× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e6c08f576eeef7c44558fdfc8c6961de15d16d15ab5cf8615951084a5960007
File name: out.dll
Detection ratio: 14 / 56
Analysis date: 2016-11-08 11:20:56 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9860 20161107
Bkav W32.eHeur.Malware03 20161107
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Ikarus Trojan.Win32.Filecoder 20161108
Sophos ML trojan.win32.skeeyah.a!rfn 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161108
McAfee Artemis!ED5EEE4F7D20 20161108
McAfee-GW-Edition Artemis 20161108
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161108
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20161108
Sophos AV Mal/RansomDl-C 20161108
Tencent Win32.Trojan.Raas.Auto 20161108
TrendMicro Ransom_HPLOCKY.SMJBA 20161108
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161108
Ad-Aware 20161108
AegisLab 20161108
AhnLab-V3 20161108
Alibaba 20161108
ALYac 20161108
Antiy-AVL 20161108
Arcabit 20161108
Avast 20161108
AVG 20161108
Avira (no cloud) 20161107
AVware 20161108
BitDefender 20161108
CAT-QuickHeal 20161108
ClamAV 20161108
CMC 20161108
Comodo 20161108
Cyren 20161108
DrWeb 20161108
Emsisoft 20161108
ESET-NOD32 20161108
F-Prot 20161108
F-Secure 20161108
Fortinet 20161108
GData 20161108
Jiangmin 20161108
K7AntiVirus 20161108
K7GW 20161108
Kingsoft 20161108
Malwarebytes 20161108
Microsoft 20161108
eScan 20161108
NANO-Antivirus 20161108
nProtect 20161108
Panda 20161107
SUPERAntiSpyware 20161108
Symantec 20161108
TheHacker 20161106
VBA32 20161105
VIPRE 20161108
ViRobot 20161108
Yandex 20161107
Zillya 20161107
Zoner 20161108
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-08 07:11:57
Entry Point 0x00027140
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetLocaleInfoW
WaitForSingleObject
GetVersionExW
FreeLibrary
GetEnvironmentStringsW
HeapDestroy
ExitProcess
OutputDebugStringA
TlsAlloc
IsValidLocale
VirtualProtect
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
GetCurrentThread
LeaveCriticalSection
CompareStringW
WideCharToMultiByte
GetTimeFormatA
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
CloseHandle
GetCursorPos
GetMenuItemCount
SetWindowTextW
GetActiveWindow
MessageBeep
GetClipboardData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:08 08:11:57+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
249856

LinkerVersion
7.1

EntryPoint
0x27140

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ed5eee4f7d209413bc8ef139f448e12d
SHA1 bcb21a141828da1d8c46ae0505774645a55f2484
SHA256 7e6c08f576eeef7c44558fdfc8c6961de15d16d15ab5cf8615951084a5960007
ssdeep
6144:P235nB3huIuacA3VrBGoI5BqGOoPyo0a3:056ITHlrMopGOoao0a

authentihash 80f02840ce9fd998da6dcab58fd10d4b98d47134aa05e3fea43f7a3b80ad5b78
imphash b40f69556041c8358b6519db277c8be0
File size 280.0 KB ( 286720 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-08 10:15:51 UTC ( 2 years, 5 months ago )
Last submission 2017-06-27 06:10:25 UTC ( 1 year, 9 months ago )
File names ktgHKSLJt2.dll
qpFiTetRhd1.dll
GMbsdHBsIX1.dll.298155518.DROPPED
IhTKAJdOnK1.dll
out.dll
qpFiTetRhd1_dll
JRYKWF2.dll.536.dr
MALHOST.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!