× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50a3e9282c99a3d3656606892415fd276dae86005aa8af0cabdb75892ccd1f9e
File name: 8c81ab1ed40c6a1b1d359b305c1c8d7d
Detection ratio: 40 / 62
Analysis date: 2019-03-04 11:30:34 UTC ( 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.LP.fu5@a4a2!pdi 20190304
AhnLab-V3 Malware/Win32.Generic.C1991967 20190304
Antiy-AVL Trojan[Downloader]/Win32.AGeneric 20190304
Arcabit Trojan.Heur.LP.EC6EC7 20190304
Avast Win32:Malware-gen 20190304
AVG Win32:Malware-gen 20190304
Avira (no cloud) HEUR/AGEN.1015599 20190304
BitDefender Gen:Trojan.Heur.LP.fu5@a4a2!pdi 20190304
Bkav W32.KavakulaA.Trojan 20190304
Comodo TrojWare.Win32.Cloxer.DRI@7nqo1u 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
DrWeb Trojan.DownLoader19.38099 20190304
Emsisoft Gen:Trojan.Heur.LP.fu5@a4a2!pdi (B) 20190304
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/TrojanDownloader.Agent.DRI 20190304
F-Secure Heuristic.HEUR/AGEN.1015599 20190304
Fortinet W32/Agent.DRI!tr.dldr 20190304
GData Gen:Trojan.Heur.LP.fu5@a4a2!pdi 20190304
Ikarus Trojan-Downloader.Win32.Agent 20190304
Sophos ML heuristic 20181128
Jiangmin TrojanDownloader.Generic.awee 20190304
K7AntiVirus Trojan-Downloader ( 0051828a1 ) 20190304
K7GW Trojan-Downloader ( 0051828a1 ) 20190304
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20190304
MAX malware (ai score=82) 20190304
McAfee GenericRXFH-LO!8C81AB1ED40C 20190304
McAfee-GW-Edition GenericRXFH-LO!8C81AB1ED40C 20190304
Microsoft TrojanDownloader:Win32/ZombieBoy.A!bit 20190304
eScan Gen:Trojan.Heur.LP.fu5@a4a2!pdi 20190304
NANO-Antivirus Trojan.Win32.Fuery.eqrhlz 20190304
Panda Trj/GdSda.A 20190303
Qihoo-360 HEUR/QVM30.1.9DDB.Malware.Gen 20190304
SentinelOne (Static ML) static engine - malicious 20190203
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20190227
Symantec Downloader.Trojan 20190304
TheHacker Trojan/Downloader.Agent.dri 20190225
Trapmine malicious.moderate.ml.score 20190301
VBA32 Trojan.Downloader 20190304
Yandex Trojan.Fuery! 20190301
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Generic 20190304
Acronis 20190222
AegisLab 20190304
Alibaba 20180921
Avast-Mobile 20190304
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190304
ClamAV 20190303
CMC 20190304
Cybereason 20190109
Cyren 20190304
eGambit 20190304
F-Prot 20190304
Kingsoft 20190304
Malwarebytes 20190304
Palo Alto Networks (Known Signatures) 20190304
Sophos AV 20190304
Symantec Mobile Insight 20190220
TACHYON 20190304
Tencent 20190304
TotalDefense 20190304
Trustlook 20190304
ViRobot 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 05:59:05
Entry Point 0x0000141E
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 82432
Size 3
Entropy 0.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetConsoleCP
RaiseException
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
WinExec
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetStartupInfoW
SetStdHandle
SetEndOfFile
WideCharToMultiByte
TlsFree
InterlockedFlushSList
FindFirstFileExA
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
SetLastError
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:09 05:59:05+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
51200

LinkerVersion
14.1

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x141e

InitializedDataSize
32768

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 8c81ab1ed40c6a1b1d359b305c1c8d7d
SHA1 c388852b850ac41e4175575964fdf7f56630d8f9
SHA256 50a3e9282c99a3d3656606892415fd276dae86005aa8af0cabdb75892ccd1f9e
ssdeep
1536:ejKmFpNtDESljZ1q+h/c+MHvT3Vz83z64sWXcd2dV8B0u:kpNtDHq+hdmvG3za2dV8R

authentihash 16d206b3481c5d217c50845168eb55bbf86be0e27679c9d1ea042964c906815c
imphash 6a79728a09f4edda13797e5ae0ffa0f3
File size 80.5 KB ( 82435 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll overlay

VirusTotal metadata
First submission 2019-03-04 11:30:34 UTC ( 3 weeks ago )
Last submission 2019-03-14 11:57:06 UTC ( 1 week, 4 days ago )
File names 1552019238840_hrurk_dionaea-sgp1_8c81ab1ed40c6a1b1d359b305c1c8d7d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!