× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca52ef8e7a33dcc9c71554aea35ae3503f56c737babbf446f3961c7f7b168eba
File name: bb733999c6e083528901dc29bdc966e8
Detection ratio: 29 / 67
Analysis date: 2018-06-11 12:02:43 UTC ( 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.343752 20180611
ALYac Gen:Variant.Razy.343752 20180611
Antiy-AVL Trojan/Win32.TSGeneric 20180611
Arcabit Trojan.Razy.D53EC8 20180611
Avast Win32:Malware-gen 20180611
AVG Win32:Malware-gen 20180611
BitDefender Gen:Variant.Razy.343752 20180611
Bkav W32.eHeur.Malware14 20180611
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180611
DrWeb Trojan.MulDrop8.34 20180611
Emsisoft Gen:Variant.Razy.343752 (B) 20180611
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Razy.343752 20180611
GData Gen:Variant.Razy.343752 20180611
Sophos ML heuristic 20180601
K7AntiVirus Riskware ( 0040eff71 ) 20180611
K7GW Riskware ( 0040eff71 ) 20180611
Kaspersky HEUR:Trojan.Win32.Generic 20180611
MAX malware (ai score=89) 20180611
McAfee GenericRXFR-ZT!BB733999C6E0 20180611
McAfee-GW-Edition Emotet-FDM!BB733999C6E0 20180610
eScan Gen:Variant.Razy.343752 20180611
NANO-Antivirus Trojan.Win32.Drop.fdsrsk 20180611
Panda Trj/GdSda.A 20180610
Qihoo-360 HEUR/QVM40.1.C5D5.Malware.Gen 20180611
Symantec ML.Attribute.HighConfidence 20180611
VBA32 BScope.TrojanBanker.Shiotob 20180611
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180611
AegisLab 20180611
AhnLab-V3 20180611
Alibaba 20180611
Avast-Mobile 20180611
Avira (no cloud) 20180611
AVware 20180611
Babable 20180406
Baidu 20180611
CAT-QuickHeal 20180611
ClamAV 20180611
CMC 20180611
Comodo 20180611
Cybereason 20180308
Cyren 20180611
eGambit 20180611
ESET-NOD32 20180611
F-Prot 20180611
Fortinet 20180611
Ikarus 20180611
Jiangmin 20180611
Kingsoft 20180611
Malwarebytes 20180611
Microsoft 20180611
Palo Alto Networks (Known Signatures) 20180611
Rising 20180611
SentinelOne (Static ML) 20180225
Sophos AV 20180611
SUPERAntiSpyware 20180611
Symantec Mobile Insight 20180605
TACHYON 20180611
Tencent 20180611
TheHacker 20180608
TotalDefense 20180611
TrendMicro 20180611
TrendMicro-HouseCall 20180611
Trustlook 20180611
VIPRE 20180611
ViRobot 20180611
Webroot 20180611
Yandex 20180609
Zillya 20180608
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-06 12:00:17
Entry Point 0x00001FD0
Number of sections 5
PE sections
PE imports
CryptGetDefaultProviderW
PageSetupDlgA
CertComparePublicKeyInfo
SetDIBColorTable
BeginPath
CreateHatchBrush
GetObjectW
SetTimeZoneInformation
InterlockedPopEntrySList
GetModuleHandleA
MoveFileWithProgressW
VerLanguageNameW
GetModuleFileNameA
GetCurrentThreadId
GetBinaryTypeA
NetGroupGetInfo
VarDateFromI2
VarCyFromI2
wglGetProcAddress
RasEnumDevicesW
RpcBindingFromStringBindingW
CM_Connect_MachineW
PathIsRelativeA
DestroyCaret
GetFocus
DrawMenuBar
LoadIconA
mixerOpen
AddFormW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:06 13:00:17+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
57344

LinkerVersion
134.255

FileTypeExtension
dll

InitializedDataSize
4096

SubsystemVersion
5.0

EntryPoint
0x1fd0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 bb733999c6e083528901dc29bdc966e8
SHA1 cabb5ad55b6238d2c2da8fca810b3b1efc934eda
SHA256 ca52ef8e7a33dcc9c71554aea35ae3503f56c737babbf446f3961c7f7b168eba
ssdeep
6144:79SCZJg07VdsRKXiGH4H0vgEwoh9VVgu92ctjgDkXzOEFQtl:/LsKXxH4mgEwohJ2ctjXXzOEc

authentihash 7d0d9cfc1f23b7b86d8384ea3840c8b2a791f02d5c2fcea8104e922dfe911deb
imphash 68eded76d0993517fe68a64aff302d64
File size 524.0 KB ( 536576 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-06-11 12:02:43 UTC ( 6 months ago )
Last submission 2018-06-11 12:02:43 UTC ( 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!