× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 952f421e202b3b7dc155c950feb9e45d9b0ace49ac83ea07f12218d6d20cf4f5
File name: cafec8ab7a6d2cffd2afdf3220a5550b
Detection ratio: 17 / 62
Analysis date: 2018-07-03 08:59:39 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.353629 20180703
ALYac Gen:Variant.Razy.353629 20180703
Antiy-AVL Trojan[Banker]/Win64.Emotet 20180703
Arcabit Trojan.Razy.D5655D 20180703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20180703
BitDefender Gen:Variant.Razy.353629 20180703
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Emsisoft Gen:Variant.Razy.353629 (B) 20180703
ESET-NOD32 a variant of Win64/Kryptik.BKP 20180703
F-Secure Gen:Variant.Razy.353629 20180703
Fortinet W64/Kryptik.BKA!tr 20180703
GData Gen:Variant.Razy.353629 20180703
Sophos ML heuristic 20180601
MAX malware (ai score=86) 20180703
eScan Gen:Variant.Razy.353629 20180703
Webroot W32.Malware.gen 20180703
Zillya Trojan.Emotet.Win64.6 20180702
AegisLab 20180703
AhnLab-V3 20180703
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
Bkav 20180702
CAT-QuickHeal 20180702
ClamAV 20180703
CMC 20180702
Comodo 20180703
Cybereason 20180225
Cyren 20180703
DrWeb 20180703
eGambit 20180703
Endgame 20180612
F-Prot 20180703
Ikarus 20180703
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180703
Kaspersky 20180703
Kingsoft 20180703
Malwarebytes 20180703
McAfee 20180703
McAfee-GW-Edition 20180703
Microsoft 20180703
NANO-Antivirus 20180703
Palo Alto Networks (Known Signatures) 20180703
Panda 20180702
Qihoo-360 20180703
SentinelOne (Static ML) 20180701
Sophos AV 20180703
SUPERAntiSpyware 20180703
Symantec 20180702
TACHYON 20180703
Tencent 20180703
TheHacker 20180628
TotalDefense 20180703
Trustlook 20180703
VBA32 20180629
VIPRE 20180703
ViRobot 20180703
Yandex 20180702
ZoneAlarm by Check Point 20180703
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-06-21 09:42:38
Entry Point 0x000015F0
Number of sections 5
PE sections
PE imports
RegUnLoadKeyA
GetSidLengthRequired
CryptDestroyHash
CryptVerifyCertificateSignature
SetTextAlign
CreateHatchBrush
GetProductInfo
GetNamedPipeInfo
GetFileSize
GetModuleFileNameW
GetExitCodeProcess
AllocConsole
SignalObjectAndWait
ReadFileEx
DeleteTimerQueueEx
GetModuleHandleW
GetBinaryTypeA
NetServerTransportEnum
VarR4FromCy
NdrAsyncClientCall
NdrSimpleStructBufferSize
SetupGetLineTextA
StrCmpNA
wnsprintfA
SendNotifyMessageA
CreateMenu
MessageBoxW
GetDesktopWindow
EnumDisplaySettingsExW
SetWindowLongA
MonitorFromRect
timeEndPeriod
g_rgSCardT1Pci
SCardConnectW
StringFromCLSID
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:06:21 10:42:38+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
12288

LinkerVersion
12.0

EntryPoint
0x15f0

InitializedDataSize
614400

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 cafec8ab7a6d2cffd2afdf3220a5550b
SHA1 e05a6ce8729c5222b9ae02ed670d5c58db582798
SHA256 952f421e202b3b7dc155c950feb9e45d9b0ace49ac83ea07f12218d6d20cf4f5
ssdeep
6144:SX6NZBQ5+xxP948CNheBohmGyPJLxfEbxiQSQoZbWjU4PERteRrDuUCOt20tB4mO:qYZ9xR9kbethlREbxxJoZbRz5HGtBwd

authentihash e5472789c346c0dfddad28dafb4a6d312e43239d9245874676601607b3778f5e
imphash 052d8ae72ddb91a1d848618ad4317b82
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-07-03 08:59:39 UTC ( 5 months, 2 weeks ago )
Last submission 2018-07-03 08:59:39 UTC ( 5 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!