× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b4f6f70cd772302725c3ddd0963b9ccea5fde5d0103cdd4432282e28b5634e1
File name: fde741f87afd2dbf3babce86b2abc55f
Detection ratio: 17 / 65
Analysis date: 2018-03-25 18:50:15 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win64.Generic.C1880699 20180325
Avast Sf:Crypt-IU [Trj] 20180325
AVG Sf:Crypt-IU [Trj] 20180325
Avira (no cloud) TR/Carberp.cxjcw 20180325
AVware Trojan.Win32.Generic!BT 20180325
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cylance Unsafe 20180325
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win64/Hvnc.AB 20180325
Fortinet W64/Hvnc.AE!tr 20180325
Ikarus Trojan-Downloader.Win64.Carberp 20180325
Jiangmin TrojanDownloader.Carberp.au 20180325
Microsoft Trojan:Win64/Carberp.A 20180325
Rising Spyware.Agent!8.C6 (TFE:1:sbDbeOLIVTL) 20180325
VIPRE Trojan.Win32.Generic!BT 20180325
Yandex Trojan.DL.Carberp!r0SJo7fGnPo 20180324
Zillya Downloader.Carberp.Win64.7 20180323
Ad-Aware 20180325
AegisLab 20180325
Alibaba 20180323
ALYac 20180325
Arcabit 20180325
Avast-Mobile 20180325
Baidu 20180323
BitDefender 20180325
Bkav 20180325
CAT-QuickHeal 20180325
ClamAV 20180325
CMC 20180325
Comodo 20180325
Cybereason 20180225
Cyren 20180325
DrWeb 20180325
eGambit 20180325
Emsisoft 20180325
F-Prot 20180325
F-Secure 20180325
GData 20180325
Sophos ML 20180121
K7AntiVirus 20180325
K7GW 20180325
Kaspersky 20180325
Kingsoft 20180325
Malwarebytes 20180325
MAX 20180325
McAfee 20180325
McAfee-GW-Edition 20180325
eScan 20180325
NANO-Antivirus 20180325
nProtect 20180325
Palo Alto Networks (Known Signatures) 20180325
Panda 20180325
Qihoo-360 20180325
SentinelOne (Static ML) 20180225
Sophos AV 20180325
SUPERAntiSpyware 20180325
Symantec 20180324
Symantec Mobile Insight 20180311
Tencent 20180325
TheHacker 20180319
TotalDefense 20180325
TrendMicro 20180325
TrendMicro-HouseCall 20180325
Trustlook 20180325
VBA32 20180323
ViRobot 20180325
WhiteArmor 20180324
ZoneAlarm by Check Point 20180325
Zoner 20180325
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-01-29 14:44:07
Entry Point 0x000016E0
Number of sections 6
PE sections
PE imports
RegOpenKeyA
RegCloseKey
CryptGetHashParam
RegQueryValueExA
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptReleaseContext
RegOpenKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
CryptDecodeObject
GetSystemPaletteEntries
CombineRgn
GetClipBox
GetViewportOrgEx
GetDeviceCaps
CreateDCA
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
CreateBitmap
CreateFontA
GetStockObject
SetViewportOrgEx
ExtTextOutA
GetDIBits
GdiFlush
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
SetDIBColorTable
SetWindowOrgEx
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
WaitForSingleObject
HeapDestroy
EncodePointer
FlsGetValue
DuplicateHandle
GetProcessId
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
OpenFileMappingA
SetErrorMode
GetFileInformationByHandle
lstrcatW
GetThreadContext
GetLocaleInfoW
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
AddVectoredExceptionHandler
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
FindClose
lstrcpynW
GetEnvironmentVariableW
SetLastError
GetSystemTime
OpenThread
WriteProcessMemory
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
FlsSetValue
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
HeapCreate
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetLastError
GetOEMCP
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
GetFileSize
OpenProcess
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
lstrlenA
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
GetCurrentThreadId
lstrcpyA
CreateFileMappingA
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GlobalLock
SetEvent
CreateFileW
CreateEventA
CreateFileA
HeapAlloc
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetSystemWindowsDirectoryA
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
VerLanguageNameW
GlobalFree
GetProcessTimes
GlobalUnlock
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
WideCharToMultiByte
Process32FirstW
GetCurrentThread
SuspendThread
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadStringPtrA
OpenEventA
VirtualAlloc
GetModuleFileNameExA
GetMappedFileNameW
EnumProcessModules
ShellExecuteA
PathRemoveArgsA
PathStripPathW
StrCmpNIW
StrStrIA
StrRChrW
StrTrimW
StrStrA
StrToIntA
PathRemoveBlanksA
PathCombineA
StrDupA
StrRChrA
StrChrA
PathRemoveArgsW
PathRemoveBlanksW
PathCombineW
StrChrW
SetFocus
SendNotifyMessageA
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
CreateDesktopA
VkKeyScanA
WindowFromPoint
CharUpperBuffW
CallNextHookEx
SetActiveWindow
GetDC
ChildWindowFromPointEx
GetMenu
EndMenu
SendMessageA
GetClientRect
ToAscii
DrawTextW
GetThreadDesktop
ScreenToClient
RedrawWindow
GetMenuItemCount
MapVirtualKeyExA
DestroyWindow
DrawEdge
GetParent
RegisterWindowMessageA
GetUserObjectInformationA
ShowWindow
GetMenuState
GetClipboardData
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
GetMenuItemRect
SetClipboardData
GetWindowTextA
WindowFromDC
GetKeyboardLayoutList
IsIconic
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
SetTimer
UnhookWinEvent
GetKeyboardLayout
FillRect
GetClassLongPtrA
EnumDesktopWindows
RealChildWindowFromPoint
GetGUIThreadInfo
PtInRect
MapWindowPoints
VkKeyScanExW
MapVirtualKeyA
GetMessageA
BeginPaint
SetClassLongPtrA
KillTimer
SetWindowLongPtrA
GetClipboardOwner
VkKeyScanExA
DefWindowProcA
SetClipboardViewer
ToUnicodeEx
GetSystemMetrics
CreateDialogIndirectParamW
GetWindowRect
PostMessageA
EnumChildWindows
SetWindowLongA
SetKeyboardState
CreatePopupMenu
GetSubMenu
GetLastActivePopup
CreateWindowExA
BringWindowToTop
ClientToScreen
FindWindowExA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
GetDesktopWindow
GetSystemMenu
GetMenuItemID
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetScrollBarInfo
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
EndDialog
SetWinEventHook
FindWindowA
GetWindowThreadProcessId
HiliteMenuItem
AppendMenuA
UnhookWindowsHookEx
MoveWindow
CallWindowProcA
ChangeClipboardChain
GetSysColor
GetKeyState
MenuItemFromPoint
GetDoubleClickTime
PrintWindow
IsWindowVisible
GetWindowInfo
GetWindowLongPtrA
wsprintfA
SendMessageTimeoutA
CloseDesktop
IsRectEmpty
GetClassNameA
wsprintfW
CloseClipboard
GetAncestor
connect
htonl
socket
recv
send
accept
WSACleanup
WSAStartup
gethostbyname
ioctlsocket
select
shutdown
bind
htons
closesocket
WSAGetLastError
listen
RtlInitUnicodeString
NtSetContextThread
ZwQueryKey
NtMapViewOfSection
ZwOpenProcess
ZwOpenProcessToken
RtlVirtualUnwind
NtQueryObject
NtQuerySystemInformation
RtlEqualUnicodeString
NtUnmapViewOfSection
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareUnicodeString
ZwQueryInformationProcess
RtlUnwindEx
NtCreateSection
NtGetContextThread
ZwClose
ZwQueryInformationToken
NtResumeProcess
NtSuspendProcess
NtQueryInformationFile
CoUninitialize
CoInitialize
PE exports
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:01:29 15:44:07+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
172544

LinkerVersion
10.0

EntryPoint
0x16e0

InitializedDataSize
82944

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 fde741f87afd2dbf3babce86b2abc55f
SHA1 64c35d8243a5dbfac33ed10a76241ef9c7953db6
SHA256 6b4f6f70cd772302725c3ddd0963b9ccea5fde5d0103cdd4432282e28b5634e1
ssdeep
6144:ZagplmdkV9btaPY1ZqWlbedTFx9nuqFc:EOlmdkV9eYrqWlap9n/

authentihash a52c1f92069d7870fa226a521e619238af41c9e717631b06a954380d82d9f9fc
imphash b89b793b1167c522aa3024bf061288ce
File size 244.0 KB ( 249856 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-25 18:50:15 UTC ( 8 months, 2 weeks ago )
Last submission 2018-03-26 08:46:08 UTC ( 8 months, 2 weeks ago )
File names fde741f87afd2dbf3babce86b2abc55f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!