× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94318246828e60488656f0315bb6b9965be755d54e3564b70335a89fd51419b3
File name: idJsCdj1.dll
Detection ratio: 8 / 56
Analysis date: 2016-11-10 10:25:45 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161110
CrowdStrike Falcon (ML) malicious_confidence_85% (D) 20161024
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161110
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20161110
Sophos AV Mal/RansomDl-C 20161110
Tencent Win32.Trojan.Raas.Auto 20161110
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161110
VBA32 SScope.Malware-Cryptor.Filecoder 20161109
Ad-Aware 20161110
AegisLab 20161110
AhnLab-V3 20161109
Alibaba 20161109
ALYac 20161110
Antiy-AVL 20161110
Arcabit 20161110
Avast 20161110
AVG 20161110
Avira (no cloud) 20161110
AVware 20161110
BitDefender 20161110
Bkav 20161110
CAT-QuickHeal 20161109
ClamAV 20161110
CMC 20161110
Comodo 20161110
Cyren 20161110
DrWeb 20161110
Emsisoft 20161110
ESET-NOD32 20161110
F-Prot 20161110
F-Secure 20161110
Fortinet 20161110
GData 20161110
Ikarus 20161109
Sophos ML 20161018
Jiangmin 20161110
K7AntiVirus 20161109
K7GW 20161110
Kaspersky 20161110
Kingsoft 20161110
Malwarebytes 20161110
McAfee 20161110
McAfee-GW-Edition 20161110
Microsoft 20161110
eScan 20161110
NANO-Antivirus 20161110
nProtect 20161110
Panda 20161109
SUPERAntiSpyware 20161110
Symantec 20161110
TheHacker 20161109
TotalDefense 20161110
VIPRE 20161110
ViRobot 20161109
Yandex 20161109
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product XXXXXXXXXXXXX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-10 09:10:55
Entry Point 0x0002CFA0
Number of sections 5
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
VirtualAllocEx
GetModuleFileNameW
GetTimeFormatW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
HeapSize
RtlUnwind
GetModuleFileNameA
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetFileType
GetConsoleMode
SetConsoleCtrlHandler
WaitForSingleObject
CreateSemaphoreW
UnhandledExceptionFilter
GetCPInfo
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
SetStdHandle
SetFilePointer
GetOEMCP
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
CompareStringW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetProcessHeap
TerminateProcess
CreateEventW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
FatalAppExitA
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcAddress
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
GetCursorPos
DrawFocusRect
SetTimer
GetMenu
ReleaseDC
RegisterClassW
ReleaseCapture
EnumClipboardFormats
DestroyMenu
SetActiveWindow
PtInRect
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
25600

ImageVersion
0.0

ProductName
XXXXXXXXXXXXX

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
dll

MIMEType
application/octet-stream

TimeStamp
2016:11:10 10:10:55+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
1, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
XXXXXXXXXXXXX

CodeSize
304640

FileSubtype
0

ProductVersionNumber
1.9.0.0

EntryPoint
0x2cfa0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 bddcafb55edf955be628db7add5a99ee
SHA1 10ddb2b99c2e018d3e16827d4f5f8d771acd2685
SHA256 94318246828e60488656f0315bb6b9965be755d54e3564b70335a89fd51419b3
ssdeep
3072:pmGYSDMzVE8b38orj0SdUi0UCmk5phFqXOcEj4BRUVuTg6CpElRVkYhCJtB3XHTz:9Uy//aOcdvD3lRVmBQe6KE5u

authentihash 73d0f3a75ca44fee347d4f6ddffd375b221d9eedc1f529323438fe9cd83ae79d
imphash 53d36f08919cfd2f82a14bd9f646fb1a
File size 315.0 KB ( 322560 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-10 10:25:45 UTC ( 2 years, 3 months ago )
Last submission 2016-11-11 12:09:28 UTC ( 2 years, 3 months ago )
File names qFhvGaY2.dll
locky.dll
idJsCdj1.dll
OO.exe
845yfgh(03).dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!