× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
File name: C7C647A14CB1B8BC141B089775130834.exe
Detection ratio: 55 / 66
Analysis date: 2018-07-19 17:43:00 UTC ( 1 day, 12 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.319285 20180719
AegisLab Trojan.Win32.Generic.4!c 20180719
AhnLab-V3 Trojan/Win32.Duqu.R155219 20180719
ALYac Trojan.Agent.duqu 20180719
Antiy-AVL Trojan/Win32.Duqu2 20180719
Arcabit Trojan.Razy.D4DF35 20180719
Avast Win32:Duqu-Q [Trj] 20180719
AVG Win32:Duqu-Q [Trj] 20180719
Avira (no cloud) TR/Agent.280580 20180719
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20180717
BitDefender Gen:Variant.Razy.319285 20180719
Bkav W32.GenericDuquA.Trojan 20180719
CAT-QuickHeal Trojan.Duqu2 20180719
Comodo UnclassifiedMalware 20180719
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180719
Cyren W32/Duqu.FRSP-3930 20180719
DrWeb Trojan.Duqu.4 20180719
Emsisoft Gen:Variant.Razy.319285 (B) 20180719
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Duqu.F 20180719
F-Prot W32/Duqu2.H 20180719
F-Secure Gen:Variant.Razy.319285 20180719
Fortinet W32/Duqu.E!tr 20180719
GData Gen:Variant.Razy.319285 20180719
Ikarus Trojan.Win32.Duqu 20180719
Jiangmin Trojan/Duqu2.b 20180719
K7AntiVirus Trojan ( 004c58891 ) 20180719
K7GW Trojan ( 004c58891 ) 20180719
Kaspersky HEUR:Trojan.Win32.Duqu2.gen 20180719
Malwarebytes Trojan.Duqu 20180719
MAX malware (ai score=100) 20180719
McAfee PWS-Duqu.b 20180719
McAfee-GW-Edition PWS-Duqu.b 20180719
Microsoft Trojan:Win32/Duqu2.H!dha 20180719
eScan Gen:Variant.Razy.319285 20180719
NANO-Antivirus Trojan.Win32.Duqu2.dstayr 20180719
Palo Alto Networks (Known Signatures) generic.ml 20180719
Panda Trj/Genetic.gen 20180719
Qihoo-360 Trojan.Generic 20180719
Rising Trojan.Win64.Duqu2.z (CLASSIC) 20180719
Sophos AV Troj/Duqu-H 20180719
Symantec W32.Duqu.B 20180719
TACHYON Trojan/W32.Duqu2.280580 20180719
Tencent Win32.Trojan.Duqu2.Taos 20180719
TheHacker Trojan/Duqu.f 20180719
TrendMicro TROJ_DUQU.SV 20180719
TrendMicro-HouseCall TROJ_DUQU.SV 20180719
VBA32 Trojan.Duqu 20180719
VIPRE Trojan.Win32.Generic!BT 20180719
ViRobot Trojan.Win32.Duqu.280580 20180719
Webroot W32.Trojan.Duqu 20180719
Yandex Trojan.Duqu2! 20180717
Zillya Trojan.Duqu2.Win32.4 20180718
ZoneAlarm by Check Point HEUR:Trojan.Win32.Duqu2.gen 20180719
Alibaba 20180713
Avast-Mobile 20180719
Babable 20180406
ClamAV 20180719
CMC 20180719
Cybereason 20180225
eGambit 20180719
Sophos ML 20180717
Kingsoft 20180719
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180719
TotalDefense 20180719
Trustlook 20180719
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-05-25 14:50:41
Entry Point 0x00001AD9
Number of sections 4
PE sections
Overlays
MD5 82712265574dc8a3749cde4d78d14005
File type ASCII text
Offset 280576
Size 4
Entropy 2.00
PE imports
DuplicateTokenEx
OpenThread
LoadLibraryExA
InterlockedCompareExchange
LoadLibraryA
GetModuleHandleA
LoadLibraryW
InterlockedExchange
InterlockedDecrement
SetThreadPriority
GetProcAddress
RtlUnwind
GetModuleHandleW
InterlockedIncrement
setsockopt
htons
recv
socket
WSAAccept
WSAEnumNetworkEvents
bind
WSAAddressToStringW
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
listen
connect
WSAEventSelect
closesocket
WSAGetLastError
WSAStringToAddressW
_purecall
rand
malloc
??0exception@@QAE@ABV0@@Z
??1type_info@@UAE@XZ
memset
__dllonexit
_stricmp
_amsg_exit
_errno
_lock
_onexit
_XcptFilter
realloc
__CxxFrameHandler
_CxxThrowException
_unlock
??1exception@@UAE@XZ
memcmp
?what@exception@@UBEPBDXZ
free
_except_handler3
_callnewh
memcpy
memmove
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_beginthreadex
??0exception@@QAE@XZ
_initterm
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2004:05:25 15:50:41+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
202240

LinkerVersion
12.0

EntryPoint
0x1ad9

InitializedDataSize
93696

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c7c647a14cb1b8bc141b089775130834
SHA1 c3c5be8ad05fcc763a8e92f9007ba9de5a692847
SHA256 81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
ssdeep
6144:+F48HcYBWLUCEg92ts4sDkZdlSOFIfgc04uy:e48ZBWoMkZT1Fogcxuy

authentihash bd6d6e6f7d5ec1d8b5a13aeaf896fb0eacbd1c9d75fb731335cc1ae0853eeeba
imphash ff2ea1a60b222bdfbbdfd37397002e0d
File size 274.0 KB ( 280580 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
via-tor pedll overlay

VirusTotal metadata
First submission 2015-06-10 23:04:43 UTC ( 3 years, 1 month ago )
Last submission 2018-01-29 17:13:44 UTC ( 5 months, 3 weeks ago )
File names 81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d.infected
C7C647A14CB1B8BC141B089775130834.exe
81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
C7C647A14CB1B8BC141B089775130834
81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
24.vir.dll
81cdbe905392155a1ba8b687a02e65d611b60aac938e470a76ef518e8cffd74d
c3c5be8ad05fcc763a8e92f9007ba9de5a692847_dll.dl
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!