× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c0d1b7105f3cbbbfee53e977a82d9ef70b0034392238a910daca68ee00c3158
File name: zazxirr.dll.bin
Detection ratio: 19 / 61
Analysis date: 2017-05-12 01:54:22 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.172476 20170512
AegisLab Troj.W32.Gen.lMBD 20170512
Arcabit Trojan.Razy.D2A1BC 20170512
Avira (no cloud) TR/ATRAPS.Gen4 20170511
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9960 20170503
BitDefender Gen:Variant.Razy.172476 20170512
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
Emsisoft Gen:Variant.Razy.172476 (B) 20170512
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/TrojanProxy.Agent.OAU 20170511
F-Secure Gen:Variant.Razy.172476 20170512
GData Gen:Variant.Razy.172476 20170512
Sophos ML generic.a 20170413
K7AntiVirus Trojan ( 005092231 ) 20170511
K7GW Trojan ( 005092231 ) 20170511
Malwarebytes Trojan.ProxyAgent 20170512
eScan Gen:Variant.Razy.172476 20170512
Rising Malware.Generic.1!tfe (cloud:f13OHyv9UKL) 20170512
Symantec ML.Attribute.HighConfidence 20170511
AhnLab-V3 20170511
Alibaba 20170511
ALYac 20170511
Antiy-AVL 20170512
Avast 20170512
AVG 20170512
AVware 20170512
Bkav 20170511
CAT-QuickHeal 20170511
ClamAV 20170511
CMC 20170511
Comodo 20170512
Cyren 20170512
DrWeb 20170512
F-Prot 20170512
Fortinet 20170512
Ikarus 20170511
Jiangmin 20170510
Kaspersky 20170512
Kingsoft 20170512
McAfee 20170511
McAfee-GW-Edition 20170511
Microsoft 20170511
NANO-Antivirus 20170512
nProtect 20170512
Palo Alto Networks (Known Signatures) 20170512
Panda 20170511
Qihoo-360 20170512
SentinelOne (Static ML) 20170330
Sophos AV 20170512
SUPERAntiSpyware 20170511
Symantec Mobile Insight 20170511
Tencent 20170512
TheHacker 20170508
TrendMicro 20170512
TrendMicro-HouseCall 20170511
Trustlook 20170512
VBA32 20170511
VIPRE 20170512
ViRobot 20170511
Webroot 20170512
WhiteArmor 20170502
Yandex 20170510
Zillya 20170511
ZoneAlarm by Check Point 20170512
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-10 14:32:06
Entry Point 0x00005045
Number of sections 5
PE sections
PE imports
OpenFile
LoadLibraryExA
GetModuleFileNameA
LocalSize
GetFileSize
AddAtomA
lstrcmpA
WriteFile
FindFirstFileA
DeleteFileA
lstrcpyA
GlobalFindAtomA
Sleep
ReadFile
CreateFileA
ExitProcess
LoadLibraryA
BeginUpdateResourceA
GetModuleHandleW
WinExec
CloseHandle
SysFreeString
SysAllocStringByteLen
ShellAboutA
DragQueryFileA
PathUnquoteSpacesA
PathGetArgsA
SetFocus
GetMessageA
UpdateWindow
EndDialog
LoadMenuA
MoveWindow
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
MessageBoxExA
GetSystemMetrics
DispatchMessageA
RegisterClassExW
SetMenu
IsRectEmpty
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
RegisterClassExA
GetCursorPos
DrawTextA
SetWindowTextA
AnyPopup
BeginDeferWindowPos
SendMessageA
GetClientRect
GetDlgItem
GetSubMenu
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawFrame
AttachThreadInput
CallWindowProcA
ScrollWindow
GetWindowTextA
PtInRect
setsockopt
WSASocketA
recv
socket
gethostbyname
GetOpenFileNameA
GetSaveFileNameA
ExtFloodFill
DeleteDC
SelectObject
SetColorSpace
GetStockObject
SetWorldTransform
ExtTextOutA
CreateSolidBrush
DeleteObject
SetPaletteEntries
CreateCompatibleDC
GetPixel
NtAlertThread
RtlGetProcessHeaps
NtWriteFile
NtQueryPerformanceCounter
NtPrivilegeCheck
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:05:10 15:32:06+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
17920

LinkerVersion
5.12

EntryPoint
0x5045

InitializedDataSize
90112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1911c3ba1c3d16e96b8cda08dcc7ca57
SHA1 1c8fe532cf0f428b9c41d216ad23c2d062c11728
SHA256 9c0d1b7105f3cbbbfee53e977a82d9ef70b0034392238a910daca68ee00c3158
ssdeep
768:MRGZSLVL4nipxHlUT2dpGuBUSvoMiuBIH7Lg:MRf5LeiWqjUnJwIo

authentihash bfeebeca9f6dc9cd2c20de0bf2e88cea4a78b20792991c6ba9204f1314ae14c7
imphash bc6180c670d9915b7308e7be1182fd33
File size 37.5 KB ( 38400 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2017-05-12 01:54:22 UTC ( 1 year, 10 months ago )
Last submission 2017-05-12 01:54:22 UTC ( 1 year, 10 months ago )
File names zazxirr.dll.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!