× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c49a44b884a10a66ced798f869f39f1374bc49410baba403caff76d5f43f16ae
File name: c49a44b884a10a66ced798f869f39f1374bc49410baba403caff76d5f43f16ae
Detection ratio: 44 / 67
Analysis date: 2018-06-23 12:46:38 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.296427 20180623
AhnLab-V3 Trojan/Win32.Miner.R224901 20180623
ALYac Gen:Variant.Razy.296427 20180623
Arcabit Trojan.Razy.D485EB 20180623
Avast Win32:GenX 20180623
AVG Win32:GenX 20180623
Avira (no cloud) PUA/BitcoinMiner.Gen7 20180623
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180622
BitDefender Gen:Variant.Razy.296427 20180623
CAT-QuickHeal Trojan.Miner.S2520151 20180622
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180623
Cyren W32/S-2de4d02b!Eldorado 20180623
DrWeb Trojan.BtcMine.2753 20180623
Emsisoft Gen:Variant.Razy.296427 (B) 20180623
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/CoinMiner.GZ potentially unwanted 20180623
F-Prot W32/S-2de4d02b!Eldorado 20180623
F-Secure Gen:Variant.Razy.296427 20180622
Fortinet Riskware/CoinMiner 20180623
GData Gen:Variant.Razy.296427 20180623
Ikarus PUA.CoinMiner 20180623
Sophos ML heuristic 20180601
Jiangmin RiskTool.BitMiner.ajsg 20180623
K7AntiVirus Adware ( 0052d44f1 ) 20180622
K7GW Adware ( 0052d44f1 ) 20180623
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180623
Malwarebytes RiskWare.BitCoinMiner 20180623
MAX malware (ai score=84) 20180623
McAfee PUP-XER-OL!A5B4B0B6B3D8 20180623
McAfee-GW-Edition BehavesLike.Win32.Generic.th 20180623
Microsoft Trojan:Win32/CoinMiner.CZ 20180623
eScan Gen:Variant.Razy.296427 20180623
NANO-Antivirus Riskware.Win32.BitMiner.eznpmj 20180623
Panda Trj/Genetic.gen 20180623
Qihoo-360 HEUR/QVM40.1.0974.Malware.Gen 20180623
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazqFGkYE9EARXtTMWC9xq02E) 20180623
Sophos AV Cryptocoin miner (PUA) 20180623
Symantec Miner.Bitcoinminer 20180622
TrendMicro TROJ_GEN.R039C0CFM18 20180623
TrendMicro-HouseCall TROJ_GEN.R039C0CFM18 20180623
VBA32 BScope.Malware-Cryptor.Kidep 20180622
Webroot W64.Trojan.Injector 20180623
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180623
AegisLab 20180622
Alibaba 20180622
Antiy-AVL 20180623
Avast-Mobile 20180623
AVware 20180623
Babable 20180406
Bkav 20180623
ClamAV 20180623
CMC 20180623
Comodo 20180623
Cybereason 20180225
eGambit 20180623
Kingsoft 20180623
Palo Alto Networks (Known Signatures) 20180623
SentinelOne (Static ML) 20180618
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TACHYON 20180623
Tencent 20180623
TheHacker 20180622
TotalDefense 20180623
Trustlook 20180623
VIPRE 20180623
ViRobot 20180623
Yandex 20180622
Zillya 20180622
Zoner 20180622
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-21 08:16:14
Entry Point 0x0003D799
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSidSubAuthority
RegCloseKey
GetUserNameW
AdjustTokenPrivileges
SetSecurityDescriptorSacl
RegOpenKeyExW
CreateProcessAsUserW
LsaAddAccountRights
GetSecurityDescriptorSacl
LookupPrivilegeValueW
GetSidSubAuthorityCount
RegSetValueExW
RegQueryValueExW
LsaOpenPolicy
IpRenewAddress
GetNetworkParams
GetAdaptersInfo
IpReleaseAddress
GetPerAdapterInfo
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
DebugBreak
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
GetVolumeInformationW
SetErrorMode
UnhandledExceptionFilter
UnregisterWait
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
QueueUserWorkItem
GetEnvironmentVariableW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
RaiseException
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
MoveFileW
CreateMutexA
RegisterWaitForSingleObject
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateSemaphoreW
IsProcessorFeaturePresent
ExitThread
SetHandleInformation
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetWindowsDirectoryW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
ExpandEnvironmentStringsW
FindFirstFileExA
ResetEvent
FindNextFileA
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
CreateEventW
ReadDirectoryChangesW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
CreateProcessW
GetQueuedCompletionStatus
InterlockedFlushSList
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
CancelIo
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
WriteFile
PostQueuedCompletionStatus
VirtualFree
Sleep
SetConsoleCtrlHandler
VirtualAlloc
GetOEMCP
SysFreeString
SysAllocString
GetDesktopWindow
GetLastInputInfo
GetWindowRect
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
getaddrinfo
htonl
WSARecvFrom
WSARecv
ioctlsocket
WSAStartup
freeaddrinfo
shutdown
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
FreeAddrInfoW
ntohl
inet_addr
WSASend
ntohs
select
WSAEventSelect
gethostbyname
getpeername
WSACleanup
closesocket
WSAIoctl
GetAddrInfoW
setsockopt
socket
bind
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
PdhAddCounterW
PdhCloseQuery
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCollectQueryData
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:02:21 09:16:14+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
465920

LinkerVersion
11.29

FileTypeExtension
dll

InitializedDataSize
598528

SubsystemVersion
5.1

EntryPoint
0x3d799

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a5b4b0b6b3d8f70a3cb9c3e3d488f70a
SHA1 9ae4ac6d97470b88b275afbef5f852094847bb1b
SHA256 c49a44b884a10a66ced798f869f39f1374bc49410baba403caff76d5f43f16ae
ssdeep
24576:eBwl9vo9lAw7S5bKw4Yda7ZVV2jj5+NhIv8xa:/l9qWbvOV2jl2Y8xa

authentihash 633b44fec670b887347b1ac4c467fb950f8a26b6c4029fb0685e02c6211c2aaf
imphash 5681d8ffecf489f4e5e4f72d1fafb4a4
File size 1.0 MB ( 1058304 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
pedll

VirusTotal metadata
First submission 2018-06-23 12:45:50 UTC ( 5 months, 3 weeks ago )
Last submission 2018-06-23 12:46:38 UTC ( 5 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!