× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
File name: w_64.dll
Detection ratio: 47 / 57
Analysis date: 2015-03-28 00:26:51 UTC ( 2 months ago )
Antivirus Result Update
ALYac Trojan.PWS.Wow.NHV 20150328
AVG PSW.OnlineGames4.AZJS 20150328
AVware Trojan.Win32.Generic!BT 20150328
Ad-Aware Trojan.PWS.Wow.NHV 20150327
Agnitum Trojan.PWS.Wow!pcRwedVrBrk 20150327
AhnLab-V3 Trojan/Win32.Infostealer 20150327
Antiy-AVL Trojan[Spy]/Win64.Agent 20150328
Avast Win64:Malware-gen 20150328
Baidu-International Trojan.Win64.Agent.f 20150327
BitDefender Trojan.PWS.Wow.NHV 20150328
Bkav W32.VieluotLTV.Trojan 20150327
CAT-QuickHeal Trojan.Agent.WD.cw8 20150327
Comodo TrojWare.Win64.PSW.Wow.er 20150327
Cyren W64/Agent.B 20150328
DrWeb Trojan.PWS.Wow.2473 20150328
ESET-NOD32 Win64/PSW.Agent.B 20150327
Emsisoft Trojan.PWS.Wow.NHV (B) 20150328
F-Prot W64/Agent.B 20150328
F-Secure Trojan.PWS.Wow.NHV 20150328
Fortinet W64/OnlineGame.CK!tr.pws 20150328
GData Trojan.PWS.Wow.NHV 20150328
Ikarus Trojan-PWS.WOW 20150328
Jiangmin TrojanSpy.Agent.zrx 20150327
K7AntiVirus Password-Stealer ( 00492b971 ) 20150327
K7GW Password-Stealer ( 00492b971 ) 20150327
Kaspersky Trojan-Spy.Win64.Agent.f 20150328
Malwarebytes Spyware.OnlineGames.WOW 20150327
McAfee Generic.dx!429937EAB224 20150328
McAfee-GW-Edition Generic.dx!429937EAB224 20150327
MicroWorld-eScan Trojan.PWS.Wow.NHV 20150327
Microsoft PWS:Win64/Wow.A 20150328
Norman Wow.TCT 20150327
Panda Trj/WLT.A 20150327
Qihoo-360 Win32/Trojan.PSW.676 20150328
Rising PE:Trojan.Win32.Generic.1645D24F!373674575 20150327
Sophos Troj/WowSpy-A 20150327
Symantec Trojan.Gen 20150327
Tencent Win64.Trojan-spy.Agent.Pbzd 20150328
TotalDefense Win64/Gamepass.HENGANC 20150327
TrendMicro TSPY64_WOWSPY.A 20150327
TrendMicro-HouseCall TSPY64_WOWSPY.A 20150327
VBA32 TrojanSpy.Win64.Agent 20150327
VIPRE Trojan.Win32.Generic!BT 20150327
ViRobot Trojan.Win64.A.Agent.385536[h] 20150327
Zillya Trojan.Agent.Win64.295 20150327
Zoner Trojan.Generic 20150327
nProtect Trojan-Spy/W64.Agent.385536 20150327
AegisLab 20150328
Alibaba 20150327
Avira 20150329
ByteHero 20150328
CMC 20150327
ClamAV 20150328
Kingsoft 20150328
NANO-Antivirus 20150327
SUPERAntiSpyware 20150327
TheHacker 20150327
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2013-12-13 06:55:12
Link date 7:55 AM 12/13/2013
Entry Point 0x00018444
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA
GetStdHandle
GetFileAttributesA
HeapDestroy
EncodePointer
FlsGetValue
FlsSetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
MoveFileA
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
HeapSetInformation
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
GetVersion
VirtualQuery
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlPcToFileHeader
GetPrivateProfileIntA
DeleteFileA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
RtlLookupFunctionEntry
GetComputerNameA
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
RaiseException
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
wsprintfA
GetSystemMetrics
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
MessageBoxA
TranslateMessage
GetMessageA
CallNextHookEx
setsockopt
socket
closesocket
WSAStartup
inet_addr
send
recvfrom
gethostbyname
ntohs
connect
sendto
inet_ntoa
htons
recv
getpeername
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2013:12:13 07:55:12+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
145408

LinkerVersion
10.0

EntryPoint
0x18444

InitializedDataSize
239104

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 429937eab224a811d06463d46d62a56b
SHA1 bf0e427ad0c6f0dd822e7cc0e80bc414f3e035a1
SHA256 850dc3ebb2437edaf3352eee79ee704cdb881779684c2128f1f07d8dd79c0344
ssdeep
6144:W7433JJWaec+vUR+JUwdqb7XqTvujEW9TB3A2AL:W7o3LwUR+nYd9TG

authentihash 6a6e18132baf748a2bc467f49cc0e91a19d15cf643fff10edb4f0924eb18d874
imphash 95fd8462957951a009654766d57a899e
File size 376.5 KB ( 385536 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2013-12-25 03:53:12 UTC ( 1 year, 5 months ago )
Last submission 2014-03-07 10:30:45 UTC ( 1 year, 2 months ago )
File names w_64.DLL
vti-rescan
6.exe
w_64.DLL
0DC035F3.vLL
429937eab224a811d06463d46d62a56b
w_64.dll
w_64.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!