× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c755a19f8c1bfd2cc3d9e7a963a42dca85d3836249457829464152a139da359e
File name: c755a19f8c1bfd2cc3d9e7a963a42dca85d3836249457829464152a139da359e
Detection ratio: 40 / 66
Analysis date: 2018-03-01 23:40:20 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
AegisLab Troj.W32.Generic!c 20180301
AhnLab-V3 Trojan/Win32.Agent.C2411201 20180301
Antiy-AVL Trojan/Win32.AGeneric 20180301
Avast Win64:Malware-gen 20180301
AVG Win64:Malware-gen 20180301
Avira (no cloud) TR/Crypt.ZPACK.svsqk 20180301
AVware Trojan.Win32.Generic!BT 20180301
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9871 20180301
CAT-QuickHeal Trojan.Generic 20180301
Comodo .UnclassifiedMalware 20180301
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180302
eGambit Unsafe.AI_Score_94% 20180302
Endgame malicious (high confidence) 20180301
ESET-NOD32 a variant of Win64/GenKryptik.BQFJ 20180302
Fortinet W64/Kryptik.BID!tr 20180301
GData Win64.Trojan.Agent.V13CPP 20180301
Ikarus Trojan.Win64.Krypt 20180301
Sophos ML heuristic 20180121
Jiangmin Trojan.Agent.bffh 20180301
K7AntiVirus Trojan ( 0052760d1 ) 20180301
K7GW Trojan ( 0052760d1 ) 20180302
Kaspersky HEUR:Trojan.Win32.Generic 20180301
MAX malware (ai score=94) 20180302
McAfee Trojan-FOXN!D053911BBC68 20180302
McAfee-GW-Edition Trojan-FOXN!D053911BBC68 20180302
Microsoft Trojan:Win32/Tiggre!rfn 20180302
Palo Alto Networks (Known Signatures) generic.ml 20180302
Panda Trj/CI.A 20180301
Qihoo-360 Win32/Trojan.ae7 20180302
Rising Trojan.GenKryptik!8.AA55 (TFE:3:4BLJp20Q95U) 20180301
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180301
Symantec W32.Mandaph 20180301
Tencent Win32.Trojan.Generic.Wofj 20180302
TrendMicro TROJ_GEN.R002C0PBR18 20180301
TrendMicro-HouseCall TROJ_GEN.R002C0PBR18 20180301
VIPRE Trojan.Win32.Generic!BT 20180301
Webroot W32.Trojan.Gen 20180302
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180301
Ad-Aware 20180301
Alibaba 20180301
ALYac 20180301
Arcabit 20180301
Avast-Mobile 20180301
BitDefender 20180301
Bkav 20180301
ClamAV 20180301
CMC 20180301
Cybereason 20180225
Cyren 20180301
DrWeb 20180301
Emsisoft 20180301
F-Prot 20180301
F-Secure 20180301
Kingsoft 20180302
eScan 20180302
NANO-Antivirus 20180302
nProtect 20180301
SUPERAntiSpyware 20180301
Symantec Mobile Insight 20180220
TheHacker 20180301
TotalDefense 20180301
Trustlook 20180302
VBA32 20180301
ViRobot 20180301
WhiteArmor 20180223
Yandex 20180228
Zillya 20180301
Zoner 20180301
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-02-15 15:49:36
Entry Point 0x000016B0
Number of sections 11
PE sections
PE imports
GetModuleHandleA
GetBinaryTypeW
lstrlenA
GetModuleFileNameW
ProcessIdToSessionId
ExitProcess
GetSystemRegistryQuota
GetCurrentThreadId
GetSystemPowerStatus
EndDeferWindowPos
WaitMessage
VkKeyScanA
OemToCharA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:02:15 16:49:36+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
0

LinkerVersion
12.0

EntryPoint
0x16b0

InitializedDataSize
667648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d053911bbc6865377eb70720aa4c4d4d
SHA1 12047e0e3af2893e04fbfd807aeb74d20d83a83e
SHA256 c755a19f8c1bfd2cc3d9e7a963a42dca85d3836249457829464152a139da359e
ssdeep
6144:Oe95PWcN2IENHB5+TqoRTyhOj2BcElugp0SGqIkOycYc4+AY2RMnwNAgwM8U2Fzb:OSrJgAGhx5LGycORnAs8LYwY6

authentihash fd21e4402d46ab7fa382b7a0798bc69dfb541a27965698fd3f041bb3c8470268
imphash 8952eabeb2b3364d1cfdcf88a8990849
File size 668.0 KB ( 684032 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-02-26 20:27:01 UTC ( 9 months, 3 weeks ago )
Last submission 2018-03-01 23:40:20 UTC ( 9 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!