× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8cdd29e28daf040965d4cad8bf3c73d00dde3f2968bab44c7d8fe482ba2057f9
File name: payload
Detection ratio: 56 / 67
Analysis date: 2018-05-22 06:14:08 UTC ( 5 days, 13 hours ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CRCP 20180522
AegisLab Troj.W32.Cometer!c 20180522
AhnLab-V3 Unwanted/Win32.Cobalt.R211396 20180521
ALYac Trojan.Agent.CRCP 20180522
Antiy-AVL Trojan/Win32.Cometer 20180522
Arcabit Trojan.Agent.CRCP 20180522
Avast Win32:Malware-gen 20180521
AVG Win32:Malware-gen 20180521
Avira (no cloud) TR/Crypt.XPACK.Gen 20180522
AVware Trojan.Win32.Generic!BT 20180522
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9598 20180522
BitDefender Trojan.Agent.CRCP 20180522
Bkav W32.eHeur.Virus02 20180522
CAT-QuickHeal Trojan.GenericPMF.S2483177 20180521
ClamAV Win.Tool.CobaltStrike-6336852-0 20180521
Comodo UnclassifiedMalware 20180522
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180522
Cyren W32/S-d757aa55!Eldorado 20180522
DrWeb BackDoor.Meterpreter.19 20180522
eGambit Trojan.Generic 20180522
Emsisoft Trojan.Agent.CRCP (B) 20180522
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/RiskWare.CobaltStrike.Beacon.A 20180522
F-Prot W32/S-d757aa55!Eldorado 20180522
F-Secure Trojan.Agent.CRCP 20180522
Fortinet W32/Cometer.A!tr 20180522
GData Trojan.Agent.CRCP 20180522
Ikarus HackTool.CobaltStrike 20180521
Sophos ML heuristic 20180503
K7AntiVirus Riskware ( 0050f89b1 ) 20180521
K7GW Riskware ( 0050f89b1 ) 20180522
Kaspersky HEUR:Trojan.Win32.Cometer.gen 20180522
Malwarebytes HackTool.CobaltStrike 20180522
MAX malware (ai score=99) 20180522
McAfee Artemis!9D7376F5AD1B 20180522
McAfee-GW-Edition BehavesLike.Win32.PUPXAV.dh 20180522
Microsoft Trojan:Win32/Conbea!rfn 20180522
eScan Trojan.Agent.CRCP 20180522
NANO-Antivirus Trojan.Win32.Cometer.eqcglk 20180522
Palo Alto Networks (Known Signatures) generic.ml 20180522
Panda Trj/Genetic.gen 20180521
Qihoo-360 Win32/Trojan.4c6 20180522
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Swrort-L 20180522
Symantec Trojan.Gen.2 20180522
Tencent Win32.Hacktool.Inject.Hwcp 20180522
TrendMicro TROJ_GEN.R002C0ODJ18 20180522
TrendMicro-HouseCall TROJ_GEN.R002C0ODJ18 20180522
VBA32 Trojan.Cometer 20180521
VIPRE Trojan.Win32.Generic!BT 20180522
ViRobot Backdoor.Win32.Agent.206848 20180522
Webroot W32.Trojan.Agent.Gen 20180522
Yandex Trojan.Cometer! 20180518
Zillya Trojan.Cometer.Win32.190 20180521
ZoneAlarm by Check Point HEUR:Trojan.Win32.Cometer.gen 20180522
Alibaba 20180522
Avast-Mobile 20180520
Babable 20180406
CMC 20180522
Cybereason None
Jiangmin 20180522
Kingsoft 20180522
nProtect 20180522
Rising 20180522
SUPERAntiSpyware 20180522
Symantec Mobile Insight 20180522
TheHacker 20180516
TotalDefense 20180520
Trustlook 20180522
Zoner 20180521
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-22 21:21:18
Entry Point 0x00016F51
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
OpenServiceA
AdjustTokenPrivileges
ControlService
LookupAccountSidA
CreateProcessWithLogonW
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
CreateServiceA
QueryServiceStatus
StartServiceA
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
CreateProcessAsUserA
CryptGenRandom
OpenThreadToken
GetUserNameA
ImpersonateNamedPipeClient
CreateProcessWithTokenW
RevertToSelf
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
LogonUserA
ImpersonateLoggedOnUser
OpenSCManagerA
DnsFree
DnsQuery_A
GetIpAddrTable
GetIfEntry
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
Thread32Next
HeapDestroy
DebugBreak
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetLogicalDrives
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
ResumeThread
GetFullPathNameA
GetOEMCP
LocalFree
MoveFileA
ConnectNamedPipe
GetEnvironmentVariableA
FindClose
DeleteCriticalSection
SetLastError
PeekNamedPipe
OpenThread
TlsGetValue
WriteProcessMemory
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
RemoveDirectoryA
SetHandleCount
UnhandledExceptionFilter
InitializeProcThreadAttributeList
MultiByteToWideChar
GetLocalTime
SetFilePointer
CreateThread
SetEnvironmentVariableW
CreatePipe
SetNamedPipeHandleState
SetUnhandledExceptionFilter
InterlockedDecrement
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
CreateRemoteThread
GetStartupInfoA
OpenProcess
CreateDirectoryA
DeleteFileA
GetProcAddress
VirtualProtectEx
GetProcessHeap
CompareStringW
FindFirstFileA
WaitNamedPipeA
CompareStringA
GetComputerNameA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
UpdateProcThreadAttribute
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
CreateNamedPipeA
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
DeleteProcThreadAttributeList
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaCallAuthenticationPackage
HttpSendRequestA
InternetQueryDataAvailable
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
select
gethostname
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
gethostbyname
inet_ntoa
recv
socket
bind
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
File identification
MD5 9d7376f5ad1b39ec08cbe2a8e0e886b6
SHA1 d5f5dc54861e1ea7d7a9c03e31f4a8a5c5b08bb0
SHA256 8cdd29e28daf040965d4cad8bf3c73d00dde3f2968bab44c7d8fe482ba2057f9
ssdeep
3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15ad:PjdFKdoSxvixTxUA

authentihash 7332f7e9527d9eed3920ed526415b68874a8617fe910ddcf73f0c51326253fce
imphash f2e0b7b9a08bd8dcaf133d9278ecdb47
File size 202.0 KB ( 206848 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
pedll

VirusTotal metadata
First submission 2018-04-19 08:06:03 UTC ( 1 month, 1 week ago )
Last submission 2018-05-22 06:14:08 UTC ( 5 days, 13 hours ago )
File names payload
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!