Antivirus scan for 6faddf7a86b558f4a80e12c1da51ce2e492d66c618b1d029abd6f45b1b8bf79b at 2016-12-02 11:07:52 UTC

Antivirus	Result	Update
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9796	20161202
CrowdStrike Falcon (ML)	malicious_confidence_65% (D)	20161024
ESET-NOD32	a variant of Win32/GenKryptik.MOP	20161202
Sophos ML	virus.win32.almanahe.b	20161202
Kaspersky	HEUR:Trojan.Win32.Generic	20161202
Qihoo-360	HEUR/QVM39.1.0000.Malware.Gen	20161202
Rising	Malware.Generic!YE4Op6KcH9L@1 (thunder)	20161202
Tencent	Win32.Trojan.Raas.Auto	20161202
Ad-Aware		20161202
AegisLab		20161202
AhnLab-V3		20161202
Alibaba		20161202
ALYac		20161202
Antiy-AVL		20161202
Arcabit		20161202
Avast		20161202
AVG		20161202
Avira (no cloud)		20161202
AVware		20161202
BitDefender		20161202
Bkav		20161201
CAT-QuickHeal		20161202
ClamAV		20161202
CMC		20161202
Comodo		20161202
Cyren		20161202
DrWeb		20161202
Emsisoft		20161202
F-Prot		20161202
F-Secure		20161202
Fortinet		20161202
GData		20161202
Ikarus		20161202
Jiangmin		20161202
K7AntiVirus		20161202
K7GW		20161202
Kingsoft		20161202
Malwarebytes		20161202
McAfee		20161202
McAfee-GW-Edition		20161202
Microsoft		20161202
eScan		20161202
NANO-Antivirus		20161202
nProtect		20161202
Panda		20161201
Sophos AV		20161202
SUPERAntiSpyware		20161202
Symantec		20161202
TheHacker		20161130
TotalDefense		20161202
TrendMicro-HouseCall		20161202
Trustlook		20161202
VBA32		20161202
VIPRE		20161202
ViRobot		20161202
WhiteArmor		20161125
Yandex		20161201
Zillya		20161201
Zoner		20161202

The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.

FileVersionInfo properties

File version 2.4.10

Description BASS

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2016-12-02 08:09:30

Entry Point 0x00022237

Number of sections 7

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 170320 170496 5.50 2de4c76cd81ea8d54d92005659a9f591

.codec 176128 19212 19456 7.26 caf7b3548e9601ff9da2b9c9c9165aa2

.bss1 196608 40960 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 237568 6453 6656 7.01 ac281e41ddf66b3957b71ef7d2b75fa6

.data 245760 668 1024 3.75 141ea97d0b72184045b21ff5dece7aea

.rsrc 249856 13568 13824 4.10 8ceec8de5a3bf773d06c2d32d34a958c

.reloc 266240 43892 44032 5.91 19d43f85aa4dd50ea4a792e9ff107ea3

Overlays

MD5 41ce7cae7907c9300cb5a54be7b4cff0

File type data

Offset 256512

Size 14713

Entropy 7.99

PE imports

Number of PE resources by type

RT_BITMAP 2

RT_VERSION 1

Number of PE resources by language

ENGLISH US 3

PE resources

458d37934415d7949244dcece8c0f3ae53e27ee11c8331114628ea4590d6cc68 data

932fbaa9fd9d255b9dd2dcbc7907d7f92a57ff5b83ee29908bfc64aaeafc8523 data

c6370b8948055d513ed8f1eb967af7cc90a93baff3a363dded1a8f1dea2a8d54 ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Fri Dec 02 08:09:30 2016 197336 55 Bytes

ExifTool file metadata

SubsystemVersion

5.1

LinkerVersion

2.0

ImageVersion

0.0

FileVersionNumber

2.4.10.0

UninitializedDataSize

40960

LanguageCode

Neutral

FileFlagsMask

0x0000

CharacterSet

Unicode

InitializedDataSize

65536

EntryPoint

0x22237

MIMEType

application/octet-stream

Subsystem

Windows GUI

FileVersion

2.4.10

TimeStamp

2016:12:02 09:09:30+01:00

FileType

Win32 DLL

PEType

PE32

FileDescription

BASS

OSVersion

5.1

FileOS

Win32

LegalCopyright

MachineType

Intel 386 or later, and compatibles

CompanyName

Un4seen Developments

CodeSize

189952

FileSubtype

ProductVersionNumber

2.4.0.0

FileTypeExtension

dll

ObjectFileType

Dynamic link library

File identification

MD5 83089de9091435a54f5b1e553d5d580a

SHA1 74ba4a34a3239f265a6dc8cb6537719e5b77bc05

SHA256 6faddf7a86b558f4a80e12c1da51ce2e492d66c618b1d029abd6f45b1b8bf79b

ssdeep

3072:/alyuF3a+Xm1kx/YgeWeN+/uqWmYsJl7YhhClyW3nXH3nXH3nXH0kUE0kUKsjuBk:/iy1ONeNv4JlMAu7

authentihash ae0b31ea14bd5345417760bbaa7c75d94430df66953d510f29ed276fc62e5f9b

imphash 998cb9253c3d0da41a85d67e0ffd42db

File size 264.9 KB ( 271225 bytes )

File type Win32 DLL

Magic literal

PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (43.5%) Win32 Executable (generic) (29.8%) Generic Win/DOS Executable (13.2%) DOS Executable Generic (13.2%)

VirusTotal metadata

First submission 2016-12-02 11:07:52 UTC ( 2 years, 4 months ago )

Last submission 2016-12-05 05:08:41 UTC ( 2 years, 4 months ago )

File names

5viAGx9N.zk.bin

SHA256:	6faddf7a86b558f4a80e12c1da51ce2e492d66c618b1d029abd6f45b1b8bf79b
File name:	5viAGx9N.zk.bin
Detection ratio:	8 / 56
Analysis date:	2016-12-02 11:07:52 UTC ( 2 years, 4 months ago ) View latest

Ciphered bundle