× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb49fa791915bf49ceb2a0563c91d2acaed6249438f349c6e75094f3924de64d
File name: 2F6456B030D4A0BB0C5F3206316F269A.ex
Detection ratio: 27 / 47
Analysis date: 2013-11-18 15:27:46 UTC ( 5 months ago )
Antivirus Result Update
AVG Generic9_c.AZMV 20131118
Agnitum Trojan.Agentb!F38qP+8q6D4 20131118
AhnLab-V3 Trojan/Win64.Napolar 20131118
AntiVir TR/Rogue.1302922 20131118
Avast Win32:NapolarPlugin-B [Trj] 20131118
Baidu-International Trojan.Win32.Agent.an 20131118
BitDefender Trojan.GenericKDV.1302922 20131118
Commtouch W32/Trojan.DYEH-5024 20131118
Comodo TrojWare.Win32.Agentb.~AAY 20131118
Emsisoft Trojan.GenericKDV.1302922 (B) 20131118
F-Secure Trojan.GenericKDV.1302922 20131118
Fortinet W32/Agentb.ADHP!tr 20131118
GData Trojan.GenericKDV.1302922 20131118
Ikarus Trojan.Win32.Agent 20131118
K7AntiVirus Trojan ( 7000000f1 ) 20131118
K7GW Trojan ( 7000000f1 ) 20131118
Kaspersky Trojan.Win32.Agentb.adhp 20131118
Kingsoft Win32.Troj.Agentb.ad.(kcloud) 20130829
Malwarebytes Trojan.Walletsteal 20131118
McAfee Artemis!2F6456B030D4 20131118
McAfee-GW-Edition Artemis!2F6456B030D4 20131118
MicroWorld-eScan Trojan.GenericKDV.1302922 20131118
Norman Suspicious_Gen4.FBGRX 20131118
Panda Generic Malware 20131118
Sophos Mal/Generic-S 20131118
TrendMicro TROJ_GEN.F0C2C00JB13 20131118
TrendMicro-HouseCall TROJ_GEN.F0C2C00JB13 20131118
Antiy-AVL 20131118
Bkav 20131118
ByteHero 20131118
CAT-QuickHeal 20131118
ClamAV 20131118
DrWeb 20131118
ESET-NOD32 20131118
F-Prot 20131118
Jiangmin 20131118
Microsoft 20131118
NANO-Antivirus 20131118
Rising 20131118
SUPERAntiSpyware 20131118
Symantec 20131118
TheHacker 20131118
TotalDefense 20131118
VBA32 20131118
VIPRE 20131118
ViRobot 20131118
nProtect 20131118
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-29 14:01:28
Entry Point 0x000060D4
Number of sections 8
PE sections
PE imports
SHGetFolderPathW
SetThreadLocale
GetLastError
GetStdHandle
VirtualAllocEx
GetSystemInfo
GetVersionExW
FreeLibrary
ExitProcess
TlsAlloc
LoadLibraryA
RtlUnwind
lstrcatW
DeleteCriticalSection
LocalAlloc
lstrcatA
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
RaiseException
TlsFree
ReadFile
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
CreateFileW
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
GetFileSize
MessageBoxA
HttpSendRequestA
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
PE exports
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:29 15:01:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20992

LinkerVersion
2.25

EntryPoint
0x60d4

InitializedDataSize
9216

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 2f6456b030d4a0bb0c5f3206316f269a
SHA1 828f38cd3ec4ba26225c1b8957f8a0a3f01ffa1e
SHA256 bb49fa791915bf49ceb2a0563c91d2acaed6249438f349c6e75094f3924de64d
ssdeep
384:aJlkvN6cdP2JwRpGRxVNeANVhnEZuBK3V0adJPEW8vHuqdCASPF+T8WVsjcXxd/:aJOv152Ma3pZnmbJZKlA0ecXxVZI6

File size 30.5 KB ( 31232 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2013-09-02 00:35:22 UTC ( 7 months, 2 weeks ago )
Last submission 2013-10-09 12:02:20 UTC ( 6 months, 1 week ago )
File names 2F6456B030D4A0BB0C5F3206316F269A.exe
file-6026029_dll
2F6456B030D4A0BB0C5F3206316F269A
2F6456B030D4A0BB0C5F3206316F269A.ex
WalletSteal.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!