× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90dbb959c99f85a72dbdf815c6a58c178fc792c557be1e0bbd169e04419c2326
File name: LOCKY_THOR_PAYLOAD.DLL
Detection ratio: 8 / 56
Analysis date: 2016-10-31 15:12:17 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161031
AhnLab-V3 ASD.Prevention.N2143676732 20161031
Bkav W32.eHeur.Malware03 20161031
CrowdStrike Falcon (ML) malicious_confidence_87% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.JAN 20161031
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161031
Symantec Heur.AdvML.B 20161031
Tencent Win32.Trojan.Raas.Auto 20161031
Ad-Aware 20161031
Alibaba 20161031
ALYac 20161031
Antiy-AVL 20161031
Arcabit 20161031
Avast 20161031
AVG 20161031
Avira (no cloud) 20161031
AVware 20161031
Baidu 20161031
BitDefender 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
Cyren 20161031
DrWeb 20161031
Emsisoft 20161031
F-Prot 20161031
F-Secure 20161031
Fortinet 20161031
GData 20161031
Ikarus 20161031
Sophos ML 20161018
Jiangmin 20161031
K7AntiVirus 20161031
K7GW 20161031
Kaspersky 20161031
Kingsoft 20161031
Malwarebytes 20161031
McAfee 20161031
McAfee-GW-Edition 20161031
Microsoft 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161031
Rising 20161031
Sophos AV 20161031
SUPERAntiSpyware 20161031
TheHacker 20161029
TrendMicro 20161031
TrendMicro-HouseCall 20161031
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Yandex 20161030
Zillya 20161031
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product CallMe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-31 07:39:32
Entry Point 0x00026F60
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetVersionExW
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
WideCharToMultiByte
UnhandledExceptionFilter
GetEnvironmentVariableA
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
TlsFree
GetLocaleInfoW
CompareStringW
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
TlsSetValue
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
GetCurrentThread
FreeLibrary
TerminateProcess
GetTimeZoneInformation
TlsGetValue
IsValidCodePage
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
IsBadReadPtr
SetConsoleCtrlHandler
IsBadCodePtr
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
InterlockedIncrement
OffsetRect
DefWindowProcW
SetMenuItemInfoA
DestroyMenu
MessageBeep
SetWindowPos
SetWindowLongW
GetMenu
InflateRect
SetCapture
ReleaseCapture
ShowWindowAsync
AdjustWindowRectEx
PostMessageW
SetActiveWindow
GetKeyState
GetCursorPos
ReleaseDC
GetMenuStringW
CheckMenuItem
SendMessageW
UnregisterClassA
RegisterClassW
LoadStringW
GetClientRect
CreateWindowExA
MoveWindow
ClientToScreen
DrawFocusRect
SetTimer
LoadIconA
TrackPopupMenu
GetMenuItemCount
SetWindowTextW
CreateWindowExW
GetActiveWindow
GetSubMenu
PtInRect
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
45056

EntryPoint
0x26f60

MIMEType
application/octet-stream

TimeStamp
2016:10:31 08:39:32+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
1, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CallMe

CodeSize
217088

ProductName
CallMe

ProductVersionNumber
1.9.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d97beb5ff88010b9feb1c0abbefed63e
SHA1 5dfa0a4a367ba8538b4b4c9024bb3ccd3b553876
SHA256 90dbb959c99f85a72dbdf815c6a58c178fc792c557be1e0bbd169e04419c2326
ssdeep
6144:pd3qmc2eiSaxL7TrbMZznOe+PUjtwBq9oyOivmBDH:KmheJal7Ter1w49zmBL

authentihash ebfecd84c89e4562570d649c409587715ab2c80e513bd4fc251e95d23c472d21
imphash b10356d4f0bf0fd30d7faef70e947ce2
File size 256.0 KB ( 262144 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-31 13:56:29 UTC ( 2 years, 5 months ago )
Last submission 2017-12-04 08:00:51 UTC ( 1 year, 4 months ago )
File names BKTghSP1.dll
BTUMwUP1.dll
1
LOCKY_THOR_PAYLOAD.DLL
g7cberv.dll
bKhvVWG1.dll
msWjChb3.dropped.dll
5dfa0a4a367ba8538b4b4c9024bb3ccd3b553876
DXbhRdEMJhf2.dropped.dll.bin
DXbhRdEMJhf2..dropped.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!