× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3dd443066c777964c6c001060a2bb7fb245817a41f1cea9f9e404b0db721a8a
File name: dynwrapx.dll
Detection ratio: 21 / 56
Analysis date: 2016-11-13 05:16:35 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3669096 20161113
AegisLab Ransom.Raa.Gen!c 20161113
ALYac Trojan.GenericKD.3669096 20161113
Arcabit Trojan.Generic.D37FC68 20161113
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9955 20161111
BitDefender Trojan.GenericKD.3669096 20161113
Cyren W32/Trojan.OAVL-6103 20161113
Emsisoft Trojan.GenericKD.3669096 (B) 20161113
F-Secure Trojan.GenericKD.3669096 20161113
GData Trojan.GenericKD.3669096 20161113
K7AntiVirus Riskware ( 0040eff71 ) 20161113
K7GW Riskware ( 0040eff71 ) 20161113
McAfee RDN/Ransom 20161113
McAfee-GW-Edition RDN/Ransom 20161113
eScan Trojan.GenericKD.3669096 20161113
Qihoo-360 Trojan.Generic 20161113
Sophos AV Troj/Agent-ATBK 20161113
Tencent Win32.Trojan.Raasj.Auto 20161113
TrendMicro Ransom_RAA.C 20161113
TrendMicro-HouseCall Ransom_RAA.C 20161113
VBA32 Trojan.Filecoder 20161111
AhnLab-V3 20161112
Alibaba 20161110
Antiy-AVL 20161113
Avast 20161113
AVG 20161113
Avira (no cloud) 20161112
AVware 20161113
Bkav 20161112
CAT-QuickHeal 20161112
ClamAV 20161113
CMC 20161112
Comodo 20161113
CrowdStrike Falcon (ML) 20161024
DrWeb 20161113
ESET-NOD32 20161112
F-Prot 20161113
Fortinet 20161113
Ikarus 20161112
Sophos ML 20161018
Jiangmin 20161113
Kaspersky 20161113
Kingsoft 20161113
Malwarebytes 20161113
Microsoft 20161113
NANO-Antivirus 20161113
nProtect 20161113
Panda 20161112
Rising 20161113
SUPERAntiSpyware 20161112
Symantec 20161113
TheHacker 20161111
VIPRE 20161113
ViRobot 20161113
Yandex 20161112
Zillya 20161111
Zoner 20161113
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Yuri Popov, 2008-2015

Product DynamicWrapperX
Original name dynwrapx.dll
Internal name dynwrapx
File version 2.1.1.1
Description DynamicWrapperX 32-bit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 02:56:57
Entry Point 0x00001001
Number of sections 7
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
GetLastError
IsValidCodePage
HeapFree
EnterCriticalSection
GetSystemInfo
lstrlenA
LoadLibraryW
FreeLibrary
HeapAlloc
DisableThreadLibraryCalls
TlsAlloc
GetModuleFileNameA
lstrlenW
DeleteCriticalSection
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
WideCharToMultiByte
lstrcmpiA
TlsFree
GetModuleHandleA
LocalFree
FormatMessageW
lstrcmpiW
InitializeCriticalSection
VirtualFree
RtlMoveMemory
TlsGetValue
TlsSetValue
VirtualAlloc
SetLastError
LeaveCriticalSection
SysAllocStringLen
SysFreeString
SysAllocString
SHDeleteKeyA
StrToIntW
wsprintfA
wsprintfW
MessageBoxW
LoadStringW
_wcsicmp
CoGetContextToken
IsEqualGUID
PE exports
Number of PE resources by type
RT_STRING 4
RT_VERSION 2
Number of PE resources by language
RUSSIAN 3
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
1.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.1.1.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
11776

EntryPoint
0x1001

OriginalFileName
dynwrapx.dll

MIMEType
application/octet-stream

LegalCopyright
Yuri Popov, 2008-2015

FileVersion
2.1.1.1

TimeStamp
2015:04:27 03:56:57+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
dynwrapx

ProductVersion
2.1.1.1

FileDescription
DynamicWrapperX 32-bit

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
10240

ProductName
DynamicWrapperX

ProductVersionNumber
2.1.1.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Execution parents
Compressed bundles
File identification
MD5 5beda1e575802a85630daf966df828be
SHA1 191d2d649474ab469c7ab23f297ebec974baaeb8
SHA256 d3dd443066c777964c6c001060a2bb7fb245817a41f1cea9f9e404b0db721a8a
ssdeep
384:M+V674CC+URl/I42wza7zrNTLDXmaYBh7kvdSK:M+Vs4xbRl/I4bahTeZhqSK

authentihash 38fa32ca8ef5a886d1fa7174ee0bf9fdcb6024127eddfe6255c221dbed4165f3
imphash 1772cc83964df19e6a2b0ce36bd289c8
File size 22.5 KB ( 23040 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
pedll

VirusTotal metadata
First submission 2015-05-08 02:38:30 UTC ( 2 years, 5 months ago )
Last submission 2017-06-30 14:25:40 UTC ( 3 months, 3 weeks ago )
File names Win32.Trojan.Agent@d3dd443066c777964c6c001060a2bb7fb245817a41f1cea9f9e404b0db721a8a.bin
DTNXr.dll
dynwrapx.dll
0fgtR.dll
fMxoV.dll
XEryf.dll
RhOss.dll
dll
bhS9M.dll
q1q1 - Copy.exe
nx4Sq.dll
rljrH.dll
Bhvtu.dll
29dHq.dll
C
ieQlZ.dll
XEryf.dll
L8GkP.dll
dynwrapx
dynwrapx.dll
PuOtj.dll
KTiMt.dll
BXpag.dll
k624R.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0824.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!