× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
File name: 233.txt
Detection ratio: 47 / 66
Analysis date: 2017-10-14 23:12:47 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.7506 20171014
AegisLab Troj.W32.Cometer!c 20171014
ALYac Gen:Variant.Ursu.7506 20171014
Antiy-AVL Trojan/Win32.Cometer 20171014
Arcabit Trojan.Ursu.D1D52 20171014
Avast Win32:Malware-gen 20171014
AVG Win32:Malware-gen 20171014
Avira (no cloud) TR/Proxy.Gen 20171014
AVware Trojan.Win32.Generic!BT 20171014
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9719 20171013
BitDefender Gen:Variant.Ursu.7506 20171014
CAT-QuickHeal Trojan.Cometer 20171014
ClamAV Win.Tool.CobaltStrike-6336852-0 20171014
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171015
Cyren W32/Trojan.CRMB-1186 20171014
DrWeb DLOADER.Trojan 20171014
eGambit malicious_confidence_77% 20171015
Emsisoft Gen:Variant.Ursu.7506 (B) 20171014
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/RiskWare.CobaltStrike.Beacon.A 20171014
F-Secure Gen:Variant.Ursu.7506 20171014
Fortinet W32/Cometer.A!tr 20171014
GData Gen:Variant.Ursu.7506 20171014
Ikarus HackTool.CobaltStrike 20171014
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0050f89b1 ) 20171014
K7GW Riskware ( 0050f89b1 ) 20171015
Kaspersky HEUR:Trojan.Win32.Cometer.gen 20171014
MAX malware (ai score=100) 20171014
McAfee RDN/Adware-Cometsys 20171015
McAfee-GW-Edition BehavesLike.Win32.Injector.dh 20171014
Microsoft Trojan:Win32/Conbea!rfn 20171014
eScan Gen:Variant.Ursu.7506 20171014
NANO-Antivirus Trojan.Win32.Cometer.etbomh 20171014
Palo Alto Networks (Known Signatures) generic.ml 20171015
Panda Trj/GdSda.A 20171014
Qihoo-360 Win32/Trojan.dd6 20171015
Rising HackTool.Swrort!1.6477 (CLASSIC) 20171014
Sophos AV Mal/Behav-010 20171014
Symantec Meterpreter 20171014
Tencent Win32.Hacktool.Inject.Peqc 20171015
TrendMicro TROJ_GEN.R002C0OJC17 20171014
TrendMicro-HouseCall TROJ_GEN.R002C0OJC17 20171014
VIPRE Trojan.Win32.Generic!BT 20171014
Zillya Trojan.Cometer.Win32.386 20171013
ZoneAlarm by Check Point HEUR:Trojan.Win32.Cometer.gen 20171014
AhnLab-V3 20171014
Alibaba 20170911
Avast-Mobile 20171014
Bkav 20171013
CMC 20171014
Comodo 20171014
F-Prot 20171014
Jiangmin 20171014
Kingsoft 20171015
Malwarebytes 20171014
nProtect 20171014
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171014
Symantec Mobile Insight 20171011
TheHacker 20171013
Trustlook 20171015
VBA32 20171013
ViRobot 20171014
Webroot 20171015
WhiteArmor 20170927
Yandex 20171013
Zoner 20171014
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-17 14:19:23
Entry Point 0x000170C1
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
OpenServiceA
AdjustTokenPrivileges
ControlService
LookupAccountSidA
CreateProcessWithLogonW
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
CreateServiceA
QueryServiceStatus
StartServiceA
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
CreateProcessAsUserA
CryptGenRandom
OpenThreadToken
GetUserNameA
ImpersonateNamedPipeClient
CreateProcessWithTokenW
RevertToSelf
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
LogonUserA
ImpersonateLoggedOnUser
OpenSCManagerA
DnsFree
DnsQuery_A
GetIpAddrTable
GetIfEntry
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
Thread32Next
HeapDestroy
DebugBreak
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetLogicalDrives
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
ResumeThread
GetFullPathNameA
GetOEMCP
LocalFree
MoveFileA
ConnectNamedPipe
GetEnvironmentVariableA
FindClose
DeleteCriticalSection
SetLastError
PeekNamedPipe
OpenThread
TlsGetValue
WriteProcessMemory
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
RemoveDirectoryA
SetHandleCount
UnhandledExceptionFilter
InitializeProcThreadAttributeList
MultiByteToWideChar
GetLocalTime
SetFilePointer
CreateThread
SetEnvironmentVariableW
CreatePipe
SetNamedPipeHandleState
SetUnhandledExceptionFilter
InterlockedDecrement
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
CreateRemoteThread
GetStartupInfoA
OpenProcess
CreateDirectoryA
DeleteFileA
GetProcAddress
VirtualProtectEx
GetProcessHeap
CompareStringW
FindFirstFileA
WaitNamedPipeA
CompareStringA
GetComputerNameA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
UpdateProcThreadAttribute
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
CreateNamedPipeA
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
DeleteProcThreadAttributeList
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaCallAuthenticationPackage
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
select
gethostname
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
socket
bind
PE exports
Compressed bundles
File identification
MD5 4f3a6e16950b92bf9bd4efe8bbff9a1e
SHA1 9f09b4e99e7fd50d53d9df67236a0dfd0a22acc6
SHA256 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f
ssdeep
3072:PO6dwDeMSdxarJ+oxBirVbccTt82UhUbIDa15nSn:P+KYQfrV4Cu2Uy

authentihash 76a5f96f70d7cbe62a7f261ff7d73f2bff5a9cd7dda94d284ecbd085606c0ae0
imphash f2e0b7b9a08bd8dcaf133d9278ecdb47
File size 202.0 KB ( 206848 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
pedll

VirusTotal metadata
First submission 2017-10-12 04:05:36 UTC ( 1 year, 1 month ago )
Last submission 2017-12-20 21:06:34 UTC ( 11 months ago )
File names 233.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!