× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0d81bf93f56fb81730f201197d6d9a3bae97eb83f2625dc069cc77623bbb533
File name: YWAGAFB.DLL._1E3F95B50D3D098FCA1312F4D6037DF4524202C2
Detection ratio: 49 / 65
Analysis date: 2017-09-09 02:11:32 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.JBot.1 20170909
AegisLab Troj.W32.Generic!c 20170909
ALYac Gen:Heur.JBot.1 20170909
Antiy-AVL Trojan/Win32.Unknown 20170909
Arcabit Trojan.JBot.1 20170909
Avast Win32:Karagany 20170909
AVG Win32:Karagany 20170909
Avira (no cloud) TR/Crypt.EPACK.Gen2 20170909
AVware Trojan.Win32.Zbot.m (v) 20170906
Baidu Win32.Trojan.Agent.eq 20170908
BitDefender Gen:Heur.JBot.1 20170909
CAT-QuickHeal Trojan.Gepys 20170908
ClamAV Win.Ransomware.Cerber-5970165-0 20170909
Comodo TrojWare.Win32.Kryptik.AYQE 20170909
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170909
DrWeb Trojan.Redirect.140 20170909
Emsisoft Gen:Heur.JBot.1 (B) 20170909
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.AXPN 20170908
F-Secure Gen:Heur.JBot.1 20170908
Fortinet W32/Zbot.FG!tr 20170909
GData Gen:Heur.JBot.1 20170909
Ikarus Trojan.Agent4 20170908
Sophos ML heuristic 20170822
Jiangmin Trojan.Generic.auufw 20170909
K7AntiVirus Trojan ( 0042fac71 ) 20170908
K7GW Trojan ( 0042fac71 ) 20170908
Kaspersky HEUR:Trojan.Win32.Generic 20170908
Malwarebytes Trojan.Downloader 20170909
MAX malware (ai score=89) 20170908
McAfee PWS-Zbot-FATG!FC603BF63F7A 20170909
McAfee-GW-Edition PWS-Zbot-FATG!FC603BF63F7A 20170909
Microsoft Trojan:Win32/Gepys.A 20170908
eScan Gen:Heur.JBot.1 20170909
NANO-Antivirus Trojan.Win32.MlwGen.cuxicy 20170909
Panda Trj/Hexas.HEU 20170908
Qihoo-360 HEUR/Malware.QVM40.Gen 20170909
Rising Trojan.Generic (cloud:bXrdDlO6nDU) 20170909
Sophos AV Troj/Zbot-EKW 20170909
Symantec Trojan.Zbot 20170908
Tencent Win32.Trojan.Generic.Efam 20170909
TheHacker Trojan/Kryptik.axpn 20170907
VBA32 BScope.Malware-Cryptor.SB.01798 20170907
VIPRE Trojan.Win32.Zbot.m (v) 20170909
Webroot W32.Malware.Gen 20170909
Yandex Trojan.Kryptik!FRUif2lLumI 20170908
Zillya Trojan.Kryptik.Win32.366700 20170908
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170909
AhnLab-V3 20170908
Alibaba 20170908
Bkav 20170908
CMC 20170902
Cyren 20170909
F-Prot 20170909
Kingsoft 20170909
nProtect 20170909
Palo Alto Networks (Known Signatures) 20170909
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170909
Symantec Mobile Insight 20170908
TotalDefense 20170908
TrendMicro 20170909
TrendMicro-HouseCall 20170908
Trustlook 20170909
ViRobot 20170908
WhiteArmor 20170829
Zoner 20170909
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-27 05:25:14
Entry Point 0x00004060
Number of sections 5
PE sections
PE imports
LoadLibraryA
VirtualAlloc
GetProcAddress
ReadFile
SetFocus
CharPrevA
GetParent
EndDialog
OffsetRect
ShowWindow
SetWindowPos
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
CheckDlgButton
SystemParametersInfoA
LoadStringA
SendMessageA
GetDlgItem
CreateDialogParamA
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetDesktopWindow
LoadIconW
SetForegroundWindow
IsDialogMessageA
DestroyWindow
_cexit
_acmdln
_controlfp
exit
Number of PE resources by type
RT_ICON 2
RT_STRING 2
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:03:27 06:25:14+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
13312

LinkerVersion
9.0

EntryPoint
0x4060

InitializedDataSize
28672

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 fc603bf63f7a0a25db126c734a227aab
SHA1 1e3f95b50d3d098fca1312f4d6037df4524202c2
SHA256 d0d81bf93f56fb81730f201197d6d9a3bae97eb83f2625dc069cc77623bbb533
ssdeep
384:ia32eQmJ5RTJ6tHzhE304SoNLNqxrsTGVoCDjC4U0zCjVqyAV:F2e1FTJ6tHukyLcrsTRCDjC7VgV

authentihash 9d3b953e60d422a14de6501db8a8db9ac00091d59bcdbc40c88189aa79c6a3f9
imphash 9a3b729ba474b419a32dc7c9a7f70af8
File size 42.0 KB ( 43008 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2013-03-29 07:34:00 UTC ( 6 years ago )
Last submission 2013-04-22 09:00:14 UTC ( 6 years ago )
File names YWAGAFB.DLL._1E3F95B50D3D098FCA1312F4D6037DF4524202C2
file-5314486_dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!