× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a443a11fa29e83884cbd38ec265fb12e134eecfac3bfa92f0a46066ce680d76
File name: vuchbots1.dll
Detection ratio: 13 / 56
Analysis date: 2016-10-06 08:53:55 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Ransom.W32.Locky!c 20161006
AhnLab-V3 Trojan/Win32.Locky.N2123113320 20161006
Avira (no cloud) TR/Crypt.ZPACK.uycwy 20161006
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20161001
Bkav W32.eHeur.Malware03 20161006
CrowdStrike Falcon (ML) malicious_confidence_97% (D) 20160725
ESET-NOD32 Win32/Filecoder.Locky.D 20161006
Kaspersky Trojan-Ransom.Win32.Locky.cis 20161006
McAfee Artemis!657CF3F50C52 20161006
McAfee-GW-Edition Artemis!Trojan 20161006
Qihoo-360 HEUR/QVM40.1.4A7D.Malware.Gen 20161006
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20161006
Tencent Win32.Trojan.Raasmd.Auto 20161006
Ad-Aware 20161006
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161006
Arcabit 20161006
Avast 20161006
AVG 20161005
AVware 20161006
BitDefender 20161006
CAT-QuickHeal 20161006
ClamAV 20161006
CMC 20161003
Comodo 20161006
Cyren 20161006
DrWeb 20161006
Emsisoft 20161006
F-Prot 20161006
F-Secure 20161006
Fortinet 20161006
GData 20161006
Ikarus 20161005
Sophos ML 20160928
Jiangmin 20161006
K7AntiVirus 20161006
K7GW 20161006
Kingsoft 20161006
Malwarebytes 20161006
Microsoft 20161006
eScan 20161006
NANO-Antivirus 20161006
nProtect 20161006
Panda 20161005
Sophos AV 20161006
SUPERAntiSpyware 20161006
Symantec 20161006
TheHacker 20161005
TrendMicro 20161006
TrendMicro-HouseCall 20161006
VBA32 20161005
VIPRE 20161006
ViRobot 20161006
Yandex 20161005
Zillya 20161003
Zoner 20161006
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-05 17:50:07
Entry Point 0x00001DF0
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
OutputDebugStringA
TlsAlloc
IsValidLocale
VirtualProtect
GetVersionExA
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
GetTimeFormatA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetEnvironmentStrings
GetFileType
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
SetFilePointer
GetLocaleInfoA
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
CompareStringW
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
FatalAppExitA
GetEnvironmentStringsW
TlsGetValue
Sleep
GetCurrentThread
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
InterlockedIncrement
GetSubMenu
SetTimer
SendMessageW
DefWindowProcW
CreateWindowExW
SetActiveWindow
DestroyWindow
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:10:05 18:50:07+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
65536

LinkerVersion
7.1

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x1df0

InitializedDataSize
180224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 657cf3f50c5209a43c358f6d28067d9e
SHA1 9da2c0338ebf6bafd19f7196ca747f8af947898c
SHA256 9a443a11fa29e83884cbd38ec265fb12e134eecfac3bfa92f0a46066ce680d76
ssdeep
3072:DEO6oYEgFp4ck9g+/irg9o3cuKb79LxXNF43BmuC7CPA98PV41yN/rAUrrcPPQ/D:QOdOFqr9W7KB2cmPia0Uv5H0PF

authentihash 8edbe920a4b1d253301c9a9a357d6ccb6674394a9dee2b0258f1d7316e93358c
imphash df347e997385a6b0d97bb3b43d11e86d
File size 240.0 KB ( 245760 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-06 08:00:28 UTC ( 2 years, 7 months ago )
Last submission 2016-10-07 11:47:33 UTC ( 2 years, 7 months ago )
File names vuchbots2.dll.vir
vuchbots1.dll
9a443a11fa29e83884cbd38ec265fb12e134eecfac3bfa92f0a46066ce680d76.bin
9a443a11fa29e83884cbd38ec265fb12e134eecfac3bfa92f0a46066ce680d76.bin
vuchbots1.dll.2904.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!