× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
File name: 429937eab224a811d06463d46d62a56b
Detection ratio: 47 / 57
Analysis date: 2015-03-04 07:38:30 UTC ( 1 day ago )
Antivirus Result Update
ALYac Trojan.PWS.Wow.NHV 20150304
AVG PSW.OnlineGames4.AZJS 20150304
AVware Trojan.Win32.Generic!BT 20150304
Ad-Aware Trojan.PWS.Wow.NHV 20150304
Agnitum Trojan.PWS.Wow!pcRwedVrBrk 20150228
AhnLab-V3 Trojan/Win32.Infostealer 20150303
Antiy-AVL Trojan[Spy]/Win64.Agent 20150304
Avast Win64:Malware-gen 20150304
Avira TR/Spy.Agent.AK.44555 20150304
Baidu-International Trojan.Win64.Agent.At 20150304
BitDefender Trojan.PWS.Wow.NHV 20150304
Bkav W32.VieluotLTV.Trojan 20150303
CAT-QuickHeal Trojan.Agent.WD.cw8 20150304
Comodo TrojWare.Win64.PSW.Wow.er 20150304
Cyren W64/Agent.B 20150304
DrWeb Trojan.PWS.Wow.2473 20150304
ESET-NOD32 Win64/PSW.Agent.B 20150304
Emsisoft Trojan.PWS.Wow.NHV (B) 20150304
F-Prot W64/Agent.B 20150304
F-Secure Trojan.PWS.Wow.NHV 20150304
Fortinet W64/OnlineGame.CK!tr.pws 20150304
GData Trojan.PWS.Wow.NHV 20150304
Ikarus Trojan-PWS.WOW 20150304
Jiangmin TrojanSpy.Agent.zrx 20150303
K7AntiVirus Password-Stealer ( 00492b971 ) 20150304
K7GW Password-Stealer ( 00492b971 ) 20150304
Kaspersky Trojan-Spy.Win64.Agent.f 20150304
Malwarebytes Spyware.OnlineGames.WOW 20150304
McAfee Generic.dx!429937EAB224 20150304
McAfee-GW-Edition Generic.dx!429937EAB224 20150304
MicroWorld-eScan Trojan.PWS.Wow.NHV 20150304
Microsoft PWS:Win64/Wow.A 20150304
Norman Wow.TCT 20150304
Panda Trj/WLT.A 20150303
Qihoo-360 Win32/Trojan.PSW.676 20150304
Rising PE:Trojan.Win32.Generic.1645D24F!373674575 20150303
Sophos Troj/WowSpy-A 20150304
Symantec Trojan.Gen 20150304
Tencent Win64.Trojan-spy.Agent.Pbzd 20150304
TotalDefense Win64/Gamepass.HENGANC 20150303
TrendMicro TSPY64_WOWSPY.A 20150304
TrendMicro-HouseCall TSPY64_WOWSPY.A 20150304
VBA32 TrojanSpy.Win64.Agent 20150303
VIPRE Trojan.Win32.Generic!BT 20150304
ViRobot Trojan.Win64.A.Agent.385536[h] 20150304
Zoner Trojan.Generic 20150303
nProtect Trojan-Spy/W64.Agent.385536 20150304
AegisLab 20150304
Alibaba 20150304
ByteHero 20150304
CMC 20150304
ClamAV 20150304
Kingsoft 20150304
NANO-Antivirus 20150304
SUPERAntiSpyware 20150303
TheHacker 20150303
Zillya 20150303
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-12-13 06:55:12
Link date 7:55 AM 12/13/2013
Entry Point 0x00018444
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA
GetStdHandle
GetFileAttributesA
HeapDestroy
EncodePointer
FlsGetValue
FlsSetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
MoveFileA
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
HeapSetInformation
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlPcToFileHeader
GetPrivateProfileIntA
DeleteFileA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
RtlLookupFunctionEntry
GetComputerNameA
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
RaiseException
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
wsprintfA
GetSystemMetrics
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
MessageBoxA
TranslateMessage
GetMessageA
CallNextHookEx
setsockopt
socket
closesocket
WSAStartup
inet_addr
send
recvfrom
gethostbyname
ntohs
connect
sendto
inet_ntoa
htons
recv
getpeername
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2013:12:13 07:55:12+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
145408

LinkerVersion
10.0

EntryPoint
0x18444

InitializedDataSize
239104

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 429937eab224a811d06463d46d62a56b
SHA1 bf0e427ad0c6f0dd822e7cc0e80bc414f3e035a1
SHA256 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
ssdeep
6144:W7433JJWaec+vUR+JUwdqb7XqTvujEW9TB3A2AL:W7o3LwUR+nYd9TG

authentihash 6a6e18132baf748a2bc467f49cc0e91a19d15cf643fff10edb4f0924eb18d874
imphash 95fd8462957951a009654766d57a899e
File size 376.5 KB ( 385536 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2013-12-25 03:53:12 UTC ( 1 year, 2 months ago )
Last submission 2014-03-07 10:30:45 UTC ( 12 months ago )
File names w_64.DLL
vti-rescan
6.exe
w_64.DLL
0DC035F3.vLL
429937eab224a811d06463d46d62a56b
w_64.dll
w_64.dll
Behaviour characterization
Zemana
keylogger

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!