× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295
File name: c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295.bin
Detection ratio: 46 / 58
Analysis date: 2017-02-26 22:19:52 UTC ( 22 hours, 19 minutes ago )
Antivirus Result Update
ALYac Gen:Variant.MiniDuke.1 20170226
AVG Small.EXS 20170226
AVware Trojan.Win32.Generic!BT 20170226
Ad-Aware Gen:Variant.MiniDuke.1 20170226
AegisLab Backdoor.W32.Miniduke!c 20170226
AhnLab-V3 Backdoor/Win32.Miniduke.C290854 20170226
Arcabit Trojan.MiniDuke.1 20170226
Avast Win32:Evo-gen [Susp] 20170226
Avira (no cloud) TR/MiniDuke.A 20170226
BitDefender Gen:Variant.MiniDuke.1 20170226
CAT-QuickHeal Trojan.Nagram 20170225
Comodo UnclassifiedMalware 20170226
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/MiniDuke.A.gen!Eldorado 20170226
DrWeb Trojan.MulDrop4.25658 20170226
ESET-NOD32 a variant of Win32/SandyEva.C 20170226
Emsisoft Gen:Variant.MiniDuke.1 (B) 20170226
Endgame malicious (high confidence) 20170222
F-Prot W32/MiniDuke.A.gen!Eldorado 20170226
F-Secure Backdoor:W32/MiniDuke.A 20170226
Fortinet W32/MINIDUKE.SM!tr.bdr 20170226
GData Gen:Variant.MiniDuke.1 20170226
Ikarus Backdoor.Win32.MiniDuke 20170226
Invincea generic.a 20170203
Jiangmin Backdoor/MiniDuke.h 20170226
K7AntiVirus Trojan ( 0042f2f81 ) 20170226
K7GW Trojan ( 0042f2f81 ) 20170226
Kaspersky HEUR:Backdoor.Win32.MiniDuke.gen 20170226
McAfee BackDoor-FCCM!297EF5BF99B5 20170225
McAfee-GW-Edition BackDoor-FCCM!297EF5BF99B5 20170226
eScan Gen:Variant.MiniDuke.1 20170226
NANO-Antivirus Virus.Win32.Gen.ccmw 20170226
Panda Trj/CI.A 20170226
Qihoo-360 HEUR/Malware.QVM39.Gen 20170226
Rising Trojan.Generic (cloud:q0tu6pyoR1L) 20170226
Sophos Mal/ItaDuke-A 20170226
Symantec Backdoor.Miniduke 20170226
Tencent Win32.Trojan.Generic.Hrzi 20170226
TheHacker Trojan/SandyEva.c 20170223
TrendMicro BKDR_MINIDUKE.SM 20170226
TrendMicro-HouseCall BKDR_MINIDUKE.SM 20170226
VIPRE Trojan.Win32.Generic!BT 20170226
ViRobot Trojan.Win32.Z.Miniduke.22784.O[h] 20170226
Webroot W32.Malware.Gen 20170226
Yandex Trojan.SandyEva!Oj+ILkgEO/I 20170225
Zillya Trojan.SandyEva.Win32.1 20170224
Alibaba 20170226
Baidu 20170224
Bkav 20170225
CMC 20170226
ClamAV 20170226
Kingsoft 20170226
Malwarebytes 20170226
Microsoft 20170226
SUPERAntiSpyware 20170226
TotalDefense 20170226
Trustlook 20170226
VBA32 20170224
WhiteArmor 20170222
Zoner 20170226
nProtect 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-20 20:16:48
Entry Point 0x0000200C
Number of sections 4
PE sections
Overlays
MD5 c1efac7949ae0f69a7400f1f377f3074
File type data
Offset 22528
Size 256
Entropy 7.18
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:02:20 21:16:48+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2560

LinkerVersion
7.3

EntryPoint
0x200c

InitializedDataSize
18944

SubsystemVersion
3.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 297ef5bf99b5e4fd413f3755ba6aad79
SHA1 28a43eac3be1b96c68a1e7463ae91367434a2ac4
SHA256 c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295
ssdeep
384:PY7ExnjhwhNAofGjjjBK+KeXXWNh2yDlGrLf8loqJUGUEjRThgW/65z3QIaF9FEP:AExjS+7jjjkZeHWmyUrLf0DJn9Cy6h3X

authentihash 2fca5d6dc8774ce56545e0b446231bd0ead6690cbd0123d4bb66cc8b3bf65e08
File size 22.3 KB ( 22784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2013-02-27 15:01:40 UTC ( 4 years ago )
Last submission 2014-09-08 13:08:33 UTC ( 2 years, 5 months ago )
File names 5de532fd62bd4e528ed6e0ccf746e20e2e58041b7ff5327ddbbcf37628429077-XOR-0x27766FFAAFF88442-00
afvd.dec
c60621e82f58b5ea5b36cde40889a076cb2c7f1612144998b1d388200bc7e295.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!