× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e2ad060220c44b563e1924bedc87c9a14caa7a203947e77e675e5dec5349184
File name: TPhWzTZ0.zk.bin
Detection ratio: 6 / 57
Analysis date: 2016-12-07 19:35:53 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware09 20161207
CrowdStrike Falcon (ML) malicious_confidence_81% (D) 20161024
Sophos ML trojan.win32.necurs.a 20161202
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161207
Rising Malware.Generic!TQrFdMAE4BL@2 (thunder) 20161207
Symantec Heur.AdvML.B 20161207
Ad-Aware 20161207
AegisLab 20161207
AhnLab-V3 20161207
Alibaba 20161207
ALYac 20161207
Antiy-AVL 20161207
Arcabit 20161207
Avast 20161207
AVG 20161207
Avira (no cloud) 20161207
AVware 20161207
Baidu 20161207
BitDefender 20161207
CAT-QuickHeal 20161207
ClamAV 20161207
CMC 20161207
Comodo 20161207
Cyren 20161207
DrWeb 20161207
Emsisoft 20161207
ESET-NOD32 20161207
F-Prot 20161207
F-Secure 20161207
Fortinet 20161207
GData 20161207
Ikarus 20161207
Jiangmin 20161207
K7AntiVirus 20161207
K7GW 20161207
Kaspersky 20161207
Kingsoft 20161207
Malwarebytes 20161207
McAfee 20161205
McAfee-GW-Edition 20161207
Microsoft 20161207
eScan 20161207
NANO-Antivirus 20161207
nProtect 20161207
Panda 20161207
Sophos AV 20161207
SUPERAntiSpyware 20161207
Tencent 20161207
TheHacker 20161130
TotalDefense 20161207
TrendMicro 20161207
TrendMicro-HouseCall 20161207
Trustlook 20161207
VBA32 20161207
VIPRE 20161207
ViRobot 20161207
WhiteArmor 20161207
Yandex 20161206
Zillya 20161207
Zoner 20161207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2013

File version 2.4.10
Description BASS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-07 16:13:49
Entry Point 0x00015D96
Number of sections 5
PE sections
Overlays
MD5 a656946bf610188ffad5618281519b02
File type data
Offset 176128
Size 10982
Entropy 7.98
PE imports
AbortPath
BeginPath
AnimatePalette
AngleArc
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetFileSize
GetCommandLineW
WriteConsoleW
UnhandledExceptionFilter
LoadLibraryExW
WideCharToMultiByte
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
MultiByteToWideChar
DeleteFileW
GetProcAddress
HeapDestroy
SetStdHandle
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
TlsGetValue
IsValidCodePage
OutputDebugStringW
CreateFileW
VirtualQuery
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
SetLastError
InterlockedIncrement
SysFreeString
VariantClear
VariantInit
SysAllocString
SendMessageA
wvsprintfW
CharLowerA
wsprintfW
Ord(162)
_exit
__set_app_type
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
76288

ImageVersion
0.0

FileVersionNumber
2.4.10.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.0

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.4.10

TimeStamp
2016:12:07 17:13:49+01:00

FileType
Win32 DLL

PEType
PE32

FileDescription
BASS

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 1999-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Un4seen Developments

CodeSize
139776

FileSubtype
0

ProductVersionNumber
2.4.0.0

EntryPoint
0x15d96

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 4ba61748808341fde2d1b15d0d37e65e
SHA1 ba11a2ce82acba0d3c0671a2e109ab33bb4d4f91
SHA256 9e2ad060220c44b563e1924bedc87c9a14caa7a203947e77e675e5dec5349184
ssdeep
3072:hAmtEvnYrED/hnnIA6b6ND2gHkbZyrFCQRWWO7J+me4Cv8xceVoIH3nXdmepkec:hMvnYIDVCGyAcZyrFCQAWO7J+mhCUxcV

authentihash e995daa6c83e9f8e7a2c2c8487345e6ac8d09931c72e818f7ccd08bc69a47883
imphash 9e2a4e68fc55e35ad32278ba3855bfe0
File size 182.7 KB ( 187110 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-07 19:35:53 UTC ( 2 years, 2 months ago )
Last submission 2017-08-03 21:41:04 UTC ( 1 year, 6 months ago )
File names TPhWzTZ0.zk.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!