× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94f5481684cfc05b68f56ec53e6730de27fc1e9b0c3bebaf10d22f293cf154fa
File name: 4e8639378d7a302c7474b5e4406dd7b4
Detection ratio: 17 / 56
Analysis date: 2015-05-13 21:31:35 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2391504 20150513
ALYac Trojan.GenericKD.2391504 20150513
Avast Win32:Malware-gen 20150513
AVware Trojan.Win32.Generic!BT 20150513
Baidu-International Trojan.Win32.Agent.BHH 20150513
BitDefender Trojan.GenericKD.2391504 20150513
Emsisoft Trojan.GenericKD.2391504 (B) 20150513
ESET-NOD32 Win32/TrojanDownloader.Agent.BHH 20150513
F-Secure Trojan.GenericKD.2391504 20150513
GData Trojan.GenericKD.2391504 20150513
Malwarebytes Trojan.Agent 20150513
McAfee Artemis!4E8639378D7A 20150513
McAfee-GW-Edition Artemis 20150513
eScan Trojan.GenericKD.2391504 20150513
nProtect Trojan.GenericKD.2391504 20150513
Tencent Win32.Trojan-downloader.Agent.Pgdi 20150513
VIPRE Trojan.Win32.Generic!BT 20150513
AegisLab 20150513
Yandex 20150513
AhnLab-V3 20150513
Alibaba 20150513
Antiy-AVL 20150513
AVG 20150513
Bkav 20150513
ByteHero 20150513
CAT-QuickHeal 20150513
ClamAV 20150513
CMC 20150513
Comodo 20150513
Cyren 20150513
DrWeb 20150513
F-Prot 20150513
Fortinet 20150513
Ikarus 20150513
Jiangmin 20150513
K7AntiVirus 20150513
K7GW 20150513
Kaspersky 20150513
Kingsoft 20150513
Microsoft 20150513
NANO-Antivirus 20150513
Norman 20150513
Panda 20150513
Qihoo-360 20150513
Rising 20150513
Sophos AV 20150513
SUPERAntiSpyware 20150513
Symantec 20150513
TheHacker 20150511
TotalDefense 20150513
TrendMicro 20150513
TrendMicro-HouseCall 20150513
VBA32 20150513
ViRobot 20150513
Zillya 20150513
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00002E07
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetWindowsDirectoryA
GetConsoleMode
HeapSize
GetCurrentProcessId
UnhandledExceptionFilter
LoadLibraryExW
DeleteFileA
CreateThread
ExitProcess
SetErrorMode
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetTempPathA
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
DecodePointer
GetCurrentThreadId
LocalFree
GetFileType
TerminateProcess
TlsGetValue
FreeLibraryAndExitThread
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
EncodePointer
GetVersion
GetModuleHandleExW
WriteConsoleW
LeaveCriticalSection
GetErrorInfo
SysFreeString
VariantClear
SysAllocString
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
60416

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
51712

SubsystemVersion
5.1

EntryPoint
0x2e07

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

PE resource-wise parents
File identification
MD5 4e8639378d7a302c7474b5e4406dd7b4
SHA1 f752f9425252ee2393347c456b5e6e561c01a4ad
SHA256 94f5481684cfc05b68f56ec53e6730de27fc1e9b0c3bebaf10d22f293cf154fa
ssdeep
1536:LL6iJjJL/ofBTDhChvDIcjm0wsWjcdlE+FeFmfIN4L0UNTg:LnjJwfB81m0/S+MVN4L

authentihash 38ad8f807982540168f486ae74155bf798b2e1a96dec7b0d0c7fcbdc5897dc53
imphash 6ee5dfb4d4d9d5acb73e66c4167ba479
File size 103.0 KB ( 105472 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
exploit cve-2015-0016 pedll

VirusTotal metadata
First submission 2015-05-13 21:31:35 UTC ( 3 years, 10 months ago )
Last submission 2015-05-13 21:31:35 UTC ( 3 years, 10 months ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R000C0EER15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!