× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77dab821afde05b62549a66f4b42497f0927fa15eb4e9c19d9dedb8b6cea3fb3
Detection ratio: 42 / 65
Analysis date: 2018-03-26 08:54:46 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40167474 20180326
AegisLab Troj.Downloader.Win64!c 20180326
AhnLab-V3 Downloader/Win64.Carberp.C2406004 20180326
ALYac Trojan.GenericKD.40167474 20180326
Antiy-AVL Trojan[Downloader]/Win64.Carberp 20180326
Arcabit Trojan.Generic.D264E832 20180326
Avast Win32:Rovnix-K [Rtk] 20180326
AVG Win32:Rovnix-K [Rtk] 20180326
Avira (no cloud) TR/AD.Carberp.qydfv 20180326
AVware Trojan.Win32.Generic!BT 20180326
BitDefender Trojan.GenericKD.40167474 20180326
CAT-QuickHeal TrojanDownloader.Win64 20180325
Comodo UnclassifiedMalware 20180326
Cylance Unsafe 20180326
Emsisoft Trojan.GenericKD.40167474 (B) 20180326
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win64/Hvnc.AB 20180326
F-Secure Trojan.GenericKD.40167474 20180326
Fortinet W64/Hvnc.AB!tr 20180326
GData Trojan.GenericKD.40167474 20180326
Ikarus Trojan.Win64.Hvnc 20180326
K7AntiVirus Trojan ( 005095ea1 ) 20180326
K7GW Trojan ( 005095ea1 ) 20180326
Kaspersky Trojan-Downloader.Win64.Carberp.gv 20180326
MAX malware (ai score=83) 20180326
McAfee Artemis!4A0B19B2A6CC 20180326
McAfee-GW-Edition BehavesLike.Win64.Dropper.fh 20180325
Microsoft Trojan:Win64/Carberp!rfn 20180326
eScan Trojan.GenericKD.40167474 20180326
NANO-Antivirus Trojan.Win64.Carberp.eyicge 20180326
nProtect Trojan-Downloader/W64.Carberp.313344.B 20180326
Panda Trj/CI.A 20180325
Qihoo-360 Win32/Trojan.ddd 20180326
Rising Backdoor.Cridex!8.F60 (TFE:6:uuZYH1Jik1F) 20180326
Sophos AV Mal/Generic-S 20180326
Symantec Trojan.Gen.2 20180326
Tencent Win64.Trojan-downloader.Carberp.Pbpj 20180326
TrendMicro TROJ_GEN.R011C0DBN18 20180326
TrendMicro-HouseCall TROJ_GEN.R011C0DBN18 20180326
VIPRE Trojan.Win32.Generic!BT 20180326
Yandex Trojan.DL.Carberp!uTzVVGeXIyY 20180324
ZoneAlarm by Check Point Trojan-Downloader.Win64.Carberp.gv 20180326
Alibaba 20180326
Avast-Mobile 20180325
Baidu 20180326
Bkav 20180326
ClamAV 20180326
CMC 20180325
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cyren 20180326
DrWeb 20180326
eGambit 20180326
F-Prot 20180326
Sophos ML 20180121
Jiangmin 20180326
Kingsoft 20180326
Malwarebytes 20180326
Palo Alto Networks (Known Signatures) 20180326
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180326
Symantec Mobile Insight 20180311
TheHacker 20180326
Trustlook 20180326
VBA32 20180323
ViRobot 20180326
WhiteArmor 20180324
Zillya 20180326
Zoner 20180326
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-02-15 19:27:11
Entry Point 0x00028BF0
Number of sections 7
PE sections
PE imports
RegOpenKeyA
RegCloseKey
CryptGetHashParam
RegQueryValueExA
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptReleaseContext
RegOpenKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
CryptDecodeObject
GetSystemPaletteEntries
CombineRgn
GetClipBox
GetViewportOrgEx
GetDeviceCaps
CreateDCA
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
CreateBitmap
CreateFontA
GetStockObject
SetViewportOrgEx
ExtTextOutA
GetDIBits
GdiFlush
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
GetClipRgn
SetDIBColorTable
SetWindowOrgEx
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
lstrcmpW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
OpenFileMappingA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
AddVectoredExceptionHandler
InitializeCriticalSection
FindClose
TlsGetValue
lstrcpynW
GetEnvironmentVariableW
SetLastError
GetSystemTime
OpenThread
GetEnvironmentVariableA
WriteProcessMemory
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
GetVersionExA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateThread
InterlockedFlushSList
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetSystemWindowsDirectoryA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
FreeLibrary
GetFileSize
OpenProcess
GetModuleHandleW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
lstrcpyW
GetFileInformationByHandle
lstrcmpA
FindFirstFileExA
FindNextFileW
lstrcpyA
CreateFileMappingA
FindNextFileA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
VirtualAllocEx
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
SuspendThread
ExpandEnvironmentStringsW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetVersion
GetLongPathNameW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadStringPtrA
OpenEventA
VirtualAlloc
GetModuleFileNameExA
EnumProcessModules
GetMappedFileNameW
ShellExecuteA
PathRemoveArgsA
PathStripPathW
StrCmpNIW
StrStrIA
StrRChrW
StrTrimW
StrStrA
StrToIntA
PathRemoveBlanksA
PathCombineA
StrDupA
StrRChrA
StrChrA
PathRemoveArgsW
PathRemoveBlanksW
PathCombineW
StrChrW
RedrawWindow
SendNotifyMessageA
MoveWindow
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
CreateDesktopA
VkKeyScanA
WindowFromPoint
CharUpperBuffW
SetActiveWindow
GetMenuItemID
ReleaseDC
GetMenu
EndMenu
SendMessageA
GetClientRect
ToAscii
DrawTextW
GetThreadDesktop
CallNextHookEx
OpenClipboard
GetMenuItemCount
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
VkKeyScanExA
GetUserObjectInformationA
ShowWindow
GetDesktopWindow
GetClipboardData
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
GetMenuItemRect
SetClipboardData
MapVirtualKeyExA
GetKeyboardLayoutList
IsIconic
RegisterClassA
TrackPopupMenuEx
GetSubMenu
CreateWindowExA
UnhookWinEvent
GetKeyboardLayout
FillRect
GetClassLongPtrA
EnumDesktopWindows
RealChildWindowFromPoint
EndPaint
GetWindowInfo
PtInRect
MapWindowPoints
VkKeyScanExW
MapVirtualKeyA
DrawEdge
BeginPaint
SetFocus
SetClassLongPtrA
KillTimer
SetWindowLongPtrA
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
SetClipboardViewer
ToUnicodeEx
GetSystemMetrics
GetScrollBarInfo
GetWindowRect
PostMessageA
EnumChildWindows
SetWindowLongA
SetKeyboardState
CreatePopupMenu
GetWindowLongA
GetLastActivePopup
SetTimer
BringWindowToTop
ScreenToClient
FindWindowExA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
WindowFromDC
EmptyClipboard
CreateDialogIndirectParamW
ChildWindowFromPointEx
IntersectRect
SetLayeredWindowAttributes
EndDialog
SetWinEventHook
FindWindowA
GetWindowThreadProcessId
HiliteMenuItem
AppendMenuA
UnhookWindowsHookEx
CallWindowProcA
ChangeClipboardChain
GetSysColor
GetKeyState
MenuItemFromPoint
GetDoubleClickTime
PrintWindow
IsWindowVisible
GetGUIThreadInfo
GetWindowLongPtrA
wsprintfA
SendMessageTimeoutA
CloseDesktop
IsRectEmpty
GetClassNameA
wsprintfW
CloseClipboard
GetAncestor
htonl
socket
closesocket
send
accept
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
WSACleanup
connect
shutdown
bind
htons
recv
select
listen
RtlInitUnicodeString
NtSetContextThread
ZwQueryKey
NtMapViewOfSection
ZwOpenProcess
ZwOpenProcessToken
RtlVirtualUnwind
NtQueryObject
NtQuerySystemInformation
RtlEqualUnicodeString
NtUnmapViewOfSection
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareUnicodeString
ZwQueryInformationProcess
RtlUnwindEx
NtCreateSection
NtGetContextThread
ZwClose
ZwQueryInformationToken
NtResumeProcess
NtSuspendProcess
NtQueryInformationFile
CoUninitialize
CoInitialize
PE exports
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:02:15 20:27:11+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
206336

LinkerVersion
14.0

EntryPoint
0x28bf0

InitializedDataSize
113152

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 4a0b19b2a6ccad8491f9692bc4429b9a
SHA1 855f2b6b5643ad586b3faad558beb25b270907ec
SHA256 77dab821afde05b62549a66f4b42497f0927fa15eb4e9c19d9dedb8b6cea3fb3
ssdeep
6144:dI9VjNn9PH7dAvJp9l2GFEwNzuYOditoUxOlKRPsFewUzS5ztpuG:c5BqzdOdY3xOlKJsHUe5zO

authentihash 6447810512698d0704e544ab1170884ec3ed3ebb2992907ddef2922b2a3451e2
imphash f23e6f8148f5b18ddd270768160af321
File size 306.0 KB ( 313344 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-02-21 08:48:13 UTC ( 9 months, 4 weeks ago )
Last submission 2018-03-26 08:54:46 UTC ( 8 months, 3 weeks ago )
File names 4a0b19b2a6ccad8491f9692bc4429b9a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!