× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71fa4cb47cee8aa749fc5b1e6ec472137c482d0efdadd8b56c0baf778fe2be54
File name: d957cda6190e8e04e7ed6d3cb8f79326.virus
Detection ratio: 31 / 67
Analysis date: 2017-10-22 04:25:25 UTC ( 1 year, 1 month ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win64.Dridex.C2196994 20171021
Avast Win64:Malware-gen 20171022
AVG Win64:Malware-gen 20171022
AVware Trojan.Win64.Dridex 20171022
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171020
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171022
eGambit malicious_confidence_54% 20171022
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win64/Kryptik.BHM 20171022
Fortinet W64/Dridex.BHM!tr 20171022
GData Win64.Trojan.Agent.09F0YB 20171022
Ikarus Trojan.Win64.Crypt 20171021
Sophos ML heuristic 20170914
Jiangmin Trojan.Dridex.bw 20171021
K7GW Trojan ( 005197681 ) 20171022
Kaspersky Trojan.Win64.Dridex.ldw 20171022
Malwarebytes Trojan.Dridex 20171022
McAfee Drixed-FHA!D957CDA6190E 20171022
McAfee-GW-Edition BehavesLike.Win64.Backdoor.gc 20171022
nProtect Trojan/W64.Dridex.466944.T 20171022
Panda Trj/CI.A 20171021
Qihoo-360 Win32/Trojan.247 20171022
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171022
Tencent Win64.Trojan.Dridex.Wrqd 20171022
TrendMicro TROJ_GEN.R004C0PJK17 20171022
TrendMicro-HouseCall TROJ_GEN.R004C0PJK17 20171022
VIPRE Trojan.Win64.Dridex 20171022
Webroot W32.Trojan.Gen 20171022
ZoneAlarm by Check Point Trojan.Win64.Dridex.ldw 20171022
Ad-Aware 20171022
AegisLab 20171022
Alibaba 20170911
ALYac 20171022
Antiy-AVL 20171022
Arcabit 20171022
Avast-Mobile 20171021
Avira (no cloud) 20171021
BitDefender 20171022
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171022
Cyren 20171022
DrWeb 20171022
Emsisoft 20171022
F-Prot 20171022
F-Secure 20171022
K7AntiVirus 20171019
Kingsoft 20171022
MAX 20171022
Microsoft 20171022
eScan 20171022
NANO-Antivirus 20171022
Palo Alto Networks (Known Signatures) 20171022
Rising 20171022
SUPERAntiSpyware 20171022
Symantec 20171021
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171021
Trustlook 20171022
VBA32 20171020
ViRobot 20171021
WhiteArmor 20171016
Yandex 20171021
Zillya 20171021
Zoner 20171022
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights re

Product Microsoft® Windows® Operati
Original name authz.dll
Internal name authz.dll
File version 6.1.7600.16385 (win7_rtm.090713-1255
Description Authorization Framework
PE header basic information
Target machine x64
Compilation timestamp 2017-10-12 23:32:10
Entry Point 0x00001430
Number of sections 9
PE sections
PE imports
GetModuleHandleW
GetClipboardSequenceNumber
fgetws
isalnum
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
16.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
487424

EntryPoint
0x1430

OriginalFileName
authz.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights re

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255

TimeStamp
2017:10:13 00:32:10+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
authz.dll

ProductVersion
6.1.7600.1638

FileDescription
Authorization Framework

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corpor

CodeSize
16384

ProductName
Microsoft Windows Operati

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 d957cda6190e8e04e7ed6d3cb8f79326
SHA1 72da6d95f2c119c4fb80c985b467bc62ba7c57ed
SHA256 71fa4cb47cee8aa749fc5b1e6ec472137c482d0efdadd8b56c0baf778fe2be54
ssdeep
6144:27A09nmshJO1GRIuuyZRIFvqo3tNeEYv4Ym6A0VWHhoVOpvLWM6RFTFxQqTitWEk:27A09XKyZ1LyUkOsTAHxQMATgE

authentihash 5b3570824c96b586bbcc3b7de4eed3c6c650abdf22de26b96eae514c269122c3
imphash 72df5e33242cbbc3e5dc63a4b92421ec
File size 456.0 KB ( 466944 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2017-10-22 04:25:25 UTC ( 1 year, 1 month ago )
Last submission 2017-10-22 04:25:25 UTC ( 1 year, 1 month ago )
File names d957cda6190e8e04e7ed6d3cb8f79326.virus
authz.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!