× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d58bb0164d1a5a553eb7c9693d7b0c28caaa4531c00372218cd00db6c0fb50be
File name: a56a92022b2c9e90440f4e70cfb8da99
Detection ratio: 59 / 66
Analysis date: 2018-05-31 18:23:08 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
Ad-Aware Win32.Worm.Downadup.Gen 20180531
AegisLab W32.W.Kido.ef!c 20180531
AhnLab-V3 Win32/Kido.worm.165137 20180531
ALYac Worm.Conficker 20180531
Antiy-AVL Worm[Net]/Win32.Kido.ih 20180531
Arcabit Win32.Worm.Downadup.Gen 20180531
Avast Win32:Confi [Wrm] 20180531
AVG Win32:Confi [Wrm] 20180531
Avira (no cloud) WORM/Conficker.gen 20180531
AVware Trojan.Win32.Generic!BT 20180531
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180531
BitDefender Win32.Worm.Downadup.Gen 20180531
Bkav W32.ConfickerJS.Worm 20180531
CAT-QuickHeal Worm.Conficker.Gen 20180531
ClamAV Win.Malware.Agent-6398670-0 20180531
CMC Generic.Win32.a56a92022b!CMCRadar 20180529
Cylance Unsafe 20180531
Cyren W32/Conficker!Generic 20180531
DrWeb Win32.HLLW.Shadow 20180531
Emsisoft Win32.Worm.Downadup.Gen (B) 20180531
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Conficker.Gen 20180531
F-Prot W32/Conficker!Generic 20180531
F-Secure Worm:W32/Downadup.gen!A 20180531
Fortinet W32/Kido.IH!tr 20180531
GData Win32.Worm.Downadup.A@gen 20180531
Ikarus Worm.Win32.Downadup 20180531
Sophos ML heuristic 20180503
Jiangmin Worm/Kido.ew 20180531
K7AntiVirus Trojan ( 00394c0e1 ) 20180530
K7GW Trojan ( 00394c0e1 ) 20180531
Kaspersky Net-Worm.Win32.Kido.ih 20180531
Malwarebytes Worm.Conficker.Generic 20180531
McAfee W32/Conficker.worm.gen.a 20180530
McAfee-GW-Edition BehavesLike.Win32.Conficker.cc 20180531
Microsoft Worm:Win32/Conficker.C 20180531
eScan Win32.Worm.Downadup.Gen 20180531
NANO-Antivirus Trojan.Win32.MLW.hffwz 20180531
nProtect Worm/W32.Kido.165137 20180531
Palo Alto Networks (Known Signatures) generic.ml 20180531
Panda W32/Conficker.C.worm 20180531
Qihoo-360 Win32/Worm.f1e 20180531
Rising Worm.Kido!1.99FA (CLASSIC) 20180531
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Conficker-A 20180531
SUPERAntiSpyware Trojan.Conficker/Variant 20180531
Symantec W32.Downadup.B 20180531
Tencent Win32.Worm-net.Kido.Llqw 20180531
TheHacker W32/Kido.ih 20180531
TotalDefense Win32/Conficker.JYB 20180531
TrendMicro TROJ_SPNR.0CBE14 20180531
TrendMicro-HouseCall TROJ_SPNR.0CBE14 20180531
VBA32 Worm.Win32.kido.105 20180531
VIPRE Trojan.Win32.Generic!BT 20180531
ViRobot Trojan.Win32.A.Downloader.23624 20180531
Webroot W32.Worm.Conficker.Gen 20180531
Yandex Worm.Kido!9+jwR/aFW2M 20180529
Zillya Worm.Conficker.Win32.228 20180531
ZoneAlarm by Check Point Net-Worm.Win32.Kido.ih 20180531
Alibaba 20180530
Avast-Mobile 20180531
Babable 20180406
Comodo 20180531
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180531
Kingsoft 20180531
MAX 20180531
Symantec Mobile Insight 20180525
Trustlook 20180531
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-12-08 10:18:35
Entry Point 0x000044FB
Number of sections 4
PE sections
Overlays
MD5 8eea0751ab3f70d5c74c0aac5d22d1e8
File type data
Offset 87040
Size 78097
Entropy 8.00
PE imports
IsValidAcl
RevertToSelf
InitializeSecurityDescriptor
GetStretchBltMode
GetBkColor
DosDateTimeToFileTime
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
GetLocalTime
GetUserDefaultLCID
QueryPerformanceFrequency
InterlockedExchangeAdd
MulDiv
GetComputerNameA
GetProcAddress
InterlockedDecrement
Sleep
IsBadReadPtr
IsBadStringPtrA
IsBadCodePtr
VirtualAlloc
SetLastError
InterlockedIncrement
_itoa
_ultoa
_pctype
_swab
_isctype
ldiv
_adjust_fdiv
time
malloc
free
__mb_cur_max
frexp
_CIsinh
_hypot
_initterm
_CItanh
_ltoa
ldexp
Ord(66)
GetWindowThreadProcessId
IsClipboardFormatAvailable
SetLastErrorEx
BlockInput
GetAncestor
GetLastActivePopup
GetWindowDC
IsMenu
GetDesktopWindow
IsWindowUnicode
GetCursor
GetDlgItem
GetWindowInfo
GetWindowTextA
GetWindow
GetGUIThreadInfo
GetMenuContextHelpId
IsChild
GetDC
CoFileTimeNow
CoDosDateTimeToFileTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
1998:12:08 11:18:35+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
13824

LinkerVersion
7.1

EntryPoint
0x44fb

InitializedDataSize
73216

SubsystemVersion
4.0

ImageVersion
5.2

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a56a92022b2c9e90440f4e70cfb8da99
SHA1 b2ac37d0c766f34ffe1d9e570d6bb4a67698ffc2
SHA256 d58bb0164d1a5a553eb7c9693d7b0c28caaa4531c00372218cd00db6c0fb50be
ssdeep
3072:wo29l5/MryfbK/o7Az9fuG/FKtCrGTrS/dWVDHijhbrJH65kU+HPvfeQFhIRdCB:W0ryjS9fuKFKrqfZa2PvvXaRY

authentihash cb89f0aa7f6c1c453d3c14254479a2cc896bb3001f00d9b9a58e701c7e8b1135
imphash b49b023e757da234f88bfb4b5a022757
File size 161.3 KB ( 165137 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.3%)
Win32 Executable (generic) (23.5%)
OS/2 Executable (generic) (10.5%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
overlay armadillo pedll via-tor

VirusTotal metadata
First submission 2009-01-12 14:49:45 UTC ( 9 years, 5 months ago )
Last submission 2017-11-04 15:38:58 UTC ( 7 months, 2 weeks ago )
File names malw_0.ex_
anylya.dll
d58bb0164d1a5a553eb7c9693d7b0c28caaa4531c00372218cd00db6c0fb50be-165137
eaxii.dll
d58bb0164d1a5a553eb7c9693d7b0c28caaa4531c00372218cd00db6c0fb50be
bhfnl.qiq
schzw.dll
1lempmayi.dll
a56a92022b2c9e90440f4e70cfb8da99
b2ac37d0c766f34ffe1d9e570d6bb4a67698ffc2
jwgkvsq.vmx
koxwey.x
Net-Worm.Win32.Kido.ef
badfile
95b3f2f71142d2d88568029c7de9e800e53adeeb.DLL
a56a92022b2c9e90440f4e70cfb8da99b2ac37d0c766f34ffe1d9e570d6bb4a67698ffc2165137.dll
JWGKVSQ.VMX.Muestra EliStartPage v30.44
mrqvwxlc_1_.bmp
x
enujju.dll
USS69.tmp
http-y4MbP9
a56a92022b2c9e90440f4e70cfb8da99
a56a92022b2c9e90440f4e70cfb8da99
zfyspqu.u
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!