× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90bc55226146cd669a3b8afdb3ab9880ccbfd646543968c15febadaee546d680
File name: 3_FILE.exe
Detection ratio: 8 / 57
Analysis date: 2016-09-23 04:43:54 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160922
Bkav W32.eHeur.Malware03 20160923
CrowdStrike Falcon (ML) malicious_confidence_96% (D) 20160725
Kaspersky UDS:DangerousObject.Multi.Generic 20160923
Qihoo-360 HEUR/QVM40.1.0141.Malware.Gen 20160923
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20160923
Tencent Win32.Trojan.Raas.Auto 20160923
ViRobot Trojan.Win32.Locky.246784.A[h] 20160923
Ad-Aware 20160923
AegisLab 20160923
AhnLab-V3 20160922
Alibaba 20160923
ALYac 20160922
Antiy-AVL 20160923
Arcabit 20160923
Avast 20160923
AVG 20160923
Avira (no cloud) 20160922
AVware 20160923
BitDefender 20160923
CAT-QuickHeal 20160922
ClamAV 20160922
CMC 20160921
Comodo 20160923
Cyren 20160923
DrWeb 20160923
Emsisoft 20160923
ESET-NOD32 20160922
F-Prot 20160923
F-Secure 20160923
Fortinet 20160923
GData 20160923
Ikarus 20160922
Sophos ML 20160917
Jiangmin 20160923
K7AntiVirus 20160922
K7GW 20160923
Kingsoft 20160923
Malwarebytes 20160922
McAfee 20160923
McAfee-GW-Edition 20160922
Microsoft 20160923
eScan 20160923
NANO-Antivirus 20160922
nProtect 20160923
Panda 20160922
Sophos AV 20160923
SUPERAntiSpyware 20160923
Symantec 20160923
TheHacker 20160922
TrendMicro 20160923
TrendMicro-HouseCall 20160923
VBA32 20160922
VIPRE 20160922
Yandex 20160921
Zillya 20160922
Zoner 20160923
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-22 18:24:39
Entry Point 0x00025B80
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
WaitForSingleObject
GetVersionExW
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeLibrary
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCurrentThread
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
IsDebuggerPresent
TerminateProcess
IsValidCodePage
HeapCreate
GetStringTypeW
FatalAppExitA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
EnumClipboardFormats
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:09:22 20:24:39+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
223232

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x25b80

InitializedDataSize
26112

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 98281adf72d1733151bb7bd11c69bb1b
SHA1 3bde278833bff8c13ea0dd03421d6f4440c91892
SHA256 90bc55226146cd669a3b8afdb3ab9880ccbfd646543968c15febadaee546d680
ssdeep
6144:puDql7jzwZLeJz0zWLFXOTdmY0pVyCzXytej22+:pOOmaXOT8Ygbkej2

authentihash c28a58ffb1018cac973fdec56c2202f33ea196a2148294cc0b8f35ce76526329
imphash edef4c12b51c5a66d6b2ac2249485710
File size 241.0 KB ( 246784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-09-23 03:34:37 UTC ( 2 years, 7 months ago )
Last submission 2018-05-25 21:23:53 UTC ( 11 months ago )
File names AtgcRI1.dll
3_FILE.exe
PSKaMwoc3.dll
wYLdokDR1.dll
raDSyGb1.dll
1_FILE.exe
wYLdokDR2.dll.273876046.DROPPED.dll
8rcybi43.dll
CWJasxokMB1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!