× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b
File name: e9da19440fca6f0747bdee8c7985917f
Detection ratio: 37 / 56
Analysis date: 2015-03-06 02:29:32 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Graftor.129295 20150305
AVG PSW.Generic12.ZCC 20150305
AVware Trojan.Win32.Generic!BT 20150305
Ad-Aware Gen:Variant.Graftor.129295 20150305
Agnitum Trojan.Miep!v8zR5Jnbs2I 20150228
AhnLab-V3 Trojan/Win32.Lurk 20150305
Avast Win32:Malware-gen 20150305
Avira TR/Rogue.1522253 20150305
Baidu-International Trojan.Win32.Lurk.aeh 20150305
BitDefender Gen:Variant.Graftor.129295 20150305
Comodo UnclassifiedMalware 20150305
DrWeb Trojan.Siggen6.8376 20150305
ESET-NOD32 Win32/Miep.B 20150305
Emsisoft Gen:Variant.Graftor.129295 (B) 20150305
Fortinet W32/Miep.B!tr 20150305
GData Gen:Variant.Graftor.129295 20150305
Ikarus Trojan.Miep 20150305
Jiangmin Trojan/Miep.a 20150304
K7AntiVirus Trojan ( 004948401 ) 20150305
K7GW Trojan ( 004948401 ) 20150305
Kaspersky Trojan-Spy.Win32.Lurk.aeh 20150305
Kingsoft Win32.Troj.Generic.a.(kcloud) 20150306
Malwarebytes Trojan.Agent.ED 20150305
McAfee Generic.dx!E9DA19440FCA 20150305
McAfee-GW-Edition Generic.dx!E9DA19440FCA 20150305
MicroWorld-eScan Gen:Variant.Graftor.129295 20150305
Microsoft TrojanSpy:Win32/Lurk 20150305
NANO-Antivirus Trojan.Win32.Lurk.cwnrcb 20150305
Norman Troj_Generic.SKKNP 20150305
Panda Generic Malware 20150305
Qihoo-360 Win32/Trojan.Spy.581 20150306
Rising PE:Trojan.Win32.Generic.1674E61E!376759838 20150305
Sophos Mal/Generic-S 20150305
Symantec Trojan.Filurkes 20150305
Tencent Win32.Trojan-spy.Lurk.Anpq 20150306
VIPRE Trojan.Win32.Generic!BT 20150305
ViRobot Trojan.Win32.S.Agent.98816.P[h] 20150305
AegisLab 20150305
Alibaba 20150305
Antiy-AVL 20150305
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150305
CMC 20150304
ClamAV 20150305
Cyren 20150305
F-Prot 20150305
SUPERAntiSpyware 20150305
TheHacker 20150303
TotalDefense 20150305
TrendMicro 20150305
TrendMicro-HouseCall 20150305
VBA32 20150305
Zillya 20150305
Zoner 20150303
nProtect 20150305
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-27 18:36:55
Link date 7:36 PM 1/27/2014
Entry Point 0x0000262E
Number of sections 5
PE sections
PE imports
GetObjectA
SetGraphicsMode
SelectObject
GetDIBits
BitBlt
ModifyWorldTransform
CreateCompatibleDC
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
CreateThread
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
InterlockedDecrement
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
GetEnvironmentStringsW
HeapDestroy
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetMessageA
GetMenuInfo
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
AppendMenuA
DispatchMessageA
SetMenu
PeekMessageA
TranslateMessage
GetMenuDefaultItem
GetDC
GetMenuItemID
CheckMenuItem
GetMenu
GetMenuItemRect
DrawMenuBar
EnableMenuItem
DeleteMenu
GetMenuItemCount
LoadAcceleratorsA
GetSubMenu
CopyAcceleratorTableA
GetMenuStringA
ShowCursor
DestroyAcceleratorTable
GetMenuState
GetMenuBarInfo
GetMenuItemInfoA
CreateAcceleratorTableA
IsDialogMessageA
PE exports
Number of PE resources by type
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:27 19:36:55+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
43520

LinkerVersion
9.0

EntryPoint
0x262e

InitializedDataSize
57344

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 e9da19440fca6f0747bdee8c7985917f
SHA1 05446c67ff8c0baffa969fc5cc4dd62edcad46f5
SHA256 607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b
ssdeep
3072:hq6YHl7mcQ5NM3MYy/jMI0aL9FgiEdMnyi+OZVgfO:hq/mnM3MYy/jMI0aL9FgiEdMnyi+OZVh

authentihash 289d647d237410d5be90b84e035a5235436faf31b07c8ec7db68c459684bc017
imphash 05d7ab2296d06ecd366397377fc865de
File size 96.5 KB ( 98816 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-01-28 00:21:23 UTC ( 1 year, 6 months ago )
Last submission 2014-08-08 18:54:15 UTC ( 11 months, 3 weeks ago )
File names e9da19440fca6f0747bdee8c7985917f.kaf
e9da19440fca6f0747bdee8c7985917f
6AA.dmp
vti-rescan
17C.dmp
7B7.dmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!