× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb49fa791915bf49ceb2a0563c91d2acaed6249438f349c6e75094f3924de64d
File name: 2F6456B030D4A0BB0C5F3206316F269A.ex
Detection ratio: 38 / 57
Analysis date: 2015-03-02 07:15:49 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
ALYac Trojan.GenericKDV.1302922 20150302
AVG PSW.Agent 20150302
AVware Trojan.Win32.Generic!BT 20150228
Ad-Aware Trojan.GenericKDV.1302922 20150302
Agnitum Trojan.Agentb!F38qP+8q6D4 20150228
AhnLab-V3 Trojan/Win64.Napolar 20150301
Antiy-AVL Trojan/Win32.Agentb 20150302
Avast Win32:NapolarPlugin-B [Trj] 20150302
Avira TR/Rogue.1302922 20150302
Baidu-International Trojan.Win32.Agentb.adhp 20150301
BitDefender Trojan.GenericKDV.1302922 20150302
CAT-QuickHeal Trojan.Agen.r8 20150302
Comodo TrojWare.Win32.Agentb.~AAY 20150302
DrWeb Trojan.Napolar.5 20150302
ESET-NOD32 Win32/Napolar.C 20150302
Emsisoft Trojan.GenericKDV.1302922 (B) 20150302
F-Secure Trojan.GenericKDV.1302922 20150301
Fortinet W32/Agentb.ADHP!tr 20150302
GData Trojan.GenericKDV.1302922 20150302
Ikarus Trojan.Win32.Agent 20150302
Jiangmin Backdoor/Androm.fve 20150301
K7AntiVirus Trojan ( 004967db1 ) 20150302
K7GW Trojan ( 004967db1 ) 20150302
Kaspersky Trojan.Win32.Agentb.adhp 20150302
Kingsoft Win32.Troj.Agentb.ad.(kcloud) 20150302
Malwarebytes Trojan.Walletsteal 20150302
McAfee Artemis!2F6456B030D4 20150302
McAfee-GW-Edition Artemis!Trojan 20150302
MicroWorld-eScan Trojan.GenericKDV.1302922 20150302
NANO-Antivirus Trojan.Win32.Napolar.cvvymm 20150302
Norman Suspicious_Gen4.FBGRX 20150301
Panda Generic Malware 20150301
Qihoo-360 Win32/Trojan.2a3 20150302
Sophos Mal/Generic-S 20150302
Symantec Trojan.Zbot 20150302
Tencent Win32.Trojan.Agentb.Htwe 20150302
VIPRE Trojan.Win32.Generic!BT 20150302
nProtect Trojan.GenericKDV.1302922 20150227
AegisLab 20150302
Alibaba 20150302
Bkav 20150228
ByteHero 20150302
CMC 20150301
ClamAV 20150302
Cyren 20150302
F-Prot 20150302
Microsoft 20150302
Rising 20150301
SUPERAntiSpyware 20150301
TheHacker 20150302
TotalDefense 20150301
TrendMicro 20150302
TrendMicro-HouseCall 20150302
VBA32 20150227
ViRobot 20150302
Zillya 20150228
Zoner 20150302
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-29 14:01:28
Link date 3:01 PM 8/29/2013
Entry Point 0x000060D4
Number of sections 8
PE sections
PE imports
SHGetFolderPathW
SetThreadLocale
GetLastError
GetStdHandle
VirtualAllocEx
GetSystemInfo
GetVersionExW
FreeLibrary
ExitProcess
TlsAlloc
LoadLibraryA
RtlUnwind
lstrcatW
DeleteCriticalSection
LocalAlloc
lstrcatA
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
RaiseException
TlsFree
ReadFile
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
CreateFileW
VirtualQuery
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
GetFileSize
MessageBoxA
HttpSendRequestA
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
PE exports
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:29 15:01:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20992

LinkerVersion
2.25

EntryPoint
0x60d4

InitializedDataSize
9216

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 2f6456b030d4a0bb0c5f3206316f269a
SHA1 828f38cd3ec4ba26225c1b8957f8a0a3f01ffa1e
SHA256 bb49fa791915bf49ceb2a0563c91d2acaed6249438f349c6e75094f3924de64d
ssdeep
384:aJlkvN6cdP2JwRpGRxVNeANVhnEZuBK3V0adJPEW8vHuqdCASPF+T8WVsjcXxd/X:aJOv152Ma3pZnmbJZKlA0ecXxVZI6

authentihash adc403a872356b61b95f20edd89a8373f2524385b8ae8cd1f7dbbc965162e169
imphash b10c77a7f5dcbbdc15e9a7bda211b08b
File size 30.5 KB ( 31232 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2013-09-02 00:35:22 UTC ( 1 year, 7 months ago )
Last submission 2013-10-09 12:02:20 UTC ( 1 year, 6 months ago )
File names 2F6456B030D4A0BB0C5F3206316F269A.exe
file-6026029_dll
2F6456B030D4A0BB0C5F3206316F269A
2F6456B030D4A0BB0C5F3206316F269A.ex
WalletSteal.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!