× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0b2be25a0ef99324d9b5780934f8890c0cdaa9a57af99d5b6e4f00c071ea311
File name: Gorilya_Rabitt.dll
Detection ratio: 1 / 23
Analysis date: 2013-07-14 08:02:30 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Ikarus Trojan.Win32.Swizzor 20130714
Yandex 20130713
AhnLab-V3 20130714
AntiVir 20130714
Antiy-AVL 20130714
Avast 20130714
AVG 20130713
BitDefender 20130714
ByteHero 20130613
CAT-QuickHeal None
ClamAV 20130714
Commtouch 20130714
Comodo 20130714
DrWeb 20130714
Emsisoft 20130714
eSafe 20130709
ESET-NOD32 20130713
F-Prot 20130714
F-Secure 20130714
Fortinet 20130714
GData 20130714
Jiangmin 20130714
K7AntiVirus 20130712
K7GW 20130712
Kaspersky 20130714
Kingsoft 20130708
Malwarebytes 20130714
McAfee 20130714
McAfee-GW-Edition 20130713
Microsoft None
eScan 20130714
NANO-Antivirus 20130714
Norman None
nProtect 20130713
Panda 20130713
PCTools 20130714
Rising None
Sophos AV 20130714
SUPERAntiSpyware 20130713
Symantec 20130714
TheHacker 20130711
TotalDefense 20130714
TrendMicro 20130714
TrendMicro-HouseCall 20130714
VBA32 20130712
VIPRE 20130714
ViRobot 20130713
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-13 09:35:49
Entry Point 0x0000140B
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
CreateThread
GetCurrentProcessId
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
_amsg_exit
_malloc_crt
_unlock
_decode_pointer
_crt_debugger_hook
_lock
free
_onexit
_except_handler4_common
_encoded_null
__dllonexit
__CppXcptFilter
_encode_pointer
_initterm
_initterm_e
_adjust_fdiv
__clean_type_info_names_internal
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:07:13 10:35:49+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2560

LinkerVersion
9.0

EntryPoint
0x140b

InitializedDataSize
3584

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 152f80a18b36f9abbb9c14974e053168
SHA1 c73a87a8805e4542e51ebe4c610de6c87822509d
SHA256 b0b2be25a0ef99324d9b5780934f8890c0cdaa9a57af99d5b6e4f00c071ea311
ssdeep
96:tDWbU/FhQ8QTEqQv3zpGFagcc5K05aB3XA12Rq8iC7tCEs:tDWbUdhEdM4EcE0W3Xucq8/s

authentihash 6ade21f79caef88696879e25099515b1256f0f588c631a3489298f02cbb88359
imphash b1f2e43e0736c04f583837cbcc479005
File size 7.0 KB ( 7168 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2013-07-14 08:02:30 UTC ( 5 years, 2 months ago )
Last submission 2018-04-28 10:41:45 UTC ( 4 months, 3 weeks ago )
File names vt-upload-xqWN5
Gorilya_Rabitt.dll
Gorilya_Rabitt.dll
vt-upload-L4Mrb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!