiSpyware 20180418
Symantec Mobile Insight 20180412
TheHacker 20180415
TotalDefense 20180418
Trustlook 20180418
VBA32 20180418
WhiteArmor 20180408
Yandex 20180417
Zoner 20180418
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-02 22:19:39
Entry Point 0x00001900
Number of sections 7
PE sections
PE imports
IsWellKnownSid
InitiateSystemShutdownExW
GetBkColor
GetTextCharset
FormatMessageW
FindAtomW
GetConsoleAliasExesLengthA
GetModuleFileNameA
GetFileSize
IsValidCodePage
GetOverlappedResult
LockResource
GetBinaryTypeA
GetCurrentThreadId
GetSystemDirectoryA
GetCurrentProcessId
GetModuleHandleA
DrawTextExW
GetUserObjectInformationW
GetClipCursor
DeletePortW
vprintf
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:10:02 23:19:39+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
12288

LinkerVersion
8.0

EntryPoint
0x1900

InitializedDataSize
319488

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 58692ccca8e32b7c7f48e76be001bfa0
SHA1 844ac63f3ff7651ee256b8709d978f94ad4ea3cb
SHA256 4d1c5c14f8a1e8644ce6f2b7fe5aada7fb72b2e4b0d27b2f23fd48d3826221df
ssdeep
6144:y2LDTiZihP9PQA9irPKmc+IXG4uMMRASNw6yF:yoTiZM97ipc+pRC

authentihash a71b5dab74823f280e12f87c715a7c07f30a078cf360fd19e9218af850ad57c8
imphash 4535296b21f32e3ad62210781b00e6f8
File size 324.0 KB ( 331776 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-25 19:53:16 UTC ( 8 months, 3 weeks ago )
Last submission 2018-04-18 10:43:07 UTC ( 8 months ago )
File names 58692ccca8e32b7c7f48e76be001bfa0
58692ccca8e32b7c7f48e76be001bfa0.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!