× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a8296877ee7c8df755204f98c5be0dad849ca74abe1b282f26314c769c1f68e
File name: malware.dll
Detection ratio: 19 / 57
Analysis date: 2016-10-03 10:14:56 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.98223 20161003
AegisLab Gen.Variant.Razy!c 20161003
Arcabit Trojan.Razy.D17FAF 20161003
Avira (no cloud) TR/Crypt.Xpack.tmglp 20161003
BitDefender Gen:Variant.Razy.98223 20161003
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Gen:Variant.Razy.98223 (B) 20161003
F-Secure Gen:Variant.Razy.98223 20161003
GData Gen:Variant.Razy.98223 20161003
Sophos ML virus.win32.ramnit.ah 20160928
Kaspersky UDS:DangerousObject.Multi.Generic 20161003
Malwarebytes Ransom.Locky 20161003
McAfee Artemis!0A6E45328063 20161003
McAfee-GW-Edition Artemis!Trojan 20161003
eScan Gen:Variant.Razy.98223 20161003
Qihoo-360 Win32/Trojan.9e0 20161003
Rising Malware.Generic!8X5QUzbFpkE@2 (thunder) 20161003
Symantec Heur.AdvML.B 20161003
Tencent Win32.Trojan.Raas.Auto 20161003
AhnLab-V3 20161002
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161003
Avast 20161003
AVG 20161003
AVware 20161003
Baidu 20161001
Bkav 20161002
CAT-QuickHeal 20161003
ClamAV 20161003
CMC 20161003
Comodo 20161003
Cyren 20161003
DrWeb 20161003
ESET-NOD32 20161003
F-Prot 20160926
Fortinet 20161003
Ikarus 20161003
Jiangmin 20161003
K7AntiVirus 20161003
K7GW 20161003
Kingsoft 20161003
Microsoft 20161003
NANO-Antivirus 20161003
nProtect 20161003
Panda 20161002
Sophos AV 20161003
SUPERAntiSpyware 20161002
TheHacker 20161001
TrendMicro 20161003
TrendMicro-HouseCall 20161003
VBA32 20161001
VIPRE 20161003
ViRobot 20161003
Yandex 20161002
Zillya 20161001
Zoner 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2012

Product iAd
Original name iAdCore.dll
Internal name iAdCore.dll
File version 1.0.0.1
Description iAd Core
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-03 07:22:29
Entry Point 0x000098E0
Number of sections 9
PE sections
PE imports
GetSidSubAuthorityCount
InitializeSid
AVIFileGetStream
AVIPutFileOnClipboard
EditStreamClone
AVIFileCreateStreamA
AVIStreamReadData
AVIFileOpenA
AVIStreamRead
AVIBuildFilterW
AVIGetFromClipboard
AVIFileInfoW
AVISaveVW
IID_IAVIEditStream
AVIFileExit
EditStreamSetInfoA
AVIStreamInfoA
AVIStreamCreate
GetObjectType
lstrcpynW
OpenThread
GetDateFormatA
DosDateTimeToFileTime
GetCurrentDirectoryW
GetModuleFileNameW
MoveFileWithProgressW
GetTempPathW
CreateJobObjectW
DisableThreadLibraryCalls
FreeConsole
GetProcessWorkingSetSize
BackupSeek
FillConsoleOutputCharacterW
InflateRect
GetWindowRect
GetForegroundWindow
GetClassNameW
GetKeyboardLayoutNameA
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
163840

EntryPoint
0x98e0

OriginalFileName
iAdCore.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2012

FileVersion
1.0.0.1

TimeStamp
2016:10:03 08:22:29+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
iAdCore.dll

ProductVersion
1.0.0.1

FileDescription
iAd Core

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Apple, Inc

CodeSize
36864

ProductName
iAd

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 0a6e45328063268e0bd95003f234283f
SHA1 f86e3a39772c34d302954f7a12d4e45d732c70bb
SHA256 8a8296877ee7c8df755204f98c5be0dad849ca74abe1b282f26314c769c1f68e
ssdeep
3072:h5WT7r/D8QIXW20xSv+kqJJqaXUWlCRq5YKkTMApFb8RRCqkr9:h5WTf/1xei/E0Sq5YKkgfD

authentihash d3630e4c8cefc82b4210639a3f9722e276de402095e184571611d9c84d028e26
imphash 7eebd38bc20c74d03f1e04f7f3d84216
File size 204.0 KB ( 208896 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-03 07:28:50 UTC ( 1 year, 1 month ago )
Last submission 2017-02-16 11:50:57 UTC ( 9 months, 1 week ago )
File names iAdCore.dll
siluans.bin
payload.exe
malware.dll
siluans.dll
siluans.dll
siluans.dl_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!