× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ff810ee1fb0052a0645ec159e41e9dbeb1414ddc97d7a560a338c723eabb596
File name: 14aa615a9be3edc86e12f6fa6ac0b154
Detection ratio: 34 / 63
Analysis date: 2017-09-09 20:23:29 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.218685 20170909
ALYac Gen:Variant.Razy.218685 20170909
Antiy-AVL Trojan/Win32.SGeneric 20170909
Arcabit Trojan.Razy.D3563D 20170909
Avast FileRepMetagen [Malware] 20170909
AVG FileRepMetagen [Malware] 20170909
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170908
BitDefender Gen:Variant.Razy.218685 20170909
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170909
DrWeb Trojan.MulDrop7.34138 20170909
Emsisoft Gen:Variant.Razy.218685 (B) 20170909
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FVBO 20170909
F-Secure Gen:Variant.Razy.218685 20170909
Fortinet W32/Kryptik.FUKX!tr 20170909
GData Gen:Variant.Razy.218685 20170909
Sophos ML heuristic 20170822
Kaspersky Trojan.Win32.Refinka.alr 20170909
Malwarebytes Trojan.Dridex 20170909
MAX malware (ai score=86) 20170909
McAfee Drixed-FGR!14AA615A9BE3 20170909
McAfee-GW-Edition BehavesLike.Win32.Conficker.fc 20170909
eScan Gen:Variant.Razy.218685 20170909
NANO-Antivirus Trojan.Win32.AD.ernzdt 20170909
Panda Trj/CI.A 20170909
Qihoo-360 HEUR/QVM40.1.BBE9.Malware.Gen 20170909
Rising Trojan.Refinka!8.EBC2 (cloud:yKhrmW1wViH) 20170909
Sophos AV Troj/Dridex-YZ 20170909
Symantec Trojan.Gen.2 20170909
Tencent Win32.Trojan.Refinka.Dygw 20170909
TrendMicro-HouseCall TROJ_GEN.R021C0PI917 20170909
VIPRE Trojan.Win32.Generic!BT 20170909
ZoneAlarm by Check Point Trojan.Win32.Refinka.alr 20170909
AegisLab 20170909
AhnLab-V3 20170909
Alibaba 20170908
Avira (no cloud) 20170909
AVware 20170906
Bkav 20170909
CAT-QuickHeal 20170909
CMC 20170902
Comodo 20170909
Cyren 20170909
F-Prot 20170909
Ikarus 20170909
Jiangmin 20170909
K7AntiVirus 20170909
K7GW 20170909
Kingsoft 20170909
Microsoft 20170909
nProtect 20170909
Palo Alto Networks (Known Signatures) 20170909
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170909
Symantec Mobile Insight 20170908
TheHacker 20170907
TotalDefense 20170909
Trustlook 20170909
VBA32 20170907
ViRobot 20170909
Webroot 20170909
WhiteArmor 20170829
Yandex 20170908
Zillya 20170909
Zoner 20170909
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-31 21:36:04
Entry Point 0x000013D0
Number of sections 5
PE sections
PE imports
CreateProcessWithLogonW
OpenEventLogA
GetNumberOfEventLogRecords
GetFontLanguageInfo
Module32FirstW
GlobalFindAtomW
GetCurrentProcessId
GetModuleHandleA
LockResource
FindAtomA
ExitProcess
GetModuleFileNameA
GetBinaryTypeA
FrameRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:07:31 22:36:04+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
12288

LinkerVersion
8.0

FileTypeExtension
dll

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x13d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 14aa615a9be3edc86e12f6fa6ac0b154
SHA1 609ad7cf336a935f146ea140a8268971df94f355
SHA256 4ff810ee1fb0052a0645ec159e41e9dbeb1414ddc97d7a560a338c723eabb596
ssdeep
6144:6kj4BMVK42F+TI3byM3LzxAMtSGZYfggtAs3UE5i780Q:nQ4c+TINNAqYfgyAskEk

authentihash a4508860bfdb9fe54b89a39ad00a02cb29a6c0398b896aa68baadf235dda724c
imphash 72f524e446d71dc60fce6d0d9b7139fc
File size 324.0 KB ( 331776 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2017-09-09 20:23:29 UTC ( 1 year, 3 months ago )
Last submission 2017-09-09 20:23:29 UTC ( 1 year, 3 months ago )
File names 14aa615a9be3edc86e12f6fa6ac0b154
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!