× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5d0cec60038bfa8eccb8e5183a393b47a99e762abf31bf0241a5979320d2041
File name: 10720_75196-38688.dll
Detection ratio: 10 / 56
Analysis date: 2016-12-02 11:10:52 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab Atros4.Bcys.Gen!c 20161202
AVG Atros4.BCYS 20161202
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9778 20161202
ESET-NOD32 a variant of Win64/Wdfload.C 20161202
Ikarus Trojan.Win64.Wdfload 20161202
K7AntiVirus Trojan ( 004ff5421 ) 20161202
K7GW Trojan ( 004ff5421 ) 20161202
McAfee Artemis!25D89CAD27FA 20161202
McAfee-GW-Edition BehavesLike.Win64.BadFile.vh 20161202
Rising Trojan.Wdfload!8.E207-ScnRIqmhA6K (cloud) 20161202
Ad-Aware 20161202
AhnLab-V3 20161202
Alibaba 20161202
ALYac 20161202
Antiy-AVL 20161202
Arcabit 20161202
Avast 20161202
Avira (no cloud) 20161202
AVware 20161202
BitDefender 20161202
Bkav 20161201
CAT-QuickHeal 20161202
ClamAV 20161202
CMC 20161202
Comodo 20161202
CrowdStrike Falcon (ML) 20161024
Cyren 20161202
DrWeb 20161202
Emsisoft 20161202
F-Prot 20161202
F-Secure 20161202
Fortinet 20161202
GData 20161202
Sophos ML 20161202
Jiangmin 20161202
Kaspersky 20161202
Kingsoft 20161202
Malwarebytes 20161202
Microsoft 20161202
eScan 20161202
NANO-Antivirus 20161202
nProtect 20161202
Panda 20161201
Qihoo-360 20161202
Sophos AV 20161202
SUPERAntiSpyware 20161202
Symantec 20161202
Tencent 20161202
TheHacker 20161130
TrendMicro 20161202
TrendMicro-HouseCall 20161202
Trustlook 20161202
VBA32 20161202
VIPRE 20161202
ViRobot 20161202
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161202
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-11-24 04:16:26
Entry Point 0x000013D0
Number of sections 12
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
OpenProcessToken
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetEntriesInAclA
RegCreateKeyExA
SetFileSecurityA
GetSecurityInfo
ConvertSidToStringSidA
SetSecurityInfo
ReleaseMutex
WaitForSingleObject
GetHandleInformation
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
OpenFileMappingA
GetThreadContext
IsDBCSLeadByteEx
GetTempPathA
WideCharToMultiByte
GetSystemTimeAsFileTime
ResumeThread
LocalFree
GetThreadPriority
InitializeCriticalSection
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
WriteProcessMemory
GetModuleFileNameW
TryEnterCriticalSection
AddVectoredExceptionHandler
IsDebuggerPresent
GetModuleFileNameA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
SetProcessAffinityMask
CreateMutexA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetThreadContext
TerminateProcess
VirtualQuery
GetCurrentThreadId
EnterCriticalSection
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
CreateRemoteThread
__C_specific_handler
GetFileSize
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
RtlLookupFunctionEntry
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalMemoryStatus
DuplicateHandle
WaitForMultipleObjects
RtlUnwindEx
GetProcessAffinityMask
CreateEventA
TlsSetValue
CreateFileA
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
VirtualAllocEx
RtlAddFunctionTable
VirtualFreeEx
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrentThread
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetModuleHandleW
CreateProcessA
UnmapViewOfFile
Sleep
SysFreeString
SysAllocString
SHGetSpecialFolderPathA
SHGetFolderPathA
DispatchMessageA
GetCursorPos
SetTimer
TranslateMessage
GetMessageA
__WSAFDIsSet
recv
socket
setsockopt
bind
send
accept
WSACleanup
WSAStartup
gethostbyname
select
connect
shutdown
getpeername
ioctlsocket
closesocket
WSAGetLastError
listen
wcsftime
___lc_codepage_func
fclose
_time64
strtoul
fflush
fputc
fwrite
fputs
_fstat64
_setjmp
iswctype
wcscoll
_write
strcoll
memcpy
memmove
signal
remove
strcmp
memchr
strncmp
_ultoa
memset
isxdigit
ftell
exit
sprintf
free
_lseeki64
_read
fseek
wcsxfrm
bsearch
__mb_cur_max
islower
_initterm
isupper
strftime
rand
setlocale
realloc
strxfrm
__dllonexit
isprint
toupper
printf
fopen
isalnum
system
_onexit
wcslen
isalpha
memcmp
_fdopen
getenv
atoi
vfprintf
localeconv
strerror
isspace
_beginthreadex
_strnicmp
malloc
fread
abort
fprintf
isdigit
towupper
ispunct
strlen
_endthreadex
_amsg_exit
_errno
_lock
_strdup
towlower
_fileno
longjmp
tolower
_unlock
isgraph
calloc
__iob_func
iscntrl
setvbuf
CoUninitialize
CoCreateInstance
CoInitialize
PE exports
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2016:11:24 05:16:26+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
2630144

LinkerVersion
2.25

FileTypeExtension
dll

InitializedDataSize
2974208

SubsystemVersion
5.2

EntryPoint
0x13d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
5632

File identification
MD5 25d89cad27fa9bffd0fbea856e72d0b8
SHA1 5895ef9bbbc9c6486299874781a4e8cec64ef8f6
SHA256 a5d0cec60038bfa8eccb8e5183a393b47a99e762abf31bf0241a5979320d2041
ssdeep
49152:TZuB9nV+XLXyMVVVz6iC04KAnSooPKaPbmV:donsDf+

authentihash fb88e22f03e4e778e617cb4829bf072fdaeb3dc54efb9a6cbf0e2627cb08e62a
imphash f312d6e4a3d6b3300479dd74757d54b7
File size 2.8 MB ( 2975232 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2016-11-30 09:32:49 UTC ( 2 years, 4 months ago )
Last submission 2017-02-15 03:47:33 UTC ( 2 years, 2 months ago )
File names 30898_87835-54852.dll
26486_47854-91629.dll
44138_13337-45436.dll
85102_95269-49112.dll
31730_72173-38165.dll
97904_28582-21367.dll
40289_73307-2937.dll
10720_75196-38688.dll
1053_99795-35686.dll
69334_7648-46312.dll
11484_84376-54582.dll
53776_26447-41977.dll
5270_52856-51397.dll
54247_29227-66424.dll
46041_37142-38064.dll
96899_24497-41528.dll
40323_69412-88159.dll
28511_8034-45414.dll
41331_11325-85764.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!