× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b53294a3616e48eb0929d0fdf59e2af356c68b1295290738a4322124654efbb
File name: final_payload_x64.bin
Detection ratio: 25 / 62
Analysis date: 2017-03-29 13:46:33 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20515271 20170329
ALYac Trojan.Generic.20515271 20170329
Arcabit Trojan.Generic.D13909C7 20170329
Avast Win64:Malware-gen 20170329
AVG Atros5.YXH 20170329
BitDefender Trojan.Generic.20515271 20170329
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Trojan.Generic.20515271 (B) 20170329
ESET-NOD32 a variant of Win64/Spy.Ursnif.AF 20170329
F-Secure Trojan.Generic.20515271 20170329
Fortinet W64/Ursnif.AF!tr 20170329
GData Trojan.Generic.20515271 20170329
Ikarus Trojan.Win64.Spy 20170329
Sophos ML backdoor.win64.bedep.a 20170203
K7AntiVirus Spyware ( 005072851 ) 20170329
K7GW Spyware ( 005072851 ) 20170329
McAfee RDN/Generic PWS.y 20170329
McAfee-GW-Edition BehavesLike.Win64.Downloader.dh 20170329
Microsoft TrojanSpy:Win64/Ursnif.A 20170329
eScan Trojan.Generic.20515271 20170329
Panda Trj/CI.A 20170328
Qihoo-360 Win32/Trojan.ae7 20170329
Rising Malware.Generic.2!tfe (cloud:0kcVsxs3OZT) 20170329
Symantec Trojan.Gen 20170329
TrendMicro-HouseCall TROJ_GEN.R00UH01CN17 20170329
AegisLab 20170329
AhnLab-V3 20170329
Alibaba 20170329
Antiy-AVL 20170329
Avira (no cloud) 20170329
AVware 20170329
Baidu 20170329
Bkav 20170329
CAT-QuickHeal 20170329
ClamAV 20170329
CMC 20170329
Comodo 20170329
Cyren 20170329
DrWeb 20170329
Endgame 20170317
F-Prot 20170329
Jiangmin 20170329
Kaspersky 20170329
Kingsoft 20170329
Malwarebytes 20170329
NANO-Antivirus 20170329
nProtect 20170329
Palo Alto Networks (Known Signatures) 20170329
SentinelOne (Static ML) 20170315
Sophos AV 20170329
SUPERAntiSpyware 20170329
Symantec Mobile Insight 20170329
Tencent 20170329
TheHacker 20170327
TotalDefense 20170329
TrendMicro 20170329
Trustlook 20170329
VBA32 20170329
VIPRE 20170329
ViRobot 20170329
Webroot 20170329
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
ZoneAlarm by Check Point 20170329
Zoner 20170329
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-02-26 20:03:17
Entry Point 0x00001644
Number of sections 6
PE sections
PE imports
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetOverlappedResult
WaitForSingleObject
Thread32Next
HeapDestroy
QueueUserAPC
GetLocalTime
DisconnectNamedPipe
LocalAlloc
lstrcatA
SetFilePointer
OpenFileMappingA
FindFirstFileW
lstrcatW
GetFileTime
GetTempPathA
WideCharToMultiByte
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
ConnectNamedPipe
GetExitCodeProcess
LocalFree
ResumeThread
SetWaitableTimer
InitializeCriticalSection
GetLogicalDriveStringsW
CallNamedPipeA
TlsGetValue
QueueUserWorkItem
SetLastError
GetSystemTime
OpenThread
CopyFileW
GetModuleFileNameW
AddVectoredExceptionHandler
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
OpenWaitableTimerA
FindClose
LoadLibraryExW
SetFilePointerEx
CreateMutexA
RegisterWaitForSingleObject
CreateThread
DeleteCriticalSection
GetFileAttributesW
GetVersion
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SleepEx
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
FreeLibrary
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
VirtualProtectEx
GetComputerNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindFirstFileA
WaitNamedPipeA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateWaitableTimerA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
RemoveDirectoryA
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
ExitProcess
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
HeapCreate
lstrlenA
FindNextFileW
GlobalUnlock
CreateNamedPipeA
lstrlenW
FileTimeToLocalFileTime
CompareFileTime
GetCurrentProcessId
CancelIo
GetCurrentThread
OpenMutexA
SuspendThread
RaiseException
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GlobalLock
GetModuleHandleW
SwitchToThread
CreateProcessA
UnregisterWait
UnmapViewOfFile
VirtualFree
Sleep
OpenEventA
VirtualAlloc
SysFreeString
VariantClear
VariantInit
SysAllocString
_wcsupr
ZwQueryKey
memset
RtlImageNtHeader
NtMapViewOfSection
ZwOpenProcess
__C_specific_handler
ZwOpenProcessToken
_snprintf
sprintf
mbstowcs
RtlUpcaseUnicodeString
NtQuerySystemInformation
NtUnmapViewOfSection
RtlNtStatusToDosError
wcscat
RtlFreeUnicodeString
ZwQueryInformationProcess
memcpy
_strupr
NtCreateSection
memmove
wcstombs
ZwQueryInformationToken
__chkstk
wcscpy
NtResumeProcess
strcpy
RtlAdjustPrivilege
NtSuspendProcess
ZwClose
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2017:02:26 21:03:17+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
200704

LinkerVersion
9.0

EntryPoint
0x1644

InitializedDataSize
52736

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 b2503fb9987ed6816130a64dcf298321
SHA1 f97d1911ba04d5f246142a84730d0f009ac5d483
SHA256 8b53294a3616e48eb0929d0fdf59e2af356c68b1295290738a4322124654efbb
ssdeep
3072:UjEdryVooKWSa97RCcdEcDCc6Idz+9p9aXUpjOxoOHmSZOwgZQm/lgmCljS4xE9t:UoxyVooPja07/+1aXq+oRSYZQm0jS9f

authentihash 0c6d8a317b1a32221173b239f3728b1e301db71b28ecafc879f81eb481d3d103
imphash 4c2f8060bafacbaae16b459377c1f132
File size 247.0 KB ( 252928 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (61.7%)
Windows screen saver (29.2%)
Generic Win/DOS Executable (4.4%)
DOS Executable Generic (4.4%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2017-03-22 13:46:02 UTC ( 2 years ago )
Last submission 2017-03-22 13:46:02 UTC ( 2 years ago )
File names final_payload_x64.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!