× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52a0c8101492d8e62464475e3a6c13e7665704136eb4ad9641b71c8914deb62d
File name: 52a0c8101492d8e62464475e3a6c13e7665704136eb4ad9641b71c8914deb62d
Detection ratio: 21 / 56
Analysis date: 2015-03-14 18:12:22 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.551846 20150314
ALYac Gen:Variant.Kazy.551846 20150314
Avira (no cloud) TR/Crypt.XPACK.Gen 20150314
BitDefender Gen:Variant.Kazy.551846 20150314
Comodo Heur.Packed.Unknown 20150314
Cyren W32/S-6bfc736e!Eldorado 20150314
Emsisoft Gen:Variant.Kazy.551846 (B) 20150314
ESET-NOD32 a variant of Win32/Korplug.A 20150314
F-Prot W32/S-6bfc736e!Eldorado 20150314
F-Secure Gen:Variant.Kazy.551846 20150314
GData Gen:Variant.Kazy.551846 20150314
Ikarus Trojan.Win32.Korplug 20150314
K7AntiVirus Trojan ( 003db13d1 ) 20150314
K7GW Trojan ( 003db13d1 ) 20150314
Kaspersky HEUR:Trojan.Win32.Generic 20150314
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm 20150314
Microsoft Backdoor:Win32/Plugx.A 20150314
eScan Gen:Variant.Kazy.551846 20150314
Norman PlugX.A 20150314
Panda Trj/Genetic.gen 20150311
TrendMicro-HouseCall TROJ_GEN.R011C0DCE15 20150314
AegisLab 20150314
Yandex 20150312
AhnLab-V3 20150314
Alibaba 20150314
Antiy-AVL 20150314
Avast 20150314
AVG 20150314
AVware 20150314
Baidu-International 20150314
Bkav 20150314
ByteHero 20150314
CAT-QuickHeal 20150314
ClamAV 20150314
CMC 20150313
DrWeb 20150314
Fortinet 20150314
Kingsoft 20150314
Malwarebytes 20150314
McAfee 20150314
NANO-Antivirus 20150314
nProtect 20150313
Qihoo-360 20150314
Rising 20150314
Sophos AV 20150314
SUPERAntiSpyware 20150314
Symantec 20150314
Tencent 20150314
TheHacker 20150313
TotalDefense 20150314
TrendMicro 20150314
VBA32 20150314
VIPRE 20150314
ViRobot 20150314
Zillya 20150313
Zoner 20150313
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0001D67D
Number of sections 2
PE sections
PE imports
BaseInvalidateDllSearchPathCache
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
LookupAccountSidW
RegEnumValueW
RegOverridePredefKey
OpenServiceW
QueryServiceConfigW
ControlService
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
ConvertStringSidToSidW
OpenProcessToken
RegOpenKeyExW
SetTokenInformation
QueryServiceConfig2W
RegEnumValueA
CreateServiceW
GetTokenInformation
DuplicateTokenEx
InitiateSystemShutdownA
GetUserNameW
EnumServicesStatusExW
RegEnumKeyExW
GetLengthSid
CreateProcessAsUserW
AdjustTokenPrivileges
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
ImpersonateLoggedOnUser
AllocateAndInitializeSid
QueryServiceStatusEx
EqualSid
ChangeServiceConfigW
DnsQuery_A
GetDeviceCaps
DeleteDC
SelectObject
CreateDCW
GetDIBits
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
SetFileTime
GetFileAttributesW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
LocalAlloc
GetConsoleCursorInfo
SetErrorMode
lstrcatW
GetFileTime
WideCharToMultiByte
WriteFile
ResumeThread
LocalFree
IsWow64Process
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
FindClose
QueryDosDeviceW
SetFileAttributesW
VirtualQueryEx
OutputDebugStringA
GetSystemInfo
GetSystemTime
LocalLock
WriteProcessMemory
RemoveDirectoryW
ExitProcess
GetSystemDefaultLCID
SetConsoleScreenBufferSize
QueueUserAPC
SetConsoleCtrlHandler
AllocConsole
GetVolumeInformationW
MultiByteToWideChar
GetModuleHandleA
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
ExitThread
TerminateProcess
ReadConsoleOutputW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
lstrcmpiW
WriteConsoleInputW
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
GenerateConsoleCtrlEvent
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
GetComputerNameW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
ResetEvent
FreeConsole
FindFirstFileW
GlobalMemoryStatus
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
GetConsoleWindow
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
LoadLibraryA
CreateFileMappingW
VirtualAllocEx
CreateNamedPipeW
lstrlenA
GetConsoleCP
lstrlenW
Process32NextW
VirtualFree
GetQueuedCompletionStatus
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
ProcessIdToSessionId
GetCommandLineW
Process32FirstW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetModuleHandleW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
memset
memcpy
memcmp
RtlGetCompressionWorkSpaceSize
SQLNumResultCols
SQLAllocEnv
SQLExecDirectW
SQLGetDiagRecW
SQLSetEnvAttr
SQLGetData
SQLAllocHandle
SQLDataSourcesW
SQLDisconnect
SQLFetch
SQLDriverConnectW
SQLFreeHandle
SQLMoreResults
SQLDriversW
SQLColAttributeW
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
VariantClear
EnumProcesses
GetModuleFileNameExW
ExtractIconExW
SHFileOperationW
CommandLineToArgvW
GetForegroundWindow
PostMessageA
PostQuitMessage
GetMessageW
DefWindowProcW
keybd_event
KillTimer
ShowWindow
OpenInputDesktop
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
UnhookWindowsHookEx
SetCapture
OpenWindowStationW
WindowFromPoint
SetProcessWindowStation
mouse_event
SetThreadDesktop
GetProcessWindowStation
CreateDesktopW
DispatchMessageW
GetKeyState
GetAsyncKeyState
GetIconInfo
DestroyIcon
TranslateMessage
SetCursorPos
RegisterRawInputDevices
GetThreadDesktop
CloseWindowStation
CallNextHookEx
wsprintfA
SetTimer
GetClassNameW
GetWindowTextW
CloseDesktop
SetWindowsHookExW
LoadCursorW
CreateWindowExW
wsprintfW
ExitWindowsEx
setsockopt
WSASocketA
socket
WSARecvFrom
bind
WSASendTo
WSACleanup
WSAStartup
gethostbyname
ntohs
WSAGetLastError
getsockname
closesocket
WSAIoctl
connect
File identification
MD5 405386b0fd12bc0defc9e4e4f4d2ad05
SHA1 19f1b414b9cbfb67b2452da2c62cd75d6756f7db
SHA256 52a0c8101492d8e62464475e3a6c13e7665704136eb4ad9641b71c8914deb62d
ssdeep
3072:Udf6CJBQu7FG3zCyX9PoIJXqq6owdy1bTy5NeRQME:0Ji7f9Amwdia5NXME

authentihash 4b6d8597934519a0bec0adeb4ab38b0a79115316badf6c233fcf82ba2b5f0fac
imphash 945b281216cfd87ec802c6afaf2309f7
File size 188.0 KB ( 192512 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (52.5%)
Generic Win/DOS Executable (23.3%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Sybase iAnywhere database files (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-03-14 18:12:22 UTC ( 4 years ago )
Last submission 2015-03-14 18:12:22 UTC ( 4 years ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!