× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5393935da519add1c19e285291dd790d8d6cf04fcdd2d721f6d530f0f2132ee7
File name: 8.dll
Detection ratio: 8 / 57
Analysis date: 2015-04-17 18:39:09 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.C470 20150417
ESET-NOD32 Win32/Dridex.M 20150417
Kaspersky Worm.Win32.Cridex.qgm 20150417
Qihoo-360 HEUR/QVM39.1.Malware.Gen 20150417
Sophos AV Troj/Dridex-CP 20150417
Symantec Trojan.Gen.SMH.2 20150417
Tencent Trojan.Win32.Qudamah.Gen.9 20150417
TrendMicro-HouseCall Suspicious_GEN.F47V0417 20150417
Ad-Aware 20150417
AegisLab 20150417
Yandex 20150417
AhnLab-V3 20150417
Alibaba 20150417
ALYac 20150417
Antiy-AVL 20150417
Avast 20150417
AVG 20150417
Avira (no cloud) 20150417
AVware 20150417
Baidu-International 20150417
BitDefender 20150417
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Cyren 20150417
DrWeb 20150417
Emsisoft 20150417
F-Prot 20150417
F-Secure 20150417
Fortinet 20150417
GData 20150417
Ikarus 20150417
Jiangmin 20150414
K7AntiVirus 20150417
K7GW 20150417
Kingsoft 20150417
Malwarebytes 20150417
McAfee 20150417
McAfee-GW-Edition 20150417
Microsoft 20150419
eScan 20150417
NANO-Antivirus 20150417
Norman 20150417
nProtect 20150417
Panda 20150417
Rising 20150417
SUPERAntiSpyware 20150417
TheHacker 20150417
TotalDefense 20150417
TrendMicro 20150417
VBA32 20150417
VIPRE 20150417
ViRobot 20150417
Zillya 20150417
Zoner 20150417
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 06:30:16
Entry Point 0x00006540
Number of sections 4
PE sections
PE imports
GetClusterKey
GetLastError
LCMapStringW
Process32First
FillConsoleOutputCharacterA
DeviceIoControl
GetTickCount
SetConsoleTextAttribute
VerLanguageNameW
FoldStringA
SetupComm
Heap32Next
LocalAlloc
DebugActiveProcessStop
GetConsoleCursorInfo
GetLogicalDrives
GetProcAddress
InterlockedCompareExchange
GetFullPathNameA
GetModuleHandleA
SetConsoleTitleA
IsProcessorFeaturePresent
IsBadStringPtrW
WriteProfileSectionA
WriteConsoleA
InitializeCriticalSection
GlobalAlloc
FindFirstVolumeA
AllocConsole
SetFirmwareEnvironmentVariableA
LocalUnlock
GetFileSize
MprAdminInterfaceUpdatePhonebookInfo
MprAdminConnectionClearStats
MprConfigTransportGetInfo
MprAdminServerGetInfo
LPSAFEARRAY_UserMarshal
VarCyFromUI2
getc
setlocale
memset
fgets
isprint
abs
putwc
putc
isdigit
mbstowcs
memcpy
UrlMkSetSessionOption
CreateURLMonikerEx
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:04:17 07:30:16+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
293888

LinkerVersion
8.0

EntryPoint
0x6540

InitializedDataSize
16896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ec35660657404295a78d8d1bcb1f1071
SHA1 4c935d5e777ef77e60a3f69718b839d902258b68
SHA256 5393935da519add1c19e285291dd790d8d6cf04fcdd2d721f6d530f0f2132ee7
ssdeep
6144:s1yDrh7BqZCp2H+b0Hyc2h5yYTdUHdt0tTQBcQyHWakMxHisTkEQsc/:2+EZy2H4y8aX0twWDHiBEJO

authentihash b0871b605d409e234601f74022c07ba5b71d2b6fd9fbfa53b080bde83c8f78c3
imphash e5769b10321ea5e457e2e8eef2a44269
File size 297.0 KB ( 304128 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-17 09:49:42 UTC ( 2 years, 8 months ago )
Last submission 2017-11-09 21:06:52 UTC ( 1 month ago )
File names 8.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!