× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6a0d410d936271cc4f33d86925db895a249ca9fe8fc0097ec94b07f354e9c1e
File name: payload.dll
Detection ratio: 2 / 45
Analysis date: 2013-03-18 19:41:28 UTC ( 6 years, 2 months ago )
Antivirus Result Update
TrendMicro PAK_Generic.001 20130318
TrendMicro-HouseCall PAK_Generic.001 20130318
Yandex 20130318
AhnLab-V3 20130318
AntiVir 20130318
Antiy-AVL 20130317
Avast 20130318
AVG 20130318
BitDefender 20130318
ByteHero 20130315
CAT-QuickHeal 20130318
ClamAV 20130318
Commtouch 20130318
Comodo 20130318
DrWeb 20130318
Emsisoft 20130318
eSafe 20130313
ESET-NOD32 20130318
F-Prot 20130318
F-Secure 20130318
Fortinet 20130318
GData 20130318
Ikarus 20130318
Jiangmin 20130318
K7AntiVirus 20130318
Kaspersky 20130318
Kingsoft 20130318
Malwarebytes 20130318
McAfee 20130318
McAfee-GW-Edition 20130318
Microsoft 20130318
eScan 20130318
NANO-Antivirus 20130318
Norman 20130317
nProtect 20130318
Panda 20130318
PCTools 20130315
Sophos AV 20130318
SUPERAntiSpyware 20130318
Symantec 20130318
TheHacker 20130318
TotalDefense 20130318
VBA32 20130318
VIPRE 20130318
ViRobot 20130318
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-18 16:11:33
Entry Point 0x00009510
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:18 16:11:33+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
4096

LinkerVersion
2.56

EntryPoint
0x9510

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
32768

File identification
MD5 528888f3582210b253d4e2cec52c25c6
SHA1 738db12b123979dfe00d5e2ea609d8eb21999fc5
SHA256 d6a0d410d936271cc4f33d86925db895a249ca9fe8fc0097ec94b07f354e9c1e
ssdeep
48:67Qi5E9IIZxa8wMLlxhe5BENhzSeJY8JTaeIV83P:hi5yra8BGENhMIP

File size 3.0 KB ( 3072 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (console) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
upx pedll

VirusTotal metadata
First submission 2013-02-19 11:02:42 UTC ( 6 years, 3 months ago )
Last submission 2013-03-18 19:41:28 UTC ( 6 years, 2 months ago )
File names payload.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!