× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 732116b9d3a8373edeac0f506ec78ce2c6adbb075d2ba8586951f79ec4c4d6ba
File name: shell32.dll
Detection ratio: 14 / 58
Analysis date: 2017-03-02 00:11:48 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20170301
AhnLab-V3 Trojan/Win32.HDC.C697916 20170301
Avast Win32:Crypt-SMP [Trj] 20170301
AVG Generic17_c.OIR 20170302
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20170301
Endgame malicious (moderate confidence) 20170222
Kaspersky UDS:DangerousObject.Multi.Generic 20170228
McAfee Artemis!1E81C45DA634 20170301
McAfee-GW-Edition BehavesLike.Win32.BadFile.zz 20170301
Microsoft Trojan:Win32/Starter.Q 20170301
Panda Trj/CerberCrypto.A 20170301
Qihoo-360 Win32/Trojan.a60 20170302
TrendMicro-HouseCall TROJ_GEN.R0FAH01BJ17 20170302
Webroot Malicious 20170302
Ad-Aware 20170301
Alibaba 20170228
ALYac 20170301
Antiy-AVL 20170301
Arcabit 20170301
Avira (no cloud) 20170302
AVware 20170301
BitDefender 20170301
Bkav 20170301
CAT-QuickHeal 20170301
ClamAV 20170301
CMC 20170301
Comodo 20170301
CrowdStrike Falcon (ML) 20170130
Cyren 20170301
DrWeb 20170301
Emsisoft 20170301
ESET-NOD32 20170302
F-Prot 20170301
F-Secure 20170301
Fortinet 20170301
GData 20170301
Ikarus 20170301
Sophos ML 20170203
Jiangmin 20170301
K7AntiVirus 20170301
K7GW 20170301
Kingsoft 20170302
Malwarebytes 20170302
eScan 20170302
NANO-Antivirus 20170301
nProtect 20170301
Rising None
Sophos AV 20170301
SUPERAntiSpyware 20170301
Symantec 20170301
Tencent 20170302
TheHacker 20170228
TrendMicro 20170302
Trustlook 20170302
VBA32 20170301
VIPRE 20170301
ViRobot 20170301
WhiteArmor 20170222
Yandex 20170225
Zillya 20170301
Zoner 20170301
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-05 12:29:21
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
CreateProcessAsUserW
CreateEventA
GetLastError
SetEnvironmentVariableA
GetWindowsDirectoryA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:01:05 13:29:21+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
512

LinkerVersion
1.71

FileTypeExtension
dll

InitializedDataSize
1536

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 1e81c45da6345d3badcf55ee5d792771
SHA1 fe5fa2f7fecdce66e5d8e4d157dff57cd38abc50
SHA256 732116b9d3a8373edeac0f506ec78ce2c6adbb075d2ba8586951f79ec4c4d6ba
ssdeep
12:ZbrGSGK46y1xFiXWMRoKXmoO+lAiCIdmgPC8ORYRJQRC8EPP6:ZHGStuFiG8nmoO/feC8ORYRJQRvSy

authentihash 39c2b291c2ee8c45ff647da6405134ffeef5f4df4a92e8ee8b3af80aaeb461a9
imphash 1b9a8910d05ddd29da5b7a7794a9e5b8
File size 3.0 KB ( 3072 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.6%)
Win16/32 Executable Delphi generic (16.3%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
pedll

VirusTotal metadata
First submission 2017-03-01 10:12:07 UTC ( 1 year, 10 months ago )
Last submission 2018-01-11 06:26:11 UTC ( 1 year ago )
File names shell
MALICIOUS.exe
M.exe
732116b9d3a8373e_shell32.dll
header.dll
shell.dll
shell32.dll
MAL.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!