× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51cfbb090720bb609d94329990afbae0b3c54abf662f4da3265cacc21ec49488
File name: spyviet.dll
Detection ratio: 43 / 57
Analysis date: 2016-09-12 23:19:38 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.GM.4144000900 20160912
AhnLab-V3 Backdoor/Win32.Plugx.N2089508281 20160912
Antiy-AVL Trojan[Backdoor]/Win32.Gulpix 20160912
Arcabit Trojan.Heur.GM.D7FFFFFFF 20160912
Avast Win32:Evo-gen [Susp] 20160912
AVG Generic37.BGNQ 20160912
Avira (no cloud) TR/Dynamer.qvjg 20160912
AVware Trojan.Win32.Generic!BT 20160912
Baidu Win32.Trojan.Korplug.b 20160912
BitDefender Gen:Trojan.Heur.GM.4144000900 20160912
CAT-QuickHeal Backdoor.Plugx 20160912
Comodo Heur.Packed.Unknown 20160912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.UCFA-5191 20160912
DrWeb DLOADER.Trojan 20160912
Emsisoft Gen:Trojan.Heur.GM.4144000900 (B) 20160912
ESET-NOD32 a variant of Win32/Korplug.CV 20160912
F-Secure Gen:Trojan.Heur.GM.4144000900 20160912
Fortinet W32/Korplug.CV!tr 20160912
GData Gen:Trojan.Heur.GM.4144000900 20160912
Ikarus Trojan.Win32.Korplug 20160912
Sophos ML backdoor.win32.tofsee.f 20160912
Jiangmin Backdoor.Gulpix.dd 20160912
K7AntiVirus Trojan ( 004b027a1 ) 20160912
K7GW Trojan ( 004b027a1 ) 20160912
Kaspersky Backdoor.Win32.Gulpix.vvz 20160912
Malwarebytes Trojan.KorPlug 20160912
McAfee RDN/Generic BackDoor 20160912
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20160912
Microsoft Backdoor:Win32/Plugx!rfn 20160912
eScan Gen:Trojan.Heur.GM.4144000900 20160912
NANO-Antivirus Trojan.Win32.Korplug.ebjrua 20160912
Panda Trj/GdSda.A 20160912
Rising Malware.Generic!a88GPLVn2QH@3 (thunder) 20160912
Sophos AV Mal/Behav-010 20160912
Symantec Trojan Horse 20160912
Tencent Win32.Backdoor.Gulpix.Lfzu 20160913
TrendMicro TROJ_GEN.R047C0RHN16 20160912
TrendMicro-HouseCall TROJ_GEN.R047C0RHN16 20160912
VBA32 Backdoor.Gulpix 20160912
VIPRE Trojan.Win32.Generic!BT 20160912
Yandex Backdoor.Gulpix!jaRgXTMcWS8 20160911
Zillya Backdoor.Gulpix.Win32.331 20160912
AegisLab 20160912
Alibaba 20160912
ALYac 20160912
Bkav 20160912
ClamAV 20160912
CMC 20160912
F-Prot 20160912
Kingsoft 20160913
nProtect 20160912
Qihoo-360 20160913
SUPERAntiSpyware 20160912
TheHacker 20160911
ViRobot 20160912
Zoner 20160912
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-20 08:27:05
Entry Point 0x0000123A
Number of sections 5
PE sections
Overlays
MD5 b4202f7fe985b9648b4676e6f70832bd
File type ASCII text
Offset 152064
Size 3584
Entropy 0.00
PE imports
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
LookupAccountSidW
RegOverridePredefKey
OpenServiceW
QueryServiceConfigW
ControlService
InitializeAcl
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
SetTokenInformation
QueryServiceConfig2W
EqualSid
CreateServiceW
GetTokenInformation
DuplicateTokenEx
InitiateSystemShutdownA
GetUserNameW
EnumServicesStatusExW
RegEnumKeyExW
GetLengthSid
GetAce
CreateProcessAsUserW
AdjustTokenPrivileges
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
QueryServiceStatusEx
ImpersonateLoggedOnUser
ChangeServiceConfigW
GetDeviceCaps
DeleteDC
SelectObject
CreateDCW
GetDIBits
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
SetFileTime
GetFileAttributesW
lstrcmpW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
LocalAlloc
GetConsoleCursorInfo
SetErrorMode
GetFileTime
WideCharToMultiByte
WriteFile
ResumeThread
LocalFree
ConnectNamedPipe
InitializeCriticalSection
FindClose
QueryDosDeviceW
SetFileAttributesW
VirtualQueryEx
GetSystemInfo
GetSystemTime
LocalLock
WriteProcessMemory
GetModuleFileNameW
ExitProcess
SetConsoleScreenBufferSize
LoadLibraryA
VerSetConditionMask
SetConsoleCtrlHandler
AllocConsole
GetSystemDefaultLCID
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
IsProcessorFeaturePresent
ExitThread
TerminateProcess
ReadConsoleOutputW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
lstrcmpiW
WriteConsoleInputW
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
GenerateConsoleCtrlEvent
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
GetComputerNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
ResetEvent
FreeConsole
GetComputerNameA
FindFirstFileW
GlobalMemoryStatus
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetConsoleWindow
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
VirtualAllocEx
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetVolumeInformationW
lstrlenW
VirtualFree
GetQueuedCompletionStatus
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
ProcessIdToSessionId
GetCommandLineW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetModuleHandleW
UnmapViewOfFile
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
ExtractIconExW
SHFileOperationW
CommandLineToArgvW
OpenInputDesktop
SetCapture
GetMessageW
DefWindowProcW
FindWindowW
keybd_event
KillTimer
PostQuitMessage
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
UnhookWindowsHookEx
PostMessageA
OpenWindowStationW
WindowFromPoint
DestroyCursor
SetProcessWindowStation
mouse_event
SetThreadDesktop
GetProcessWindowStation
CreateDesktopW
DispatchMessageW
GetKeyState
GetAsyncKeyState
GetIconInfo
DestroyIcon
ShowWindow
TranslateMessage
SetCursorPos
GetThreadDesktop
CloseWindowStation
CallNextHookEx
wsprintfA
SetTimer
GetClassNameW
GetWindowTextW
CloseDesktop
SetWindowsHookExW
LoadCursorW
CreateWindowExW
wsprintfW
ExitWindowsEx
Compressed bundles
File identification
MD5 321a2f0abe47977d5c8663bd7a7c7d28
SHA1 b0fbef2ff60221870e8573da5cfbe4f4f4ca7493
SHA256 51cfbb090720bb609d94329990afbae0b3c54abf662f4da3265cacc21ec49488
ssdeep
3072:J0j/X5+ER2CkRquJ9yE2xqmkT1txKif1Ds5eUW/WOV3I7RWe4UT/QOoDf:Af88EquiE2T61tYifpK6WRCBOoz

authentihash 126104468c53bafc2323559fa58e213337d924837d0653ffb980c1675e057930
imphash 13b0173e3274c49bc2f91451f1010fb2
File size 152.0 KB ( 155648 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-08-23 19:12:07 UTC ( 1 year, 9 months ago )
Last submission 2016-09-12 23:19:38 UTC ( 1 year, 8 months ago )
File names spyviet.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!