× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abf214dfcb7f5dc604d89418f209f39289ca27d0d9e874eac5605ab2813e789d
File name: 4faf563dad4c18854c416562fe6cf6a1
Detection ratio: 5 / 66
Analysis date: 2018-05-29 14:03:31 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180529
Cylance Unsafe 20180529
Endgame malicious (high confidence) 20180507
Fortinet W64/Kryptik.BIW!tr 20180529
Sophos ML heuristic 20180503
Ad-Aware 20180529
AegisLab 20180529
AhnLab-V3 20180529
Alibaba 20180529
ALYac 20180529
Antiy-AVL 20180529
Arcabit 20180529
Avast 20180529
Avast-Mobile 20180529
AVG 20180529
Avira (no cloud) 20180529
AVware 20180529
Babable 20180406
BitDefender 20180529
Bkav 20180529
CAT-QuickHeal 20180529
ClamAV 20180529
CMC 20180529
Comodo 20180529
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180529
DrWeb 20180529
eGambit 20180529
Emsisoft 20180529
ESET-NOD32 20180529
F-Prot 20180529
F-Secure 20180529
GData 20180529
Ikarus 20180529
Jiangmin 20180529
K7AntiVirus 20180529
K7GW 20180529
Kaspersky 20180529
Kingsoft 20180529
Malwarebytes 20180529
MAX 20180529
McAfee 20180529
McAfee-GW-Edition 20180529
Microsoft 20180529
eScan 20180529
NANO-Antivirus 20180529
nProtect 20180529
Palo Alto Networks (Known Signatures) 20180529
Panda 20180529
Qihoo-360 20180529
Rising 20180529
SentinelOne (Static ML) 20180225
Sophos AV 20180529
SUPERAntiSpyware 20180529
Symantec 20180529
Symantec Mobile Insight 20180525
Tencent 20180529
TheHacker 20180524
TotalDefense 20180529
TrendMicro 20180529
TrendMicro-HouseCall 20180529
Trustlook 20180529
VBA32 20180529
VIPRE 20180529
ViRobot 20180529
Webroot 20180529
Yandex 20180529
Zillya 20180528
ZoneAlarm by Check Point 20180529
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-05-29 11:40:10
Entry Point 0x00001690
Number of sections 8
PE sections
PE imports
GetModuleHandleA
lstrcpyW
SetMenuContextHelpId
ImpersonateDdeClientWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:05:29 12:40:10+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x1690

InitializedDataSize
679936

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4faf563dad4c18854c416562fe6cf6a1
SHA1 7c3ba4d6403424c0fbdaf44bd180cb23a34d3624
SHA256 abf214dfcb7f5dc604d89418f209f39289ca27d0d9e874eac5605ab2813e789d
ssdeep
6144:kBzNjncTYSCa9llooInvR+/YM+8qle8+j1CINqHkZL2/MSX1wTT8c:kBzN2NotnvR+Me8c1CQKcLIMmWA

authentihash 2e0f731d5aa400437d0195eb80a9a05b2521b91833a910040260620d133669e5
imphash f0ddae803ba85ca2821e53ae086f91b9
File size 644.0 KB ( 659456 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-05-29 14:03:31 UTC ( 6 months, 3 weeks ago )
Last submission 2018-05-29 14:03:31 UTC ( 6 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!