× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
File name: 3dmGameDll.dll
Detection ratio: 32 / 67
Analysis date: 2018-05-11 16:12:21 UTC ( 1 week, 1 day ago )
Antivirus Result Update
AegisLab Troj.W32.Agent.icjg!c 20180511
Antiy-AVL Trojan/Win32.Agent 20180511
AVware Trojan.Win32.Generic!BT 20180428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9959 20180511
Bkav W64.HfsReno.1160 20180511
CAT-QuickHeal Trojan.Agen 20180511
Comodo UnclassifiedMalware 20180511
Cylance Unsafe 20180511
Cyren W64/Trojan.PUXN-8670 20180511
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win64/HackTool.Crack.B potentially unsafe 20180511
GData Win64.Application.Agent.YMYRVI 20180511
Ikarus VirTool.Win32.Obfuscator 20180511
Jiangmin Trojan/Agent.hxda 20180511
K7AntiVirus Unwanted-Program ( 004bbbda1 ) 20180511
K7GW Unwanted-Program ( 004bbbda1 ) 20180511
Malwarebytes CrackTool.Agent.Keygen 20180511
MAX malware (ai score=99) 20180511
McAfee Generic.dx!E18F11275398 20180511
McAfee-GW-Edition Generic.dx!E18F11275398 20180511
Microsoft HackTool:Win32/Keygen 20180511
NANO-Antivirus Trojan.Win64.Agent.dahnjz 20180511
Panda Trj/RnkBend.A 20180511
Rising Malware.Generic.3!tfe (CLOUD) 20180511
SUPERAntiSpyware PUP.HackTool/Variant 20180511
Symantec Trojan.Gen.2 20180511
TrendMicro TROJ_GEN.R014C0OBJ18 20180511
TrendMicro-HouseCall TROJ_GEN.R014C0OBJ18 20180511
VIPRE Trojan.Win32.Generic!BT 20180511
ViRobot Trojan.Win32.S.Agent.419328.H 20180511
Webroot W32.Malware.Gen 20180511
Yandex Trojan.Agent!O6oB7YLVA+4 20180511
Ad-Aware 20180511
AhnLab-V3 20180511
Alibaba 20180511
ALYac 20180511
Arcabit 20180511
Avast 20180511
Avast-Mobile 20180511
AVG 20180511
Avira (no cloud) 20180511
Babable 20180406
BitDefender 20180511
ClamAV 20180511
CMC 20180511
CrowdStrike Falcon (ML) 20180418
Cybereason None
eGambit 20180511
Emsisoft 20180511
F-Prot 20180511
F-Secure 20180511
Fortinet 20180511
Sophos ML 20180503
Kaspersky 20180511
Kingsoft 20180511
eScan 20180511
nProtect 20180511
Palo Alto Networks (Known Signatures) 20180511
Qihoo-360 20180511
SentinelOne (Static ML) 20180225
Sophos AV 20180511
Symantec Mobile Insight 20180511
Tencent 20180511
TheHacker 20180509
TotalDefense 20180511
Trustlook 20180511
VBA32 20180511
Zillya 20180511
ZoneAlarm by Check Point 20180511
Zoner 20180511
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2014-05-25 06:18:11
Entry Point 0x0006874C
Number of sections 10
PE sections
PE imports
GetStdHandle
HeapDestroy
EncodePointer
FlsGetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
LocalFree
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlsSetValue
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetVersion
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2014:05:25 06:18:11+00:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
440320

LinkerVersion
10.0

EntryPoint
0x6874c

InitializedDataSize
218624

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e18f11275398ab3fd585321374488729
SHA1 096bed0083f0764d6135caae2df625692d44a8df
SHA256 e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
ssdeep
3072:4bS5X5cUoeUPpcRHZAXd0JkkoBhBhd/ZT6qvcuf67cksX+aed8OfLDYJJ70sFBmT:4bShPo1pMaBXhxZT6qvcLYI/XkYJ4JX

authentihash 951c4ab18ebb1a83ecb0df011fae9f2b4353717b2dbebc8b51445b9af3d33de5
imphash bff16b645f7c8f8a399e191b8a09e219
File size 409.5 KB ( 419328 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll via-tor

VirusTotal metadata
First submission 2014-05-25 06:41:30 UTC ( 3 years, 12 months ago )
Last submission 2018-05-11 16:12:21 UTC ( 1 week, 1 day ago )
File names file-7029210_dll
3dmGameDll2.dll
473906
{B42AB613-A0B9-44D3-BF9C-3B4902EB0056}
0fcf5243d8b8e51677b0ca87d1638ec6_3dmGameDll.dll.safe
is-RBG6A.tmp
3dmGameDll.dll
3dmGameDll.dll
3dmgamedll.dll
test.dll
3DMGAMEDLL.DLL
3dmGameDll.dll
3dmgamedll.dll.7832.gzquar
d.dll
3dmGameDll.dll
3dmGameDll.dll
3dmGameDll.dll
3dmGameDll.dll_old
3dmGameDll.dll_
testuji.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0EBO16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!