× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cea939b5049be272bc2fb494803693d9861f5308c6dfa30be26cffcfa3af8ad
File name: KnogoWgN1.dll
Detection ratio: 8 / 57
Analysis date: 2016-12-20 22:04:46 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9784 20161207
Bkav W32.eHeur.Malware03 20161220
CrowdStrike Falcon (ML) malicious_confidence_94% (D) 20161024
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161220
Sophos AV Mal/RansomDl-C 20161220
Tencent Win32.Trojan.Raas.Auto 20161220
TrendMicro Ransom_HPLOCKY.SMJBB 20161220
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20161220
Ad-Aware 20161220
AegisLab 20161220
AhnLab-V3 20161220
Alibaba 20161220
ALYac 20161220
Antiy-AVL 20161220
Arcabit 20161220
Avast 20161220
AVG 20161220
Avira (no cloud) 20161220
AVware 20161220
BitDefender 20161220
CAT-QuickHeal 20161220
ClamAV 20161220
CMC 20161220
Comodo 20161220
Cyren 20161220
DrWeb 20161220
Emsisoft 20161220
ESET-NOD32 20161220
F-Prot 20161220
F-Secure 20161220
Fortinet 20161220
GData 20161220
Ikarus 20161220
Sophos ML 20161216
Jiangmin 20161220
K7AntiVirus 20161220
K7GW 20161220
Kaspersky 20161220
Kingsoft 20161220
Malwarebytes 20161220
McAfee 20161220
McAfee-GW-Edition 20161220
Microsoft 20161220
eScan 20161220
NANO-Antivirus 20161220
nProtect 20161220
Panda 20161220
Rising 20161220
SUPERAntiSpyware 20161220
Symantec 20161220
TheHacker 20161219
TotalDefense 20161220
Trustlook 20161220
VBA32 20161220
VIPRE 20161220
ViRobot 20161220
WhiteArmor 20161212
Yandex 20161220
Zillya 20161220
Zoner 20161220
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-20 19:42:11
Entry Point 0x000021B0
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetFileType
SetConsoleCtrlHandler
GetCurrentProcessId
GetTimeZoneInformation
GetLocaleInfoA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
CompareStringW
CompareStringA
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
GetOEMCP
IsDebuggerPresent
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetCurrentThread
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetLastError
InterlockedIncrement
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:12:20 20:42:11+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
90112

LinkerVersion
7.1

EntryPoint
0x21b0

InitializedDataSize
180224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d3986edcc13121a8989fe23b49dfef19
SHA1 443df4f1df24893933bf3ce02d82c05caefd8d92
SHA256 9cea939b5049be272bc2fb494803693d9861f5308c6dfa30be26cffcfa3af8ad
ssdeep
6144:X8nqfs76wF5rCzQU7G4PTDdbyx1kBc4CGimu6yy:Rw3rAQul7Ddbyx1kBRA6/

authentihash ed6065c69ca849fc44ead5494e8c86d181479d87e9fe0794b7f84346d847ad8a
imphash 79716d14182c615a3665d727bb8fd7a7
File size 264.0 KB ( 270336 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
installshield pedll

VirusTotal metadata
First submission 2016-12-20 22:04:46 UTC ( 2 years, 2 months ago )
Last submission 2017-11-16 03:41:11 UTC ( 1 year, 3 months ago )
File names oYTGtFnCUvQ1.dll.2968.dr
tmkjjwv.dll
UfjKFvLu1.dll
hfyPJbLTMMs1.dll
eXHCKBLX1.dll
SITE_02.exe
KmiSYjHUf2.dll
d3986edcc13121a8989fe23b49dfef19_exe
KwGmGD3.dll
KnogoWgN1.dll
etunMhR2.dll
qXUHzwHiQy1.dll.2980.dr
d3986edcc13121a8989fe23b49dfef19.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!