× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d8bb07cade0050f0daab6d2d31be7de375c5b01f0c3ee243e002d1f79026e3f3
File name: clsooach1.feds
Detection ratio: 11 / 56
Analysis date: 2016-12-08 10:30:05 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
Bkav W32.eHeur.Malware03 20161207
Comodo TrojWare.Win32.Kryptik.XJV 20161208
CrowdStrike Falcon (ML) malicious_confidence_66% (D) 20161024
K7GW Hacktool ( 655367771 ) 20161208
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161208
Sophos AV Mal/RansomDl-C 20161208
Tencent Win32.Trojan.Raas.Auto 20161208
TrendMicro Ransom_HPLOCKY.SMJBB 20161208
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBB 20161208
VBA32 SScope.Malware-Cryptor.Filecoder 20161207
Ad-Aware 20161208
AegisLab 20161208
AhnLab-V3 20161208
Alibaba 20161208
ALYac 20161208
Antiy-AVL 20161208
Arcabit 20161208
Avast 20161208
AVG 20161208
Avira (no cloud) 20161208
AVware 20161208
BitDefender 20161208
CAT-QuickHeal 20161208
ClamAV 20161208
CMC 20161208
Cyren 20161208
DrWeb 20161208
Emsisoft 20161208
ESET-NOD32 20161208
F-Prot 20161208
F-Secure 20161208
Fortinet 20161208
GData 20161208
Ikarus 20161208
Sophos ML 20161202
Jiangmin 20161208
K7AntiVirus 20161208
Kaspersky 20161208
Kingsoft 20161208
Malwarebytes 20161208
McAfee 20161205
McAfee-GW-Edition 20161208
Microsoft 20161208
eScan 20161208
NANO-Antivirus 20161208
nProtect 20161208
Panda 20161207
Rising 20161208
SUPERAntiSpyware 20161208
Symantec 20161208
TheHacker 20161130
TotalDefense 20161208
Trustlook 20161208
VIPRE 20161208
ViRobot 20161208
WhiteArmor 20161207
Yandex 20161208
Zillya 20161207
Zoner 20161208
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-08 08:20:00
Entry Point 0x00001FE0
Number of sections 3
PE sections
PE imports
lstrcmpA
LoadLibraryA
VirtualAlloc
malloc
memmove
_adjust_fdiv
free
_onexit
__dllonexit
_initterm
GetWindowDC
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:12:08 09:20:00+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x1fe0

InitializedDataSize
163840

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 33b7e87ea0d1671d2621d7f470b53da3
SHA1 683f69471e283f7b197971ac90a370bcee5f89eb
SHA256 d8bb07cade0050f0daab6d2d31be7de375c5b01f0c3ee243e002d1f79026e3f3
ssdeep
3072:e2hsC1SABdoQuWXxgFb1WDlapMHDZZojLS1spmOyodMOsfJ:9s1iKbKxgFb1ma8Zij08mx

authentihash eaf9fff747bf18e340d22ecd848a375d8b06e068422ff6f7099059c057b0f46a
imphash 8a4f4f61309eb81981a2b05828bd0479
File size 172.0 KB ( 176128 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-12-08 10:30:05 UTC ( 2 years, 4 months ago )
Last submission 2017-08-19 04:26:02 UTC ( 1 year, 8 months ago )
File names clsooach1.feds.bin
clsooach1.feds
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!