× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c16410c49dc40a371be22773f420b7dd3cfd4d8205cf39909ad9a6f26f55718e
File name: 10E16E36FE459F6F2899A8CEA1303F06
Detection ratio: 57 / 67
Analysis date: 2018-07-07 07:17:29 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.Duqu.E 20180707
AegisLab Troj.W32.Duqu2.gen!c 20180707
AhnLab-V3 Trojan/Win32.Duqu.R152744 20180706
ALYac Trojan.Agent.duqu 20180707
Antiy-AVL Trojan/Win32.Duqu2 20180707
Arcabit Trojan.Duqu.E 20180707
Avast Win32:Duqu-Q [Trj] 20180707
AVG Win32:Duqu-Q [Trj] 20180707
Avira (no cloud) TR/Spy.A.2508 20180706
AVware Win32.Malware!Drop 20180707
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9615 20180706
BitDefender Trojan.Duqu.E 20180707
Bkav W32.RuswinupLTP.Trojan 20180706
CAT-QuickHeal TrojanAPT.Duqu.A2 20180706
ClamAV Win.Trojan.Agent-1814496 20180707
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180707
Cyren W32/Duqu.KBER-2702 20180707
DrWeb Trojan.Duqu.4 20180707
Emsisoft Trojan.Duqu.E (B) 20180707
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Duqu.E 20180707
F-Prot W32/Duqu2.B 20180707
F-Secure Trojan:W32/DuquLoader.A 20180707
Fortinet W32/Duqu.E!tr 20180707
GData Win32.Trojan.Duqu.A 20180707
Ikarus Trojan.Win32.Duqu2 20180706
Jiangmin Trojan/Duqu2.a 20180707
K7AntiVirus Trojan ( 004c57c01 ) 20180707
K7GW Trojan ( 004c57c01 ) 20180707
Kaspersky HEUR:Trojan.Win32.Duqu2.gen 20180707
Malwarebytes Backdoor.Duqu.VT 20180707
MAX malware (ai score=100) 20180707
McAfee PWS-Duqu.b 20180707
McAfee-GW-Edition PWS-Duqu.b 20180707
Microsoft Trojan:Win32/Duqu!dha 20180707
eScan Trojan.Duqu.E 20180707
Palo Alto Networks (Known Signatures) generic.ml 20180707
Panda Trj/Genetic.gen 20180705
Qihoo-360 Trojan.Generic 20180707
Rising Trojan.Win64.Duqu2.q (CLASSIC) 20180707
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Duqu-G 20180707
SUPERAntiSpyware Trojan.Agent/Gen-Duqu2 20180707
Symantec Trojan.Gen.MBT 20180706
TACHYON Trojan/W32.Duqu2.17408 20180707
Tencent Win32.Trojan.Duqu2.Punx 20180707
TheHacker Trojan/Duqu.e 20180628
TrendMicro TROJ_DUQU.SV 20180707
TrendMicro-HouseCall TROJ_DUQU.SV 20180707
VBA32 OScope.Trojan.Duqu2 20180705
VIPRE Win32.Malware!Drop 20180707
ViRobot Trojan.Win32.Duqu.17408 20180707
Webroot W32.Trojan.Duqu 20180707
Yandex Trojan.Duqu2! 20180706
Zillya Trojan.Duqu2.Win32.1 20180706
ZoneAlarm by Check Point HEUR:Trojan.Win32.Duqu2.gen 20180707
Avast-Mobile 20180707
Babable 20180406
CMC 20180707
Comodo 20180707
Cybereason 20180225
eGambit 20180707
Sophos ML 20180601
Kingsoft 20180707
NANO-Antivirus 20180707
TotalDefense 20180707
Trustlook 20180707
Zoner 20180706
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-14 10:20:20
Entry Point 0x0000175B
Number of sections 4
PE sections
PE imports
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetServiceStatus
WaitNamedPipeW
RtlUnwind
LoadLibraryA
GetModuleHandleA
InterlockedExchange
GetProcAddress
InterlockedCompareExchange
GetModuleHandleW
_amsg_exit
_except_handler3
malloc
free
_XcptFilter
_initterm
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2004:04:14 11:20:20+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
10752

LinkerVersion
12.0

EntryPoint
0x175b

InitializedDataSize
6656

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 10e16e36fe459f6f2899a8cea1303f06
SHA1 f860acec9920bc009a1ad5991f3d5871c2613672
SHA256 c16410c49dc40a371be22773f420b7dd3cfd4d8205cf39909ad9a6f26f55718e
ssdeep
384:vF5YD9564P2bUfolBd7P7KhkL/xbk3iDtRgd:Fa2ofolr7PekLlTtRg

authentihash 6749b0084a5a519e88521f5c25e02f16088c88749c339db80ae27c69aab8eb22
imphash 25097b4bacbce35beb1ad24027b8b014
File size 17.0 KB ( 17408 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2015-06-10 07:14:58 UTC ( 3 years, 1 month ago )
Last submission 2018-05-01 17:42:49 UTC ( 2 months, 2 weeks ago )
File names c16410c49dc40a371be22773f420b7dd3cfd4d8205cf39909ad9a6f26f55718e.infected
10e16e36fe459f6f2899a8cea1303f06
c16410c49dc40a371be22773f420b7dd3cfd4d8205cf39909ad9a6f26f55718e
c16410c49dc40a371be22773f420b7dd3cfd4d8205cf39909ad9a6f26f55718e
10E16E36FE459F6F2899A8CEA1303F06
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!