× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b
File name: e9da19440fca6f0747bdee8c7985917f
Detection ratio: 40 / 53
Analysis date: 2014-08-08 18:54:15 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
AVG PSW.Generic12.ZCC 20140808
AVware Trojan.Win32.Generic!BT 20140808
Ad-Aware Trojan.GenericKD.1522253 20140808
Agnitum Trojan.Miep!v8zR5Jnbs2I 20140808
AhnLab-V3 Trojan/Win32.Lurk 20140808
AntiVir TR/Rogue.1522253 20140808
Avast Win32:Malware-gen 20140807
Baidu-International Trojan.Win32.Miep.B 20140808
BitDefender Trojan.GenericKD.1522253 20140808
Commtouch W32/Trojan.UMXO-6297 20140808
Comodo UnclassifiedMalware 20140808
DrWeb Trojan.Siggen6.8376 20140808
ESET-NOD32 Win32/Miep.B 20140808
Emsisoft Trojan.GenericKD.1522253 (B) 20140808
F-Secure Trojan.GenericKD.1522253 20140808
Fortinet W32/Miep.B!tr 20140808
GData Trojan.GenericKD.1522253 20140808
Ikarus Trojan.Miep 20140808
Jiangmin Trojan/Miep.a 20140808
K7AntiVirus Trojan ( 004948401 ) 20140808
K7GW Trojan ( 050000001 ) 20140808
Kaspersky Trojan-Spy.Win32.Lurk.aeh 20140808
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140808
Malwarebytes Trojan.Agent.ED 20140808
McAfee RDN/Generic PWS.y!yk 20140808
McAfee-GW-Edition RDN/Generic PWS.y!yk 20140808
MicroWorld-eScan Trojan.GenericKD.1522253 20140808
Microsoft TrojanSpy:Win32/Lurk 20140808
NANO-Antivirus Trojan.Win32.Lurk.cwnrcb 20140808
Norman Troj_Generic.SKKNP 20140808
Panda Generic Malware 20140808
Qihoo-360 Win32/Trojan.f07 20140808
Rising PE:Trojan.Win32.Generic.1674E61E!376759838 20140808
Sophos Mal/Generic-S 20140808
Symantec Trojan.Filurkes 20140808
Tencent Win32.Trojan-spy.Lurk.Anpq 20140808
TrendMicro TROJ_GEN.R0CBC0DB214 20140808
TrendMicro-HouseCall TROJ_GEN.R0CBC0DB214 20140808
ViRobot Trojan.Win32.S.Agent.98816.P 20140808
nProtect Trojan.GenericKD.1522253 20140808
AegisLab 20140808
Antiy-AVL 20140808
Bkav 20140808
ByteHero 20140808
CAT-QuickHeal 20140808
CMC 20140807
ClamAV 20140808
F-Prot 20140808
SUPERAntiSpyware 20140804
TheHacker 20140808
TotalDefense 20140808
VBA32 20140808
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-27 18:36:55
Link date 7:36 PM 1/27/2014
Entry Point 0x0000262E
Number of sections 5
PE sections
PE imports
GetObjectA
SetGraphicsMode
SelectObject
GetDIBits
BitBlt
ModifyWorldTransform
CreateCompatibleDC
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
CreateThread
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
InterlockedDecrement
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
GetEnvironmentStringsW
HeapDestroy
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetMessageA
GetMenuInfo
DestroyMenu
CheckMenuRadioItem
LoadBitmapA
AppendMenuA
DispatchMessageA
SetMenu
PeekMessageA
TranslateMessage
GetMenuDefaultItem
GetDC
GetMenuItemID
CheckMenuItem
GetMenu
GetMenuItemRect
DrawMenuBar
EnableMenuItem
DeleteMenu
GetMenuItemCount
LoadAcceleratorsA
GetSubMenu
CopyAcceleratorTableA
GetMenuStringA
ShowCursor
DestroyAcceleratorTable
GetMenuState
GetMenuBarInfo
GetMenuItemInfoA
CreateAcceleratorTableA
IsDialogMessageA
PE exports
Number of PE resources by type
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:27 19:36:55+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
43520

LinkerVersion
9.0

FileAccessDate
2014:08:08 19:54:25+01:00

EntryPoint
0x262e

InitializedDataSize
57344

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:08:08 19:54:25+01:00

UninitializedDataSize
0

File identification
MD5 e9da19440fca6f0747bdee8c7985917f
SHA1 05446c67ff8c0baffa969fc5cc4dd62edcad46f5
SHA256 607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b
ssdeep
3072:hq6YHl7mcQ5NM3MYy/jMI0aL9FgiEdMnyi+OZVgfO:hq/mnM3MYy/jMI0aL9FgiEdMnyi+OZV

imphash 05d7ab2296d06ecd366397377fc865de
File size 96.5 KB ( 98816 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
exploit pedll

VirusTotal metadata
First submission 2014-01-28 00:21:23 UTC ( 1 year, 1 month ago )
Last submission 2014-08-08 18:54:15 UTC ( 6 months, 3 weeks ago )
File names e9da19440fca6f0747bdee8c7985917f.kaf
e9da19440fca6f0747bdee8c7985917f
6AA.dmp
vti-rescan
17C.dmp
7B7.dmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!