× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7652b31fc979ad35883863b382188343716bf836547cf7cc6651f4572ad0b746
File name: 87939a6fcca87e867359dcc603986d3e
Detection ratio: 59 / 65
Analysis date: 2018-01-25 05:42:44 UTC ( 8 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Downadup.Gen 20180125
AegisLab W32.W.Kido.ih!c 20180125
AhnLab-V3 Win32/Kido.worm.154652 20180125
ALYac Win32.Worm.Downadup.Gen 20180125
Antiy-AVL Worm[Net]/Win32.Kido 20180125
Arcabit Win32.Worm.Downadup.Gen 20180125
Avast Win32:Rootkit-gen [Rtk] 20180125
AVG Win32:Rootkit-gen [Rtk] 20180125
Avira (no cloud) TR/Dropper.Gen 20180124
AVware Worm.Win32.Downad.Gen (v) 20180124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180124
BitDefender Win32.Worm.Downadup.Gen 20180125
Bkav W32.ConfickerS.Worm 20180124
CAT-QuickHeal Worm.Conficker.Gen 20180124
ClamAV Win.Worm.Kido-243 20180125
CMC Net-Worm.Win32.Conficker.1!O 20180125
Comodo NetWorm.Win32.Kido.A 20180125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180125
Cyren W32/Conficker!Generic 20180125
DrWeb Win32.HLLW.Shadow.based 20180125
eGambit Unsafe.AI_Score_94% 20180125
Emsisoft Win32.Worm.Downadup.Gen (B) 20180125
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 Win32/Conficker.AE 20180125
F-Prot W32/Conficker!Generic 20180125
GData Win32.Worm.Downadup.A@gen 20180125
Ikarus Worm.Win32.Downadup 20180124
Sophos ML heuristic 20180121
Jiangmin Worm/Kido.l 20180125
K7AntiVirus NetWorm ( 0005152c1 ) 20180125
K7GW NetWorm ( 0005152c1 ) 20180125
Kaspersky Net-Worm.Win32.Kido.ih 20180125
McAfee Artemis!87939A6FCCA8 20180125
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20180125
Microsoft Worm:Win32/Conficker.C 20180125
eScan Win32.Worm.Downadup.Gen 20180125
NANO-Antivirus Trojan.Win32.Agent.qzjjh 20180125
nProtect Worm/W32.Kido.151840.W 20180125
Palo Alto Networks (Known Signatures) generic.ml 20180125
Panda W32/Conficker.C.worm 20180124
Qihoo-360 Malware.Radar01.Gen 20180125
Rising Hack.Exploit.Win32.MS08-067.eh (CLASSIC) 20180125
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Conficker-A 20180125
SUPERAntiSpyware Trojan.Agent/Gen-Conficker 20180125
Symantec W32.Downadup.B 20180125
Tencent Win32.Worm-net.Kido.Ebqp 20180125
TheHacker Trojan/Conficker.ae 20180124
TotalDefense Win32/Kido!generic 20180124
TrendMicro TROJ_SPNR.0CHA13 20180125
TrendMicro-HouseCall TROJ_SPNR.0CJP13 20180125
VBA32 Worm.Win32.kido.88 20180124
VIPRE Worm.Win32.Downad.Gen (v) 20180125
ViRobot Trojan.Win32.Agent.78530 20180125
Webroot W32.Malware.Gen 20180125
Yandex Worm.Kido!KTTAP2j9NEM 20180112
Zillya Worm.Kido.Win32.923 20180124
ZoneAlarm by Check Point Net-Worm.Win32.Kido.ih 20180125
Alibaba 20180125
Avast-Mobile 20180124
Cybereason 20171103
Fortinet 20180125
Kingsoft 20180125
Malwarebytes 20180125
MAX 20180125
Symantec Mobile Insight 20180125
Trustlook 20180125
Zoner 20180125
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-02-24 11:06:24
Entry Point 0x00018AA0
Number of sections 3
PE sections
Overlays
MD5 f9e0a2f45fd2043a5c09114727810c93
File type data
Offset 78848
Size 72992
Entropy 8.00
PE imports
IsValidAcl
GetPixel
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(680)
IsChild
CoDosDateTimeToFileTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2004:02:24 12:06:24+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
77824

LinkerVersion
4.0

EntryPoint
0x18aa0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
20480

File identification
MD5 87939a6fcca87e867359dcc603986d3e
SHA1 af5ebbfdd219f8d75459beeb41fc004b759ce1ee
SHA256 7652b31fc979ad35883863b382188343716bf836547cf7cc6651f4572ad0b746
ssdeep
3072:j8Z/N1mEbHgQ92bEj9lEOm6nM5BFVUHmfXM12:wAEDv92b8lE75Omy2

authentihash 638fcaf71aa94b067d80569a553193e02eac9a3e71c05b6e08194e90847d907d
imphash 2b84b771869c4a91d08f18490c535278
File size 148.3 KB ( 151840 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Clipper DOS Executable (2.8%)
Tags
pedll upx overlay

VirusTotal metadata
First submission 2010-01-09 00:48:18 UTC ( 8 years, 9 months ago )
Last submission 2016-07-29 03:44:12 UTC ( 2 years, 2 months ago )
File names bnaoru.dll
7652b31fc979ad35883863b382188343716bf836547cf7cc6651f4572ad0b746
87939a6fcca87e867359dcc603986d3e
7652b31fc979ad35883863b382188343716bf836547cf7cc6651f4572ad0b746-151840
smona_7652b31fc979ad35883863b382188343716bf836547cf7cc6651f4572ad0b746.bin
af5ebbfdd219f8d75459beeb41fc004b759ce1ee
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!