× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e685e75497f52d934edc0dca289cc6931c93cdef02bd180200952606875ddbaa
File name: C894C6EF9041E1BFEE0806619A1779EC.exe
Detection ratio: 49 / 64
Analysis date: 2018-07-27 07:40:07 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.13093247 20180727
AegisLab Troj.Win64.Agent.csy!c 20180727
AhnLab-V3 Trojan/Win32.Reveton.R140692 20180727
ALYac Trojan.Generic.13093247 20180727
Antiy-AVL Trojan/Win64.Agent 20180727
Arcabit Trojan.Generic.DC7C97F 20180727
Avast Win64:Reveton-I [Trj] 20180727
AVG Win64:Reveton-I [Trj] 20180727
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20180727
AVware Win32.Malware!Drop 20180727
BitDefender Trojan.Generic.13093247 20180727
Comodo .UnclassifiedMalware 20180727
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20180727
Cyren W64/Reveton.B 20180727
Emsisoft Trojan.Generic.13093247 (B) 20180727
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win64/Reveton.A 20180727
F-Prot W64/Reveton.B 20180727
F-Secure Trojan:W64/Dridex.D 20180727
Fortinet W64/Kryptik.KI!tr 20180727
GData Trojan.Generic.13093247 20180727
Ikarus Trojan-Ransom.Reveton 20180726
Sophos ML heuristic 20180717
Jiangmin Trojan/Agent.ifuq 20180727
K7AntiVirus Riskware ( 0040eff71 ) 20180727
K7GW Riskware ( 0040eff71 ) 20180727
Kaspersky UDS:DangerousObject.Multi.Generic 20180727
Malwarebytes Trojan.Agent.HE 20180727
MAX malware (ai score=88) 20180727
McAfee Generic.dx!C894C6EF9041 20180727
McAfee-GW-Edition BehavesLike.Win64.Conficker.fc 20180727
eScan Trojan.Generic.13093247 20180727
NANO-Antivirus Trojan.Win64.MlwGen.dpwdjo 20180727
Panda Trj/CI.A 20180726
Qihoo-360 Win32/Trojan.806 20180727
Rising Trojan.Bagsu!8.3B1 (CLOUD) 20180727
Sophos AV Mal/Generic-L 20180727
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180727
Symantec Downloader.Ponik 20180727
Tencent Win64.Trojan.Agent.Szuy 20180727
TrendMicro TROJ64_REVETON.W 20180727
TrendMicro-HouseCall TROJ64_REVETON.W 20180727
VBA32 Trojan.Win64.Agent 20180726
VIPRE Win32.Malware!Drop 20180727
ViRobot Backdoor.Win64.S.Agent.359424 20180727
Webroot W32.Trojan.Gen 20180727
Yandex Trojan.Reveton!/uaWGYSvD2k 20180725
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180727
Alibaba 20180713
Avast-Mobile 20180727
Babable 20180725
Baidu 20180726
Bkav 20180726
CAT-QuickHeal 20180725
ClamAV 20180727
CMC 20180727
Cybereason 20180308
DrWeb 20180727
eGambit 20180727
Kingsoft 20180727
Palo Alto Networks (Known Signatures) 20180727
SentinelOne (Static ML) 20180701
TACHYON 20180727
TheHacker 20180726
Trustlook 20180727
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2015-03-25 11:53:57
Entry Point 0x00005AC0
Number of sections 4
PE sections
PE imports
CreateICA
CreateScalableFontResourceW
CreateColorSpaceA
CreatePen
FloodFill
ColorCorrectPalette
SetDCBrushColor
GetPaletteEntries
GetCharWidthFloatW
CreateEllipticRgnIndirect
GetRegionData
SetPaletteEntries
CreateDCW
GetViewportExtEx
AddFontResourceExA
ModifyWorldTransform
CreateBitmapIndirect
GetRasterizerCaps
GetLastError
GetModuleHandleA
GetDriveTypeW
LoadResource
CreateNamedPipeW
lstrcpynA
OpenProcess
ScrollConsoleScreenBufferA
GetExitCodeProcess
GetProcessWorkingSetSize
GetConsoleDisplayMode
HeapAlloc
GetComputerNameExW
SetMessageWaitingIndicator
GetCommandLineA
GetCommConfig
lstrlenW
AnimateWindow
EmptyClipboard
LockSetForegroundWindow
SetScrollRange
CloseWindow
DlgDirSelectExA
IntersectRect
GetAltTabInfoA
OpenDesktopW
BroadcastSystemMessageA
DlgDirSelectExW
ChangeMenuW
RealChildWindowFromPoint
MapVirtualKeyW
PostQuitMessage
GetClassWord
DestroyWindow
GetMenuContextHelpId
LoadBitmapA
DispatchMessageW
InvalidateRect
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2015:03:25 12:53:57+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
21504

LinkerVersion
8.0

EntryPoint
0x5ac0

InitializedDataSize
369664

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c894c6ef9041e1bfee0806619a1779ec
SHA1 3e345abcf7c4ba259d6eec7504ce0fb1ce6847fa
SHA256 e685e75497f52d934edc0dca289cc6931c93cdef02bd180200952606875ddbaa
ssdeep
6144:AccsL+lTSjYUvM4Bw0VoCzIDn+07cC0G17VRr4K:AccsuejB1Donnj7cC0+7VRr

authentihash 3562221efd3249aa93afddf4a900d5753669cc2dc2d410ca430f716f548fb699
imphash 9c8023eff92984071a2e3e9a4e56d7ac
File size 351.0 KB ( 359424 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2015-03-25 17:09:18 UTC ( 3 years, 5 months ago )
Last submission 2017-04-16 16:27:05 UTC ( 1 year, 5 months ago )
File names C894C6EF9041E1BFEE0806619A1779EC.exe
2015-03-25-C328CD902.zot
2015-03-25-C328CD902.zot.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!