× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acd3a834993b4716665dc3903f5a1d0a07ba3c51f4fa1befe072011a329b5928
File name: payload64.dll
Detection ratio: 10 / 57
Analysis date: 2015-05-15 09:06:14 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win64:Rovnix-I [Trj] 20150515
AVG Atros.YRG 20150515
Comodo UnclassifiedMalware 20150515
ESET-NOD32 a variant of Win64/Rovnix.M 20150515
Jiangmin Trojan/Rovnix.j 20150513
Malwarebytes Trojan.Agent 20150515
McAfee BackDoor-FCOL!4C3DFBBF8652 20150515
McAfee-GW-Edition BackDoor-FCOL!4C3DFBBF8652 20150514
Microsoft Trojan:Win64/Rovnix 20150515
SUPERAntiSpyware Trojan.Agent/Gen-Rovnix 20150515
Ad-Aware 20150515
AegisLab 20150515
Yandex 20150514
AhnLab-V3 20150515
Alibaba 20150515
ALYac 20150515
Antiy-AVL 20150515
Avira (no cloud) 20150515
AVware 20150515
Baidu-International 20150515
BitDefender 20150515
Bkav 20150514
ByteHero 20150515
CAT-QuickHeal 20150514
ClamAV 20150515
CMC 20150513
Cyren 20150515
DrWeb 20150515
Emsisoft 20150515
F-Prot 20150515
F-Secure 20150515
Fortinet 20150515
GData 20150515
Ikarus 20150515
K7AntiVirus 20150515
K7GW 20150515
Kaspersky 20150515
Kingsoft 20150515
eScan 20150515
NANO-Antivirus 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
Rising 20150514
Sophos AV 20150515
Symantec 20150515
Tencent 20150515
TheHacker 20150514
TotalDefense 20150514
TrendMicro 20150522
TrendMicro-HouseCall 20150522
VBA32 20150514
VIPRE 20150515
ViRobot 20150515
Zillya 20150514
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2015-04-29 15:42:52
Entry Point 0x00002390
Number of sections 5
PE sections
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2015:04:29 16:42:52+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
44544

LinkerVersion
11.0

EntryPoint
0x2390

InitializedDataSize
46592

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 4c3dfbbf8652f5ce8139f2aa12f48adf
SHA1 98c2fe2c247a3dc8cb935bc6245b87053660b916
SHA256 acd3a834993b4716665dc3903f5a1d0a07ba3c51f4fa1befe072011a329b5928
ssdeep
768:yV83VgawDDlIfly07vkkSYoQqLraY0JcC8z3N1+FP9/gIgytwUmlIPMAJ:DKaoIflf7kkS3Ak6puyHPMO

authentihash dd34469389989d19c16bb72c8c8791f89831928a45c06cd227009f87c4b739aa
File size 75.5 KB ( 77312 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI)

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits pedll

VirusTotal metadata
First submission 2015-05-15 09:06:14 UTC ( 3 years, 7 months ago )
Last submission 2018-04-17 07:01:09 UTC ( 7 months, 3 weeks ago )
File names 4C3DFBBF8652F5CE8139F2AA12F48ADF.exe
1002-98c2fe2c247a3dc8cb935bc6245b87053660b916
4C3DFBBF8652F5CE8139F2AA12F48ADF
payload64.dl
payload64.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!