× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57212e057db0d45d94d08cd47dec85f0d85a20a7f4d3824559c81a50999cc2a5
File name: jwgkvsq.vmx
Detection ratio: 59 / 65
Analysis date: 2018-01-19 05:01:17 UTC ( 14 hours, 25 minutes ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Downadup.Gen 20180119
AegisLab W32.W.Kido.cy!c 20180119
AhnLab-V3 Win32/Kido.worm.166425 20180119
ALYac Worm.Conficker 20180119
Antiy-AVL Worm[Net]/Win32.Kido.ih 20180119
Arcabit Win32.Worm.Downadup.Gen 20180119
Avast Win32:Confi [Wrm] 20180119
AVG Win32:Confi [Wrm] 20180119
Avira (no cloud) WORM/Downadup.166425 20180119
AVware Worm.Win32.Downadup.Gen 20180119
Baidu Win32.Worm.Conficker.v 20180118
BitDefender Win32.Worm.Downadup.Gen 20180119
Bkav W32.ConfickerBB.Worm 20180119
CAT-QuickHeal Worm.Conficker.Gen 20180118
ClamAV Win.Worm.Kido-190 20180118
CMC Generic.Win32.908f7f11ef!CMCRadar 20180116
Comodo NetWorm.Win32.Kido.A 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180119
Cyren W32/Risk.RJOO-8351 20180119
DrWeb Win32.HLLW.Shadow 20180119
Emsisoft Win32.Worm.Downadup.Gen (B) 20180119
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Conficker.AD 20180119
F-Prot W32/Malware!ca78 20180119
GData Win32.Worm.Downadup.A@gen 20180119
Ikarus Worm.Win32.Conficker 20180118
Sophos ML heuristic 20170914
Jiangmin Worm/Kido.vg 20180119
K7AntiVirus NetWorm ( 00051ba91 ) 20180118
K7GW NetWorm ( 00051ba91 ) 20180118
Kaspersky Net-Worm.Win32.Kido.ih 20180119
Malwarebytes Worm.Conficker 20180118
McAfee W32/Conficker.worm 20180119
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20180118
Microsoft Worm:Win32/Conficker.C 20180119
eScan Win32.Worm.Downadup.Gen 20180119
NANO-Antivirus Trojan.Win32.Shadow.efgwva 20180119
nProtect Worm/W32.Kido.166425 20180119
Palo Alto Networks (Known Signatures) generic.ml 20180119
Panda Trj/WLT.A 20180118
Qihoo-360 Win32/Trojan.Exploit.bc2 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Conficker-A 20180119
SUPERAntiSpyware Trojan.Agent/Gen-Conficker 20180119
Symantec W32.Downadup.B 20180118
Tencent Win32.Worm-net.Kido.Hrox 20180119
TheHacker W32/Kido.cy 20180115
TotalDefense Win32/Conficker 20180118
TrendMicro WORM_DOWNAD.GR 20180119
TrendMicro-HouseCall WORM_DOWNAD.GR 20180119
VBA32 Worm.Win32.kido.108 20180118
VIPRE Worm.Win32.Downadup.Gen 20180119
ViRobot Worm.Win32.Conficker.91980 20180119
Webroot W32.Worm.Conficker.Gen 20180119
Yandex Worm.Kido.AAK 20180112
Zillya Worm.Conficker.Win32.154 20180118
ZoneAlarm by Check Point Net-Worm.Win32.Kido.ih 20180119
Zoner I-Worm.Conficker.AD 20180119
Alibaba 20180118
Avast-Mobile 20180118
Cybereason 20171103
eGambit 20180119
Fortinet 20180119
Kingsoft 20180119
MAX 20180119
Rising 20180119
Symantec Mobile Insight 20180118
Trustlook 20180119
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-07-16 11:27:03
Entry Point 0x0000423B
Number of sections 4
PE sections
Overlays
MD5 d5d1a091ae0963b379639a5323914400
File type data
Offset 85504
Size 80921
Entropy 8.00
PE imports
IsValidAcl
GetUserNameA
AreAnyAccessesGranted
IsValidSecurityDescriptor
GetBitmapDimensionEx
GdiGetBatchLimit
GetLastError
GetStartupInfoA
QueryPerformanceFrequency
IsDBCSLeadByte
VirtualQuery
IsDebuggerPresent
Sleep
MulDiv
GetSystemTimeAsFileTime
VirtualProtect
GetVersionExA
GetProcAddress
GetProcessHeap
VirtualAlloc
LoadLibraryA
InterlockedIncrement
rand
malloc
_ultoa
_memicmp
_CIcosh
floor
ldiv
frexp
time
_memccpy
_isctype
_adjust_fdiv
_pctype
free
_CIsinh
localeconv
_errno
_CIpow
modf
__mb_cur_max
_initterm
memchr
Ord(680)
CopyIcon
IsClipboardFormatAvailable
GetForegroundWindow
IsCharAlphaNumericA
GetLastActivePopup
BlockInput
IsCharLowerA
SetLastErrorEx
GetDesktopWindow
GetClientRect
GetCursor
GetDlgItem
IsCharAlphaA
GetWindowContextHelpId
GetWindowRgn
IsChild
WindowFromDC
CoFileTimeNow
CoDosDateTimeToFileTime
CoRevertToSelf
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1997:07:16 12:27:03+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
13312

LinkerVersion
7.1

EntryPoint
0x423b

InitializedDataSize
73216

SubsystemVersion
4.0

ImageVersion
4.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 908f7f11efb709acac525c03839dc9e5
SHA1 ff10adcc36e537f4550aacef335fcc1bb0f88c8c
SHA256 57212e057db0d45d94d08cd47dec85f0d85a20a7f4d3824559c81a50999cc2a5
ssdeep
3072:yEqObfQrDXBXD9+GUNa/Vt7fIOJIUrkfuyjbaQ:y+qzBI7Na37fIOtSuyjmQ

authentihash 3b0ee7aa0a3ed6807c1096adaae9192b820457fe4c99aef16d077b609e8146ed
imphash 21d40a33b376ac3230e54146259e3be0
File size 162.5 KB ( 166425 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.3%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
overlay armadillo pedll via-tor

VirusTotal metadata
First submission 2008-12-29 22:54:48 UTC ( 9 years ago )
Last submission 2017-09-28 14:45:07 UTC ( 3 months, 3 weeks ago )
File names 908f7f11efb709acac525c03839dc9e5
qpvnwe.dll
908f7f11efb709acac525c03839dc9e5
57212e057db0d45d94d08cd47dec85f0d85a20a7f4d3824559c81a50999cc2a5-166425
file-46216_xwb
bzkbnv.dll
908f7f11efb709acac525c03839dc9e5ff10adcc36e537f4550aacef335fcc1bb0f88c8c166425.dll
908f7f11efb709acac525c03839dc9e5
908f7f11efb709acac525c03839dc9e5
AFHVVWWY.NA
fiixtlh.exe
001209591
908f7f11efb709acac525c03839dc9e5.dll
908f7f11efb709acac525c03839dc9e5.malware
majnxe.dll
pkkvw.dll
908f7f11efb709acac525c03839dc9e5
jwgkvsq.vmx
owhrmbo.dll
908f7f11efb709acac525c03839dc9e5
908f7f11efb709acac525c03839dc9e5ff10adcc36e537f4550aacef335fcc1bb0f88c8c166425.dll
solera-sa_2015-11-16T01.42.48-0400_192.168.15.23-1118_192.168.15.20-139_908f7f11efb709acac525c03839dc9e5_5.exe
ff10adcc36e537f4550aacef335fcc1bb0f88c8c
onlat.hl
isxdx[1].jpg
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!