× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
File name: w_64.dll
Detection ratio: 48 / 55
Analysis date: 2015-07-27 19:20:47 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.PWS.Wow.NHV 20150727
AVG PSW.OnlineGames4.AZJS 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.PWS.Wow.NHV 20150727
Agnitum Trojan.PWS.Wow!pcRwedVrBrk 20150727
AhnLab-V3 Trojan/Win32.Infostealer 20150727
Antiy-AVL Trojan[Spy]/Win64.Agent 20150727
Arcabit Trojan.PWS.Wow.NHV 20150727
Avast Win64:Malware-gen 20150727
Avira TR/Spy.Agent.AK.44555 20150727
Baidu-International Trojan.Win64.Agent.f 20150727
BitDefender Trojan.PWS.Wow.NHV 20150727
Bkav W32.VieluotLTV.Trojan 20150727
CAT-QuickHeal Trojan.Agent.WD.cw8 20150727
Comodo TrojWare.Win64.PSW.Wow.er 20150727
Cyren W64/Agent.B 20150727
DrWeb Trojan.PWS.Wow.2473 20150727
ESET-NOD32 Win64/PSW.Agent.B 20150727
F-Prot W64/Agent.B 20150727
F-Secure Trojan.PWS.Wow.NHV 20150727
Fortinet W64/OnlineGame.CK!tr.pws 20150727
GData Trojan.PWS.Wow.NHV 20150727
Ikarus Trojan-PWS.WOW 20150727
Jiangmin TrojanSpy.Agent.zrx 20150726
K7AntiVirus Password-Stealer ( 00492b971 ) 20150727
K7GW Password-Stealer ( 00492b971 ) 20150727
Kaspersky Trojan-Spy.Win64.Agent.f 20150727
Malwarebytes Spyware.OnlineGames.WOW 20150727
McAfee Generic.dx!429937EAB224 20150727
McAfee-GW-Edition Generic.dx!429937EAB224 20150727
MicroWorld-eScan Trojan.PWS.Wow.NHV 20150727
Microsoft PWS:Win64/Wow.A 20150727
Panda Trj/WLT.A 20150727
Qihoo-360 Win32/Trojan.PSW.676 20150727
Rising PE:Trojan.Win32.Generic.1645D24F!373674575 20150722
Sophos Troj/WowSpy-A 20150727
Symantec Trojan.Gen 20150727
Tencent Win64.Trojan-spy.Agent.Pbzd 20150727
TheHacker Trojan/PSW.Agent.b 20150727
TotalDefense Win64/Gamepass.HENGANC 20150727
TrendMicro TSPY64_WOWSPY.A 20150727
TrendMicro-HouseCall TSPY64_WOWSPY.A 20150727
VBA32 TrojanSpy.Win64.Agent 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Trojan.Win64.A.Agent.385536[h] 20150727
Zillya Trojan.Agent.Win64.295 20150727
Zoner Trojan.Generic 20150727
nProtect Trojan-Spy/W64.Agent.385536 20150727
AegisLab 20150727
Alibaba 20150727
ByteHero 20150727
ClamAV 20150727
Kingsoft 20150727
NANO-Antivirus 20150727
SUPERAntiSpyware 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-12-13 06:55:12
Link date 7:55 AM 12/13/2013
Entry Point 0x00018444
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA
GetStdHandle
GetFileAttributesA
HeapDestroy
EncodePointer
FlsGetValue
FlsSetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
MoveFileA
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
HeapSetInformation
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlPcToFileHeader
GetPrivateProfileIntA
DeleteFileA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
RtlLookupFunctionEntry
GetComputerNameA
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
RaiseException
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
wsprintfA
GetSystemMetrics
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
MessageBoxA
TranslateMessage
GetMessageA
CallNextHookEx
setsockopt
socket
closesocket
WSAStartup
inet_addr
send
recvfrom
gethostbyname
ntohs
connect
sendto
inet_ntoa
htons
recv
getpeername
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2013:12:13 07:55:12+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
145408

LinkerVersion
10.0

EntryPoint
0x18444

InitializedDataSize
239104

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 429937eab224a811d06463d46d62a56b
SHA1 bf0e427ad0c6f0dd822e7cc0e80bc414f3e035a1
SHA256 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
ssdeep
6144:W7433JJWaec+vUR+JUwdqb7XqTvujEW9TB3A2AL:W7o3LwUR+nYd9TG

authentihash 6a6e18132baf748a2bc467f49cc0e91a19d15cf643fff10edb4f0924eb18d874
imphash 95fd8462957951a009654766d57a899e
File size 376.5 KB ( 385536 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2013-12-25 03:53:12 UTC ( 1 year, 8 months ago )
Last submission 2014-03-07 10:30:45 UTC ( 1 year, 5 months ago )
File names w_64.DLL
vti-rescan
6.exe
w_64.DLL
0DC035F3.vLL
429937eab224a811d06463d46d62a56b
w_64.dll
w_64.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!