× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295
File name: c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295.bin
Detection ratio: 48 / 62
Analysis date: 2017-03-24 21:48:38 UTC ( 2 days, 5 hours ago )
Antivirus Result Update
Ad-Aware Gen:Variant.MiniDuke.1 20170324
AegisLab Backdoor.W32.Miniduke!c 20170324
AhnLab-V3 Backdoor/Win32.Miniduke.C290854 20170324
ALYac Gen:Variant.MiniDuke.1 20170324
Antiy-AVL Trojan[Backdoor]/Win32.MiniDuke 20170324
Arcabit Trojan.MiniDuke.1 20170324
AVG Small.EXS 20170324
Avira (no cloud) TR/MiniDuke.AF 20170324
AVware Trojan.Win32.Generic!BT 20170324
BitDefender Gen:Variant.MiniDuke.1 20170324
CAT-QuickHeal Trojan.Nagram 20170324
Comodo UnclassifiedMalware 20170324
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/MiniDuke.A.gen!Eldorado 20170324
DrWeb Trojan.MulDrop4.25658 20170324
Emsisoft Gen:Variant.MiniDuke.1 (B) 20170324
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/SandyEva.C 20170324
F-Prot W32/MiniDuke.A.gen!Eldorado 20170324
F-Secure Backdoor:W32/MiniDuke.A 20170324
Fortinet W32/MINIDUKE.SM!tr.bdr 20170324
GData Gen:Variant.MiniDuke.1 20170324
Ikarus Backdoor.Win32.MiniDuke 20170324
Invincea generic.a 20170203
Jiangmin Backdoor/MiniDuke.h 20170324
K7AntiVirus Trojan ( 0042f2f81 ) 20170324
K7GW Trojan ( 0042f2f81 ) 20170324
Kaspersky HEUR:Backdoor.Win32.MiniDuke.gen 20170324
McAfee BackDoor-FCCM!297EF5BF99B5 20170324
McAfee-GW-Edition BackDoor-FCCM!297EF5BF99B5 20170324
eScan Gen:Variant.MiniDuke.1 20170324
NANO-Antivirus Virus.Win32.Gen.ccmw 20170324
Palo Alto Networks (Known Signatures) generic.ml 20170324
Panda Trj/CI.A 20170324
Qihoo-360 HEUR/Malware.QVM39.Gen 20170324
Rising Trojan.Generic (cloud:q0tu6pyoR1L) 20170324
Sophos Mal/ItaDuke-A 20170324
Symantec Backdoor.Miniduke 20170324
Tencent Win32.Trojan.Generic.Hrzi 20170324
TheHacker Trojan/SandyEva.c 20170321
TrendMicro BKDR_MINIDUKE.SM 20170324
TrendMicro-HouseCall BKDR_MINIDUKE.SM 20170324
VIPRE Trojan.Win32.Generic!BT 20170324
ViRobot Trojan.Win32.Z.Miniduke.22784.O[h] 20170324
Webroot W32.Malware.Gen 20170324
Yandex Trojan.SandyEva!Oj+ILkgEO/I 20170323
Zillya Trojan.SandyEva.Win32.1 20170323
ZoneAlarm by Check Point HEUR:Backdoor.Win32.MiniDuke.gen 20170324
Alibaba 20170324
Avast 20170324
Baidu 20170323
Bkav 20170324
ClamAV 20170324
CMC 20170324
Kingsoft 20170324
Malwarebytes 20170324
Microsoft 20170324
nProtect 20170324
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170324
Symantec Mobile Insight 20170324
TotalDefense 20170324
Trustlook 20170324
VBA32 20170324
WhiteArmor 20170315
Zoner 20170324
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-20 20:16:48
Entry Point 0x0000200C
Number of sections 4
PE sections
Overlays
MD5 c1efac7949ae0f69a7400f1f377f3074
File type data
Offset 22528
Size 256
Entropy 7.18
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:02:20 21:16:48+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2560

LinkerVersion
7.3

EntryPoint
0x200c

InitializedDataSize
18944

SubsystemVersion
3.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 297ef5bf99b5e4fd413f3755ba6aad79
SHA1 28a43eac3be1b96c68a1e7463ae91367434a2ac4
SHA256 c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295
ssdeep
384:PY7ExnjhwhNAofGjjjBK+KeXXWNh2yDlGrLf8loqJUGUEjRThgW/65z3QIaF9FEP:AExjS+7jjjkZeHWmyUrLf0DJn9Cy6h3X

authentihash 2fca5d6dc8774ce56545e0b446231bd0ead6690cbd0123d4bb66cc8b3bf65e08
File size 22.3 KB ( 22784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2013-02-27 15:01:40 UTC ( 4 years ago )
Last submission 2014-09-08 13:08:33 UTC ( 2 years, 6 months ago )
File names 5de532fd62bd4e528ed6e0ccf746e20e2e58041b7ff5327ddbbcf37628429077-XOR-0x27766FFAAFF88442-00
afvd.dec
c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!