× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a8fb94739a6d6a6b2762f5a8853178c75a7f5bc633ec6d257dfd15f8a4ccb1e
File name: msi.dll
Detection ratio: 34 / 56
Analysis date: 2015-10-27 02:26:54 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.164764 20151027
Yandex Trojan.Korplug!ECkC0mHsv10 20151026
AhnLab-V3 Trojan/Win32.HDC 20151027
ALYac Gen:Variant.Graftor.164764 20151027
Arcabit Trojan.Graftor.D2839C 20151027
Avast Win32:Malware-gen 20151027
AVG Agent5.DDV 20151026
Avira (no cloud) TR/Korplug.10240 20151027
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Trojan.Win32.Korplug.DV 20151026
BitDefender Gen:Variant.Graftor.164764 20151027
CAT-QuickHeal Backdoor.Plugx.r4 20151027
Comodo UnclassifiedMalware 20151027
Cyren W32/Trojan.FKFW-1027 20151027
Emsisoft Gen:Variant.Graftor.164764 (B) 20151027
ESET-NOD32 a variant of Win32/Korplug.DV 20151027
F-Secure Gen:Variant.Graftor.164764 20151027
Fortinet W32/Korplug.DV!tr 20151026
GData Gen:Variant.Graftor.164764 20151027
Ikarus Trojan.Win32.Korplug 20151027
K7AntiVirus Trojan ( 004b0f671 ) 20151026
K7GW Trojan ( 004b0f671 ) 20151027
McAfee RDN/Generic BackDoor 20151027
McAfee-GW-Edition RDN/Generic BackDoor 20151027
Microsoft Backdoor:Win32/Plugx 20151027
eScan Gen:Variant.Graftor.164764 20151027
NANO-Antivirus Trojan.Win32.Korplug.djglus 20151027
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20151027
Sophos AV Mal/Generic-S 20151027
Symantec Suspicious.Cloud.7.L 20151026
Tencent Trojan.Win32.Qudamah.Gen.11 20151027
TrendMicro TROJ_GEN.R01TC0DHI15 20151027
VIPRE Trojan.Win32.Generic!BT 20151027
Zillya Trojan.Korplug.Win32.671 20151026
AegisLab 20151026
Alibaba 20151027
Antiy-AVL 20151027
Bkav 20151026
ByteHero 20151027
ClamAV 20151027
CMC 20151026
DrWeb 20151027
F-Prot 20151027
Jiangmin 20151026
Kaspersky 20151027
Malwarebytes 20151026
nProtect 20151026
Panda 20151026
Rising 20151026
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
TrendMicro-HouseCall 20151027
VBA32 20151026
ViRobot 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-13 09:22:11
Entry Point 0x00002680
Number of sections 4
PE sections
PE imports
FileTimeToDosDateTime
TerminateThread
GetConsoleCursorInfo
GetOEMCP
GetEnvironmentStringsW
DefineDosDeviceA
CallNamedPipeA
BuildCommDCBW
SetConsoleCursorPosition
FlushFileBuffers
WinExec
UpdateResourceA
GetQueuedCompletionStatus
SetProcessWorkingSetSize
EnterCriticalSection
GetHandleInformation
GetPrivateProfileIntA
GetCommProperties
SetErrorMode
HeapSize
CreateDirectoryW
GetProcAddress
FillConsoleOutputAttribute
SetSystemTimeAdjustment
GetProfileIntA
SetStdHandle
SetConsoleTitleW
CompareStringW
CreateThread
FileTimeToLocalFileTime
MoveFileExW
GetModuleHandleA
VirtualUnlock
QueryDosDeviceA
BackupWrite
EnumResourceNamesA
GetProcessWorkingSetSize
UnlockFileEx
LoadLibraryExA
IsBadStringPtrW
SetConsoleCP
GetProfileIntW
SetCommConfig
TransactNamedPipe
IsBadReadPtr
GetStringTypeExA
LocalUnlock
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2014:09:13 10:22:11+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
6144

LinkerVersion
10.0

EntryPoint
0x2680

InitializedDataSize
7168

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 83a6a209e3074ee9f7aa9d0a97aca426
SHA1 363eb2c3f61f4680819fc95cd198b5d3491be57a
SHA256 5a8fb94739a6d6a6b2762f5a8853178c75a7f5bc633ec6d257dfd15f8a4ccb1e
ssdeep
192:lKA6N1IS+ZB+sAtuQ8zu0Aaic2dl3foAy3/HolG7Yap+6Ep5nZ36iTpzx/NfaW68:lKAZ48zkdRusy1Pb

authentihash 90f36ac1a4d1514679ea25dc27bdd31a4c386fe6bd220b4bfa8cd732ca041fe5
imphash 800c039ebe29cd4f8ffd3b130585be88
File size 10.0 KB ( 10240 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2014-11-21 07:05:02 UTC ( 3 years, 10 months ago )
Last submission 2015-08-10 15:13:58 UTC ( 3 years, 2 months ago )
File names msi.dll
c
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0DHI15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!