× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf687b3484bdea5b79903ae09e4a1107106176f012becb9310dca07c22ce5adc
File name: potentiallyevil.bin
Detection ratio: 0 / 56
Analysis date: 2017-02-06 21:38:30 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20170206
AegisLab 20170206
AhnLab-V3 20170206
Alibaba 20170122
ALYac 20170206
Antiy-AVL 20170206
Arcabit 20170206
Avast 20170206
AVG 20170206
Avira (no cloud) 20170206
AVware 20170206
Baidu 20170206
BitDefender 20170206
Bkav 20170206
CAT-QuickHeal 20170206
ClamAV 20170206
CMC 20170206
Comodo 20170206
CrowdStrike Falcon (ML) 20170130
Cyren 20170206
DrWeb 20170206
Emsisoft 20170206
ESET-NOD32 20170206
F-Prot 20170206
F-Secure 20170206
Fortinet 20170206
GData 20170206
Ikarus 20170206
Invincea 20170203
Jiangmin 20170206
K7AntiVirus 20170206
K7GW 20170206
Kaspersky 20170206
Kingsoft 20170206
Malwarebytes 20170206
McAfee 20170206
McAfee-GW-Edition 20170206
Microsoft 20170206
eScan 20170206
NANO-Antivirus 20170206
nProtect 20170206
Panda 20170206
Qihoo-360 20170206
Rising 20170206
Sophos 20170206
SUPERAntiSpyware 20170206
Symantec 20170206
Tencent 20170206
TheHacker 20170205
TrendMicro 20170206
TrendMicro-HouseCall 20170206
Trustlook 20170206
VBA32 20170206
VIPRE 20170206
ViRobot 20170206
WhiteArmor 20170202
Yandex 20170206
Zillya 20170206
Zoner 20170206
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright

Original name adduser.dll
Internal name adduser.dll
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-03 19:21:13
Entry Point 0x000026EE
Number of sections 3
.NET details
Module Version ID ab8c3a11-fe4f-434b-9e18-0ec25f094935
PE sections
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x26ee

OriginalFileName
adduser.dll

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:02:03 20:21:13+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
adduser.dll

ProductVersion
0.0.0.0

SubsystemVersion
6.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
2048

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
0.0.0.0

File identification
MD5 b7d8ddbc9a026f414f19054b57be6f71
SHA1 08503e8561632d8fb977f0fe2a05f49cf34add0f
SHA256 cf687b3484bdea5b79903ae09e4a1107106176f012becb9310dca07c22ce5adc
ssdeep
48:6Qk+a8abMOMQZuJA3V6iBPFj0Hr18Ful/xsq:Jav7FLFjKrVdx

authentihash 9b5572045df2c9f2fe708aa63f90b8537c5299eaa0198f3ad33bb411d47ee43d
imphash dae02f32a21e03ce65412f6e56942daa
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
assembly pedll

VirusTotal metadata
First submission 2017-02-06 21:38:30 UTC ( 2 months, 2 weeks ago )
Last submission 2017-02-06 21:38:30 UTC ( 2 months, 2 weeks ago )
File names potentiallyevil.bin
adduser.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!