× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64db1b59ab23a70a4dfb6a91c37eaa1f02fd566585d2ecb4096eb6b979b988e4
File name: dnsupdater.exe
Detection ratio: 11 / 57
Analysis date: 2017-02-11 18:38:14 UTC ( 2 years ago )
Antivirus Result Update
AegisLab DangerousObject.Multi.Gen.lJgd 20170211
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9987 20170210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/MSIL_Troj.DL.gen!Eldorado 20170211
ESET-NOD32 a variant of MSIL/Injector.HHP 20170211
F-Prot W32/MSIL_Troj.DL.gen!Eldorado 20170211
Ikarus Trojan.Msil 20170211
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170211
Sophos AV Troj/MSIL-ILJ 20170211
Symantec ML.Attribute.HighConfidence 20170211
Ad-Aware 20170211
AhnLab-V3 20170211
Alibaba 20170122
ALYac 20170211
Antiy-AVL 20170211
Arcabit 20170211
Avast 20170211
AVG 20170211
Avira (no cloud) 20170211
AVware 20170211
BitDefender 20170211
Bkav 20170211
CAT-QuickHeal 20170211
ClamAV 20170211
CMC 20170211
Comodo 20170211
DrWeb 20170211
Emsisoft 20170211
Endgame 20170208
F-Secure 20170211
Fortinet 20170211
GData 20170211
Jiangmin 20170211
K7AntiVirus 20170210
K7GW 20170211
Kaspersky 20170211
Kingsoft 20170211
Malwarebytes 20170211
McAfee 20170211
McAfee-GW-Edition 20170211
Microsoft 20170211
eScan 20170211
NANO-Antivirus 20170210
nProtect 20170211
Panda 20170211
Rising 20170211
SUPERAntiSpyware 20170211
Tencent 20170211
TheHacker 20170211
TotalDefense 20170211
TrendMicro 20170211
Trustlook 20170211
VBA32 20170210
VIPRE 20170211
ViRobot 20170211
WhiteArmor 20170202
Yandex 20170210
Zillya 20170210
Zoner 20170211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product Library
Original name Library.exe
Internal name Library.exe
File version 1.0.0.0
Description Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-29 20:58:48
Entry Point 0x0001894E
Number of sections 3
.NET details
Module Version ID 261cce45-203b-4ba1-a304-c22a2c81482e
TypeLib ID fd1f7978-b873-43ce-821a-619e69d062a0
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
3584

ImageVersion
0.0

ProductName
Library

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Library

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
Library.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2017:01:29 21:58:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Library.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
92672

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1894e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 a6436b9d9d6fc9d27237733a523ae9ae
SHA1 d382a083bbb73cb229e8c986ea5a68940a171e92
SHA256 64db1b59ab23a70a4dfb6a91c37eaa1f02fd566585d2ecb4096eb6b979b988e4
ssdeep
1536:1zoYBeiLrTGUQ4gciLR6Uu5I8/vNbebDj4mgYdrku4t+rzuLnV0+:9brip4VG6vp3YcSMLnD

authentihash 227b742e5427638c312f6cb892d0e844f7cc94e807c21196c3e3bf13909cbc21
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 94.5 KB ( 96768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-02-11 18:38:14 UTC ( 2 years ago )
Last submission 2017-02-11 18:38:14 UTC ( 2 years ago )
File names dnsupdater.exe
Library.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications