× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
File name: 3DMGAMEDLL.DLL
Detection ratio: 34 / 65
Analysis date: 2018-08-29 07:56:58 UTC ( 3 weeks, 1 day ago )
Antivirus Result Update
AegisLab Trojan.Win32.Generic.4!c 20180829
Antiy-AVL Trojan/Win32.Agent 20180829
AVware Trojan.Win32.Generic!BT 20180823
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9959 20180829
Bkav W64.HfsReno. 20180828
CAT-QuickHeal Trojan.Agen 20180828
Comodo .UnclassifiedMalware 20180829
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20180829
Cyren W64/Trojan.PUXN-8670 20180829
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win64/HackTool.Crack.B potentially unsafe 20180829
GData Win64.Application.Agent.YMYRVI 20180829
Ikarus VirTool.Win32.Obfuscator 20180828
Sophos ML heuristic 20180717
Jiangmin Trojan/Agent.hxda 20180829
K7AntiVirus Unwanted-Program ( 004bbbda1 ) 20180829
K7GW Unwanted-Program ( 004bbbda1 ) 20180829
Malwarebytes CrackTool.Agent.Keygen 20180829
MAX malware (ai score=99) 20180829
McAfee Generic.dx!E18F11275398 20180829
McAfee-GW-Edition Generic.dx!E18F11275398 20180829
Microsoft HackTool:Win32/Keygen 20180829
NANO-Antivirus Trojan.Win64.Agent.dahnjz 20180829
Panda Trj/RnkBend.A 20180828
Rising Malware.Generic.3!tfe (CLOUD) 20180829
SUPERAntiSpyware PUP.HackTool/Variant 20180829
Symantec Trojan.Gen.2 20180829
TrendMicro TROJ_GEN.R014C0OBJ18 20180829
TrendMicro-HouseCall TROJ_GEN.R014C0OBJ18 20180829
VIPRE Trojan.Win32.Generic!BT 20180829
ViRobot Trojan.Win32.S.Agent.419328.H 20180829
Webroot W32.Heuristic.Dkv 20180829
Yandex Trojan.Agent!O6oB7YLVA+4 20180829
Ad-Aware 20180829
AhnLab-V3 20180829
Alibaba 20180713
ALYac 20180829
Arcabit 20180829
Avast 20180829
Avast-Mobile 20180829
AVG 20180829
Avira (no cloud) 20180829
Babable 20180822
BitDefender 20180829
ClamAV 20180829
CMC 20180829
Cybereason 20180225
DrWeb 20180829
eGambit 20180829
Emsisoft 20180829
F-Prot 20180829
F-Secure 20180829
Fortinet 20180829
Kaspersky 20180829
Kingsoft 20180829
eScan 20180829
Palo Alto Networks (Known Signatures) 20180829
Qihoo-360 20180829
SentinelOne (Static ML) 20180701
Sophos AV 20180829
Symantec Mobile Insight 20180822
TACHYON 20180829
Tencent 20180829
TheHacker 20180829
Trustlook 20180829
VBA32 20180828
ZoneAlarm by Check Point 20180829
Zoner 20180828
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2014-05-25 06:18:11
Entry Point 0x0006874C
Number of sections 10
PE sections
PE imports
GetStdHandle
HeapDestroy
EncodePointer
FlsGetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
LocalFree
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlsSetValue
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetVersion
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2014:05:25 07:18:11+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
440320

LinkerVersion
10.0

ImageFileCharacteristics
Executable, Large address aware, DLL

EntryPoint
0x6874c

InitializedDataSize
218624

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e18f11275398ab3fd585321374488729
SHA1 096bed0083f0764d6135caae2df625692d44a8df
SHA256 e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
ssdeep
3072:4bS5X5cUoeUPpcRHZAXd0JkkoBhBhd/ZT6qvcuf67cksX+aed8OfLDYJJ70sFBmT:4bShPo1pMaBXhxZT6qvcLYI/XkYJ4JX

authentihash 951c4ab18ebb1a83ecb0df011fae9f2b4353717b2dbebc8b51445b9af3d33de5
imphash bff16b645f7c8f8a399e191b8a09e219
File size 409.5 KB ( 419328 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits assembly pedll via-tor

VirusTotal metadata
First submission 2014-05-25 06:41:30 UTC ( 4 years, 3 months ago )
Last submission 2018-08-29 07:56:58 UTC ( 3 weeks, 1 day ago )
File names 3dmgamedll.dll
3dmGameDll2.dll
473906
{B42AB613-A0B9-44D3-BF9C-3B4902EB0056}
0fcf5243d8b8e51677b0ca87d1638ec6_3dmGameDll.dll.safe
is-RBG6A.tmp
3dmGameDll.dll
file-7029210_dll
3dmGameDll.dll
test.dll
3dmGameDll.dll
3dmGameDll.dll
3dmgamedll.dll.7832.gzquar
d.dll
3DMGAMEDLL.DLL
3dmGameDll.dll
3dmGameDll.dll
3dmGameDll.dll_old
3dmGameDll.dll_
testuji.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0EBO16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!