× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6dea5e9584b8189b185512f8f2a1b23752095e97d98d95a48c8bde56b1e431fb
Detection ratio: 45 / 66
Analysis date: 2018-05-23 15:15:37 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.55105 20180523
AegisLab Gen.Variant.Johnnie!c 20180523
ALYac Gen:Variant.Barys.55105 20180523
Antiy-AVL Trojan/Win32.TSGeneric 20180523
Arcabit Trojan.Barys.DD741 20180523
Avast Win32:Malware-gen 20180523
AVG Win32:Malware-gen 20180523
Avira (no cloud) TR/Crypt.ZPACK.mglnn 20180523
AVware Trojan.Win32.Generic!BT 20180523
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180523
BitDefender Gen:Variant.Barys.55105 20180523
CAT-QuickHeal Trojan.IGENERIC 20180522
Comodo .UnclassifiedMalware 20180523
Cylance Unsafe 20180523
Cyren W32/Trojan.IMBA-0653 20180523
Emsisoft Gen:Variant.Barys.55105 (B) 20180523
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GEOV 20180523
F-Secure Gen:Variant.Barys.55105 20180523
Fortinet W32/Dridex.BT!tr 20180523
GData Gen:Variant.Barys.55105 20180523
Ikarus Trojan.Win32.Crypt 20180523
Sophos ML heuristic 20180503
K7AntiVirus Trojan ( 0052b06b1 ) 20180523
K7GW Trojan ( 0052b06b1 ) 20180523
Kaspersky HEUR:Trojan.Win32.Generic 20180523
MAX malware (ai score=95) 20180523
McAfee GenericRXEJ-CB!537D5A22641F 20180523
McAfee-GW-Edition GenericRXEJ-CB!537D5A22641F 20180523
Microsoft Trojan:Win32/Tiggre!rfn 20180523
eScan Gen:Variant.Barys.55105 20180523
NANO-Antivirus Trojan.Win32.Drop.eyywua 20180523
Panda Trj/GdSda.A 20180523
Qihoo-360 Win32/Trojan.45a 20180523
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180523
Symantec ML.Attribute.HighConfidence 20180523
Tencent Win32.Trojan.Generic.Suob 20180523
TrendMicro TROJ_GEN.R011C0RCK18 20180523
TrendMicro-HouseCall TSPY_EMOTET.SMZD177 20180523
VBA32 BScope.TrojanBanker.Emotet 20180523
VIPRE Trojan.Win32.Generic!BT 20180523
Webroot W32.Infostealer.Dridex 20180523
Yandex Trojan.Agent!k72YVB86we4 20180522
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180523
AhnLab-V3 20180523
Alibaba 20180523
Avast-Mobile 20180523
Babable 20180406
Bkav 20180523
ClamAV 20180521
CMC 20180523
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180523
eGambit 20180523
F-Prot 20180523
Jiangmin 20180523
Kingsoft 20180523
Malwarebytes 20180523
nProtect 20180523
Palo Alto Networks (Known Signatures) 20180523
Rising 20180523
SUPERAntiSpyware 20180523
Symantec Mobile Insight 20180522
TheHacker 20180516
Trustlook 20180523
ViRobot 20180523
Zillya 20180523
Zoner 20180522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Product PyWin32
File version 2.7.219.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-11 07:45:42
Entry Point 0x00001DE0
Number of sections 9
PE sections
PE imports
CryptGetDefaultProviderA
capGetDriverDescriptionW
GetMetaFileBitsEx
GetTextExtentExPointI
GetClipBox
GetModuleHandleA
GetCompressedFileSizeW
GetSystemTimeAsFileTime
FindVolumeMountPointClose
GetCurrentThreadId
FindFirstFileExW
GetModuleFileNameA
GetBinaryTypeA
wglGetProcAddress
FindExecutableA
GetDlgCtrlID
DefFrameProcW
GetActiveWindow
IsCharAlphaW
GetFocus
GetSysColor
DestroyWindow
PdhExpandCounterPathA
FaultInIEFeature
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.255

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.23539

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1de0

MIMEType
application/octet-stream

FileVersion
2.7.219.0

TimeStamp
2018:03:11 08:45:42+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
2.7.219.0

SubsystemVersion
4.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
1789689678

ProductName
PyWin32

ProductVersionNumber
6.1.7601.23539

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 537d5a22641f4816bb566cb505d084f6
SHA1 8c9dcd28d2b160ad0a2d68d3fb63b98dacb6ccc0
SHA256 6dea5e9584b8189b185512f8f2a1b23752095e97d98d95a48c8bde56b1e431fb
ssdeep
6144:tm2ClQTKI/IAuGOOKZjgtKiNuyZ57Ixr+Yyw3pqqn+pGig86u3xz46:Y2O0KtAuGOOKxbiIyzXPw3pxnYGY3x

authentihash 263e0d7436a8613d2e6849e2de494ad163ca2a66c4906d0d7651be30471e86b1
imphash 671722004495af833e6ac722d1a4397d
File size 476.0 KB ( 487424 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-19 11:32:03 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-23 15:15:37 UTC ( 6 months, 3 weeks ago )
File names 537d5a22641f4816bb566cb505d084f6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!