× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6faddf7a86b558f4a80e12c1da51ce2e492d66c618b1d029abd6f45b1b8bf79b
File name: 5viAGx9N.zk.bin
Detection ratio: 8 / 56
Analysis date: 2016-12-02 11:07:52 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9796 20161202
CrowdStrike Falcon (ML) malicious_confidence_65% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.MOP 20161202
Sophos ML virus.win32.almanahe.b 20161202
Kaspersky HEUR:Trojan.Win32.Generic 20161202
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161202
Rising Malware.Generic!YE4Op6KcH9L@1 (thunder) 20161202
Tencent Win32.Trojan.Raas.Auto 20161202
Ad-Aware 20161202
AegisLab 20161202
AhnLab-V3 20161202
Alibaba 20161202
ALYac 20161202
Antiy-AVL 20161202
Arcabit 20161202
Avast 20161202
AVG 20161202
Avira (no cloud) 20161202
AVware 20161202
BitDefender 20161202
Bkav 20161201
CAT-QuickHeal 20161202
ClamAV 20161202
CMC 20161202
Comodo 20161202
Cyren 20161202
DrWeb 20161202
Emsisoft 20161202
F-Prot 20161202
F-Secure 20161202
Fortinet 20161202
GData 20161202
Ikarus 20161202
Jiangmin 20161202
K7AntiVirus 20161202
K7GW 20161202
Kingsoft 20161202
Malwarebytes 20161202
McAfee 20161202
McAfee-GW-Edition 20161202
Microsoft 20161202
eScan 20161202
NANO-Antivirus 20161202
nProtect 20161202
Panda 20161201
Sophos AV 20161202
SUPERAntiSpyware 20161202
Symantec 20161202
TheHacker 20161130
TotalDefense 20161202
TrendMicro-HouseCall 20161202
Trustlook 20161202
VBA32 20161202
VIPRE 20161202
ViRobot 20161202
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161202
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2013

File version 2.4.10
Description BASS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-02 08:09:30
Entry Point 0x00022237
Number of sections 7
PE sections
Overlays
MD5 41ce7cae7907c9300cb5a54be7b4cff0
File type data
Offset 256512
Size 14713
Entropy 7.99
PE imports
BeginPath
AnimatePalette
AddFontMemResourceEx
AngleArc
GetCommandLineA
CloseHandle
SendMessageA
CharLowerW
_exit
__set_app_type
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
2.0

ImageVersion
0.0

FileVersionNumber
2.4.10.0

UninitializedDataSize
40960

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x22237

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.4.10

TimeStamp
2016:12:02 09:09:30+01:00

FileType
Win32 DLL

PEType
PE32

FileDescription
BASS

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 1999-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Un4seen Developments

CodeSize
189952

FileSubtype
0

ProductVersionNumber
2.4.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 83089de9091435a54f5b1e553d5d580a
SHA1 74ba4a34a3239f265a6dc8cb6537719e5b77bc05
SHA256 6faddf7a86b558f4a80e12c1da51ce2e492d66c618b1d029abd6f45b1b8bf79b
ssdeep
3072:/alyuF3a+Xm1kx/YgeWeN+/uqWmYsJl7YhhClyW3nXH3nXH3nXH0kUE0kUKsjuBk:/iy1ONeNv4JlMAu7

authentihash ae0b31ea14bd5345417760bbaa7c75d94430df66953d510f29ed276fc62e5f9b
imphash 998cb9253c3d0da41a85d67e0ffd42db
File size 264.9 KB ( 271225 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-02 11:07:52 UTC ( 2 years, 4 months ago )
Last submission 2016-12-05 05:08:41 UTC ( 2 years, 4 months ago )
File names 5viAGx9N.zk.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!