× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6592c9069b71a9ae5b481c39fc98027f066a0654faeeef4df48c08ff876c074c
Detection ratio: 44 / 63
Analysis date: 2018-05-23 15:11:25 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.314344 20180523
AegisLab Gen.Variant.Johnnie!c 20180523
AhnLab-V3 Malware/Win32.Generic.C2472310 20180523
ALYac Gen:Variant.Razy.314344 20180523
Antiy-AVL Trojan/Win32.TSGeneric 20180523
Arcabit Trojan.Razy.D4CBE8 20180523
Avast Win32:Malware-gen 20180523
AVG Win32:Malware-gen 20180523
Avira (no cloud) TR/Crypt.ZPACK.bzhnx 20180523
AVware Trojan.Win32.Generic!BT 20180523
BitDefender Gen:Variant.Razy.314344 20180523
CAT-QuickHeal Trojan.IGENERIC 20180522
ClamAV Win.Trojan.Emotet-6478709-0 20180521
Comodo .UnclassifiedMalware 20180523
Cylance Unsafe 20180523
DrWeb Trojan.MulDrop7.62888 20180523
Emsisoft Gen:Variant.Razy.314344 (B) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGTD 20180523
F-Secure Gen:Variant.Razy.314344 20180523
Fortinet W32/Dridex.BT!tr 20180523
GData Gen:Variant.Razy.314344 20180523
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052b0791 ) 20180523
K7GW Trojan ( 0052b0791 ) 20180523
Kaspersky Trojan-Banker.Win32.Emotet.afxy 20180523
Malwarebytes Trojan.MalPack 20180523
MAX malware (ai score=95) 20180523
McAfee RDN/Generic PWS.y 20180523
McAfee-GW-Edition RDN/Generic PWS.y 20180523
Microsoft Trojan:Win32/Cloxer.D!cl 20180523
eScan Gen:Variant.Razy.314344 20180523
NANO-Antivirus Trojan.Win32.GenKryptik.eyzzxm 20180523
Palo Alto Networks (Known Signatures) generic.ml 20180523
Panda Trj/CI.A 20180523
Qihoo-360 Win32/Trojan.1d5 20180523
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180523
Symantec ML.Attribute.HighConfidence 20180523
Tencent Win32.Trojan-banker.Emotet.Agux 20180523
VBA32 BScope.TrojanBanker.Emotet 20180523
VIPRE Trojan.Win32.Generic!BT 20180523
Webroot W32.Infostealer.Dridex 20180523
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.afxy 20180523
Alibaba 20180523
Avast-Mobile 20180523
Babable 20180406
Baidu 20180523
Bkav 20180523
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180523
eGambit 20180523
F-Prot 20180523
Jiangmin 20180523
Kingsoft 20180523
nProtect 20180523
Rising 20180523
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
TrendMicro-HouseCall 20180523
Trustlook 20180523
ViRobot 20180523
Yandex 20180522
Zillya 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights res

Product Microsoft® Windows® Operating S
Original name msafd.dl
Internal name msafd.dl
File version 6.1.7600.16385 (win7_rtm.090713-1255
Description Micr
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-14 09:16:41
Entry Point 0x00001480
Number of sections 6
PE sections
PE imports
RegSaveKeyExW
DeleteObject
CreateRectRgn
GetSystemPaletteEntries
GetCurrentDirectoryA
CreateConsoleScreenBuffer
DrawDibRealize
wglGetProcAddress
CM_Get_Res_Des_Data
SHRegGetUSValueW
wnsprintfA
VkKeyScanExW
InternetAttemptConnect
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
2

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1480

OriginalFileName
msafd.dl

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights res

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255

TimeStamp
2018:02:14 10:16:41+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
msafd.dl

ProductVersion
6.1.7600.1638

FileDescription
Micr

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
2063370106

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 70b71d97bcd65b27c7e6f44797672318
SHA1 902268b975dd115725271432e559c0caaee3a23f
SHA256 6592c9069b71a9ae5b481c39fc98027f066a0654faeeef4df48c08ff876c074c
ssdeep
6144:va6JwrMxbNXfJIMEPdBmSa4xYmHuSq0PtvfRev6ZEdtV1XbFn5jlKoqR:S66wNcmSaDqud8tvsiZYnX7xKdR

authentihash 9b0e982f33078afc132af1661f84a8904c60719e8b14b802cf4cbed23fcc5d3f
imphash d840f39b1eb7a807660ffd9ddc51f851
File size 476.0 KB ( 487424 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-19 11:30:38 UTC ( 9 months ago )
Last submission 2018-05-23 15:11:25 UTC ( 6 months, 3 weeks ago )
File names 70b71d97bcd65b27c7e6f44797672318
msafd.dl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!