× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3f0f465b0cbeb2eb0c6f23cc68540b0308405597043579b21b6cefa784625d9
File name: Lemon.dll
Detection ratio: 37 / 62
Analysis date: 2018-07-02 20:24:56 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.Kraddare.26 20180702
Arcabit Trojan.Adware.Kraddare.26 20180702
Avast FileRepMetagen [PUP] 20180702
AVG FileRepMetagen [PUP] 20180702
Avira (no cloud) ADWARE/Adware.Gen7 20180702
AVware Trojan.Win32.Generic!BT 20180702
BitDefender Gen:Variant.Adware.Kraddare.26 20180702
Comodo ApplicUnwnt 20180702
Cyren W32/GenPua.62574DA2!Olympus 20180702
DrWeb Trojan.Adkor.683 20180702
Emsisoft Gen:Variant.Adware.Kraddare.26 (B) 20180702
Endgame malicious (moderate confidence) 20180612
ESET-NOD32 a variant of Win32/Adware.PopAd.AH 20180702
F-Secure Gen:Variant.Adware.Kraddare 20180702
Fortinet Riskware/PopAd 20180702
GData Gen:Variant.Adware.Kraddare.26 20180702
Ikarus PUA.Kraddare 20180702
Jiangmin Adware.Popad.ay 20180702
K7AntiVirus Adware ( 004c791e1 ) 20180702
K7GW Adware ( 004c791e1 ) 20180702
Kaspersky not-a-virus:AdWare.Win32.PopAd.bic 20180702
Malwarebytes Adware.PopAd 20180702
MAX malware (ai score=99) 20180702
McAfee Artemis!62574DA2CB8E 20180702
McAfee-GW-Edition Artemis 20180702
Microsoft PUA:Win32/Lemon 20180702
eScan Gen:Variant.Adware.Kraddare.26 20180702
NANO-Antivirus Riskware.Win32.PopAd.faszzw 20180702
Panda Trj/CI.A 20180702
Qihoo-360 Trojan.Generic 20180702
Sophos AV Generic PUA OO (PUA) 20180702
Symantec Trojan.Gen.2 20180702
Tencent Win32.Adware.Popad.Wmix 20180702
VIPRE Trojan.Win32.Generic!BT 20180702
ViRobot Adware.Agent.2011560.A 20180702
Zillya Adware.KraddareCRTD.Win32.1010 20180702
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.PopAd.bic 20180702
AegisLab 20180702
AhnLab-V3 20180702
Antiy-AVL 20180702
Avast-Mobile 20180702
Babable 20180406
Baidu 20180702
Bkav 20180702
CAT-QuickHeal 20180702
ClamAV 20180702
CMC 20180702
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180702
F-Prot 20180702
Sophos ML 20180601
Kingsoft 20180702
Palo Alto Networks (Known Signatures) 20180702
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180702
TACHYON 20180702
TheHacker 20180628
TotalDefense 20180702
Trustlook 20180702
VBA32 20180629
Webroot 20180702
Yandex 20180702
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright Corp. 마울링 All Rights Reserved.

Product Lemon
Original name Lemon.dll
File version 2015.11.13.2
Description Lemon.dll
Signature verification Signed file, verified signature
Signing date 3:50 AM 11/13/2015
Signers
[+] Wetelecommunication
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/1/2015
Valid to 12:59 AM 7/31/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D7FAB38ABEA68D1DA6DB1202ACFF05B327228540
Serial number 53 9B FE E3 71 62 8E AD 87 F4 42 3C FC 3D 9F 26
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-13 02:39:26
Entry Point 0x006D2860
Number of sections 3
PE sections
Overlays
MD5 7a30a198f72fba126138afc459182b53
File type data
Offset 2003968
Size 7592
Entropy 7.35
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
URLDownloadToFileW
RegSaveKeyW
ImageList_Add
GetSaveFileNameW
CertCloseStore
AlphaBlend
OleDraw
VariantCopy
DoOrganizeFavDlg
ShellExecuteW
VerQueryValueW
InternetOpenW
timeGetTime
OpenPrinterW
PE exports
Number of PE resources by type
RT_STRING 81
RT_BITMAP 19
RT_GROUP_CURSOR 8
RT_RCDATA 8
RT_CURSOR 8
INI 1
RT_VERSION 1
PNG 1
Number of PE resources by language
NEUTRAL 86
ENGLISH US 39
KOREAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
5156864

InitializedDataSize
12288

ImageVersion
0.0

ProductName
Lemon

FileVersionNumber
2015.11.13.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Lemon.dll

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
dll

OriginalFileName
Lemon.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2015.11.13.2

TimeStamp
2015:11:13 03:39:26+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
2015.11.13.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright Corp. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
1994752

FileSubtype
0

ProductVersionNumber
2015.11.13.2

EntryPoint
0x6d2860

ObjectFileType
Executable application

File identification
MD5 62574da2cb8ee08d015940ec5bc4f7ab
SHA1 ee5d5e464b629e9890406094d60c9f5057041fad
SHA256 c3f0f465b0cbeb2eb0c6f23cc68540b0308405597043579b21b6cefa784625d9
ssdeep
49152:O8sHWY3FVAxOUSzwk/D25Wh6xm+INrW4rBsKsrszkQcIcJNA:YVV1USw0PZRg5IcJNA

authentihash 835280c0101dc26c483b9602b84b0cc8fafd9300b5f9823ee590e8f487ad23d6
imphash 1cc1020beb036ac01cec048fcaf07ccf
File size 1.9 MB ( 2011560 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
pedll signed upx overlay

VirusTotal metadata
First submission 2015-11-29 11:04:53 UTC ( 3 years, 1 month ago )
Last submission 2018-07-02 20:24:56 UTC ( 6 months, 3 weeks ago )
File names NQUqVIFZX.drv
VirusShare_62574da2cb8ee08d015940ec5bc4f7ab
Lemon.dll
output.83747955.txt
VirusShare_62574da2cb8ee08d015940ec5bc4f7ab
lemon.dll
135985283.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!