× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51cfbb090720bb609d94329990afbae0b3c54abf662f4da3265cacc21ec49488
File name: spyviet.dll
Detection ratio: 29 / 55
Analysis date: 2016-08-23 19:12:07 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.GM.4144000900 20160823
Antiy-AVL Trojan[Backdoor]/Win32.Gulpix 20160823
Arcabit Trojan.Heur.GM.D7FFFFFFF 20160823
Avast Win32:Evo-gen [Susp] 20160823
AVG Generic37.BGNQ 20160823
Avira (no cloud) TR/Dynamer.qvjg 20160823
Baidu Win32.Trojan.Korplug.b 20160823
BitDefender Gen:Trojan.Heur.GM.4144000900 20160823
Comodo Heur.Packed.Unknown 20160823
DrWeb DLOADER.Trojan 20160823
Emsisoft Gen:Trojan.Heur.GM.4144000900 (B) 20160823
ESET-NOD32 a variant of Win32/Korplug.CV 20160823
F-Secure Gen:Trojan.Heur.GM.4144000900 20160823
GData Gen:Trojan.Heur.GM.4144000900 20160823
Ikarus Trojan.Win32.Korplug 20160823
Jiangmin Backdoor.Gulpix.dd 20160823
K7AntiVirus Trojan ( 004b027a1 ) 20160823
K7GW Trojan ( 004b027a1 ) 20160823
McAfee Artemis!321A2F0ABE47 20160823
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160823
eScan Gen:Trojan.Heur.GM.4144000900 20160823
NANO-Antivirus Trojan.Win32.Korplug.ebjrua 20160823
Panda Trj/GdSda.A 20160823
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20160823
Rising Malware.Generic!a88GPLVn2QH@3 (Thunder) 20160823
Sophos AV Mal/Behav-010 20160823
Symantec Heur.AdvML.B 20160823
VBA32 Backdoor.Gulpix 20160823
Yandex Backdoor.Gulpix!jaRgXTMcWS8 20160823
AegisLab 20160823
AhnLab-V3 20160823
Alibaba 20160823
ALYac 20160823
AVware 20160823
Bkav 20160823
CAT-QuickHeal 20160823
ClamAV 20160823
CMC 20160822
Cyren 20160823
F-Prot 20160823
Fortinet 20160823
Kaspersky 20160823
Kingsoft 20160823
Malwarebytes 20160823
Microsoft 20160823
nProtect 20160823
SUPERAntiSpyware 20160823
Tencent 20160823
TheHacker 20160821
TrendMicro 20160823
TrendMicro-HouseCall 20160823
VIPRE 20160823
ViRobot 20160823
Zillya 20160820
Zoner 20160823
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-20 08:27:05
Entry Point 0x0000123A
Number of sections 5
PE sections
Overlays
MD5 b4202f7fe985b9648b4676e6f70832bd
File type ASCII text
Offset 152064
Size 3584
Entropy 0.00
PE imports
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
LookupAccountSidW
RegOverridePredefKey
OpenServiceW
QueryServiceConfigW
ControlService
InitializeAcl
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
SetTokenInformation
QueryServiceConfig2W
EqualSid
CreateServiceW
GetTokenInformation
DuplicateTokenEx
InitiateSystemShutdownA
GetUserNameW
EnumServicesStatusExW
RegEnumKeyExW
GetLengthSid
GetAce
CreateProcessAsUserW
AdjustTokenPrivileges
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
QueryServiceStatusEx
ImpersonateLoggedOnUser
ChangeServiceConfigW
GetDeviceCaps
DeleteDC
SelectObject
CreateDCW
GetDIBits
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
SetFileTime
GetFileAttributesW
lstrcmpW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
LocalAlloc
GetConsoleCursorInfo
SetErrorMode
GetFileTime
WideCharToMultiByte
WriteFile
ResumeThread
LocalFree
ConnectNamedPipe
InitializeCriticalSection
FindClose
QueryDosDeviceW
SetFileAttributesW
VirtualQueryEx
GetSystemInfo
GetSystemTime
LocalLock
WriteProcessMemory
GetModuleFileNameW
ExitProcess
SetConsoleScreenBufferSize
LoadLibraryA
VerSetConditionMask
SetConsoleCtrlHandler
AllocConsole
GetSystemDefaultLCID
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
IsProcessorFeaturePresent
ExitThread
TerminateProcess
ReadConsoleOutputW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
SleepEx
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
lstrcmpiW
WriteConsoleInputW
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
GenerateConsoleCtrlEvent
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
GetComputerNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
ResetEvent
FreeConsole
GetComputerNameA
FindFirstFileW
GlobalMemoryStatus
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetConsoleWindow
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
VirtualAllocEx
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetVolumeInformationW
lstrlenW
VirtualFree
GetQueuedCompletionStatus
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
ProcessIdToSessionId
GetCommandLineW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetModuleHandleW
UnmapViewOfFile
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
ExtractIconExW
SHFileOperationW
CommandLineToArgvW
OpenInputDesktop
SetCapture
GetMessageW
DefWindowProcW
FindWindowW
keybd_event
KillTimer
PostQuitMessage
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
UnhookWindowsHookEx
PostMessageA
OpenWindowStationW
WindowFromPoint
DestroyCursor
SetProcessWindowStation
mouse_event
SetThreadDesktop
GetProcessWindowStation
CreateDesktopW
DispatchMessageW
GetKeyState
GetAsyncKeyState
GetIconInfo
DestroyIcon
ShowWindow
TranslateMessage
SetCursorPos
GetThreadDesktop
CloseWindowStation
CallNextHookEx
wsprintfA
SetTimer
GetClassNameW
GetWindowTextW
CloseDesktop
SetWindowsHookExW
LoadCursorW
CreateWindowExW
wsprintfW
ExitWindowsEx
Compressed bundles
File identification
MD5 321a2f0abe47977d5c8663bd7a7c7d28
SHA1 b0fbef2ff60221870e8573da5cfbe4f4f4ca7493
SHA256 51cfbb090720bb609d94329990afbae0b3c54abf662f4da3265cacc21ec49488
ssdeep
3072:J0j/X5+ER2CkRquJ9yE2xqmkT1txKif1Ds5eUW/WOV3I7RWe4UT/QOoDf:Af88EquiE2T61tYifpK6WRCBOoz

authentihash 126104468c53bafc2323559fa58e213337d924837d0653ffb980c1675e057930
imphash 13b0173e3274c49bc2f91451f1010fb2
File size 152.0 KB ( 155648 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (42.5%)
DOS Executable Borland Pascal 7.0x (19.2%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-08-23 19:12:07 UTC ( 2 years, 1 month ago )
Last submission 2016-09-12 23:19:38 UTC ( 2 years ago )
File names spyviet.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!