× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d10e5548ab0fce9fba5cf06a9f9252bbe258971b8a6a1fb41ff08ebf34cf732
Detection ratio: 41 / 65
Analysis date: 2018-03-29 13:49:49 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.149239 20180329
AegisLab Gen.Variant.Graftor!c 20180329
ALYac Gen:Variant.Ursu.149239 20180329
Arcabit Trojan.Ursu.D246F7 20180329
Avast Win32:Malware-gen 20180329
AVG Win32:Malware-gen 20180329
Avira (no cloud) TR/AD.Carberp.micim 20180329
AVware Trojan.Win32.Generic!BT 20180329
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9945 20180329
BitDefender Gen:Variant.Ursu.149239 20180329
CAT-QuickHeal Trojan.IGENERIC 20180329
Comodo UnclassifiedMalware 20180329
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170201
Cylance Unsafe 20180329
Cyren W32/Trojan.GLOA-3801 20180329
DrWeb BACKDOOR.Trojan 20180329
Emsisoft Gen:Variant.Ursu.149239 (B) 20180329
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Hvnc.AE 20180329
F-Secure Gen:Variant.Ursu.149239 20180329
Fortinet W32/Hvnc.AE!tr 20180329
GData Gen:Variant.Ursu.149239 20180329
Ikarus Trojan.Win32.PSW 20180329
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 00518d321 ) 20180329
K7GW Trojan ( 00518d321 ) 20180329
MAX malware (ai score=96) 20180329
McAfee GenericRXEJ-FV!A449CCE578A6 20180329
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20180329
Microsoft Trojan:Win32/Tiggre!plock 20180329
eScan Gen:Variant.Ursu.149239 20180329
NANO-Antivirus Trojan.Win32.Carberp.eyzzrp 20180329
Panda Trj/GdSda.A 20180329
Rising Backdoor.Cridex!8.F60 (TFE:6:uuZYH1Jik1F) 20180329
Sophos AV Mal/Generic-S 20180329
Symantec Trojan.Gen.2 20180329
Tencent Win32.Trojan.Graftor.Lknh 20180329
TrendMicro TROJ_GEN.R03FC0OCL18 20180329
TrendMicro-HouseCall TROJ_GEN.R03FC0OCL18 20180329
VIPRE Trojan.Win32.Generic!BT 20180329
Yandex Trojan.Hvnc! 20180329
AhnLab-V3 20180329
Alibaba 20180329
Antiy-AVL 20180329
Avast-Mobile 20180329
Bkav 20180329
ClamAV 20180329
CMC 20180329
Cybereason None
eGambit 20180329
F-Prot 20180329
Jiangmin 20180329
Kaspersky 20180329
Kingsoft 20180329
Malwarebytes 20180329
nProtect 20180329
Palo Alto Networks (Known Signatures) 20180329
Qihoo-360 20180329
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180329
Symantec Mobile Insight 20180311
TheHacker 20180327
Trustlook 20180329
VBA32 20180329
ViRobot 20180329
WhiteArmor 20180324
Zillya 20180328
ZoneAlarm by Check Point 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-15 19:27:03
Entry Point 0x00021F64
Number of sections 6
PE sections
PE imports
RegOpenKeyA
RegCloseKey
GetUserNameW
CryptGetHashParam
RegQueryValueExA
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptReleaseContext
RegOpenKeyW
RegCreateKeyA
CryptHashData
RegQueryValueExW
CryptCreateHash
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringW
CryptMsgClose
CryptDecodeObject
GetSystemPaletteEntries
CombineRgn
GetClipBox
GetViewportOrgEx
GetDeviceCaps
CreateDCA
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
CreateBitmap
CreateFontA
GetStockObject
SetViewportOrgEx
ExtTextOutA
GetDIBits
GdiFlush
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
GetClipRgn
SetDIBColorTable
SetWindowOrgEx
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
WaitForSingleObject
FindFirstFileW
HeapDestroy
lstrcmpW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
OpenFileMappingA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetEvent
LocalFree
AddVectoredExceptionHandler
InitializeCriticalSection
FindClose
TlsGetValue
OutputDebugStringA
lstrcpynW
GetEnvironmentVariableW
SetLastError
GetSystemTime
OpenThread
InterlockedDecrement
WriteProcessMemory
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerLanguageNameW
GetModuleFileNameA
GetVersionExA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateThread
InterlockedFlushSList
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetSystemWindowsDirectoryA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
FreeLibrary
GetFileSize
OpenProcess
GetModuleHandleW
GetEnvironmentVariableA
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
VirtualProtectEx
GetProcessHeap
GetComputerNameW
lstrcpyW
GetFileInformationByHandle
lstrcmpA
FindFirstFileExA
FindNextFileW
lstrcpyA
InterlockedIncrement
CreateFileMappingA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
UnmapViewOfFile
lstrlenA
GlobalFree
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
SuspendThread
ExpandEnvironmentStringsW
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetVersion
IsBadStringPtrW
GetLongPathNameW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadStringPtrA
OpenEventA
VirtualAlloc
GetModuleFileNameExA
GetMappedFileNameW
EnumProcessModules
ShellExecuteA
PathRemoveArgsA
PathStripPathW
StrCmpNIW
StrStrIA
StrRChrW
StrTrimW
StrStrA
StrToIntA
PathRemoveBlanksA
PathCombineA
StrDupA
StrRChrA
StrToIntExA
PathRemoveArgsW
StrChrA
PathRemoveBlanksW
PathCombineW
StrTrimA
StrChrW
RedrawWindow
SendNotifyMessageA
MoveWindow
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
CreateDesktopA
VkKeyScanA
WindowFromPoint
CharUpperBuffW
SetActiveWindow
GetMenuItemID
ReleaseDC
GetMenu
EndMenu
SendMessageA
GetClientRect
ToAscii
DrawTextW
GetThreadDesktop
CallNextHookEx
OpenClipboard
GetMenuItemCount
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
VkKeyScanExA
GetUserObjectInformationA
ShowWindow
SetClassLongA
GetDesktopWindow
SetClipboardViewer
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
GetMenuItemRect
SetClipboardData
MapVirtualKeyExA
GetKeyboardLayoutList
IsIconic
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
UnhookWinEvent
GetKeyboardLayout
FillRect
EnumDesktopWindows
RealChildWindowFromPoint
EndPaint
GetWindowInfo
PtInRect
MapWindowPoints
VkKeyScanExW
MapVirtualKeyA
DrawEdge
BeginPaint
SetFocus
KillTimer
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
ToUnicodeEx
GetSystemMetrics
GetScrollBarInfo
GetWindowRect
PostMessageA
EnumChildWindows
SetWindowLongA
SetKeyboardState
CreatePopupMenu
GetSubMenu
GetLastActivePopup
SetTimer
BringWindowToTop
ScreenToClient
GetClassLongA
FindWindowExA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
WindowFromDC
EmptyClipboard
CreateDialogIndirectParamW
ChildWindowFromPointEx
IntersectRect
SetLayeredWindowAttributes
EndDialog
SetWinEventHook
FindWindowA
GetWindowThreadProcessId
HiliteMenuItem
AppendMenuA
UnhookWindowsHookEx
CallWindowProcA
ChangeClipboardChain
GetSysColor
GetKeyState
MenuItemFromPoint
GetDoubleClickTime
PrintWindow
IsWindowVisible
GetGUIThreadInfo
wsprintfA
SendMessageTimeoutA
GetClassNameW
CloseDesktop
IsRectEmpty
GetClassNameA
wsprintfW
CloseClipboard
GetAncestor
htonl
socket
closesocket
send
accept
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
WSACleanup
connect
shutdown
bind
htons
recv
select
listen
MiniDumpWriteDump
NtQuerySystemInformation
RtlInitUnicodeString
NtCreateSection
RtlEqualUnicodeString
RtlUnwind
ZwOpenProcess
NtSetContextThread
ZwQueryKey
NtUnmapViewOfSection
ZwQueryInformationToken
RtlNtStatusToDosError
NtResumeProcess
NtMapViewOfSection
RtlCompareUnicodeString
ZwOpenProcessToken
NtSuspendProcess
NtQueryObject
ZwQueryInformationProcess
NtQueryInformationFile
ZwClose
NtGetContextThread
CoUninitialize
CoInitialize
PE exports
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2018:02:15 20:27:03+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
186880

LinkerVersion
14.0

EntryPoint
0x21f64

InitializedDataSize
81920

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a449cce578a68550c19b9f29de7872f3
SHA1 f05f2370832e8e17366408490ca9baab4bc9aeb5
SHA256 9d10e5548ab0fce9fba5cf06a9f9252bbe258971b8a6a1fb41ff08ebf34cf732
ssdeep
3072:jQ0GVnyDxLlozHPfidQTHG4pSPvZlSI/yiMZkq48t5vuwQcXsRFyJWTQz3Vy0j:8RVyWP6QHLsgI5T8/DWyrzxj

authentihash f6db79c2f8f443796356713f7dd461122e097f5f493a820764d5d35a5e09cd91
imphash 59a9dd08f7672024f2a7091dac095b39
File size 258.5 KB ( 264704 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
pedll

VirusTotal metadata
First submission 2018-03-19 11:29:14 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-29 13:49:49 UTC ( 8 months, 2 weeks ago )
File names a449cce578a68550c19b9f29de7872f3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!