× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e82b78398ab7168580e34f787b5ebf552fa0f674418d198347b2ac49666ccc77
File name: Data_1.bin.dec
Detection ratio: 34 / 51
Analysis date: 2014-03-19 17:18:52 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG PSW.Generic12.AFNX 20140319
Ad-Aware Gen:Variant.Kazy.350297 20140319
Agnitum Trojan.Tuscas! 20140319
AhnLab-V3 Trojan/Win32.Ransomlock 20140319
AntiVir TR/Kazy.jutiw 20140319
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140319
Avast Win32:Tuscas-B [Trj] 20140319
Baidu-International Trojan.Win32.Tuscas.A 20140319
BitDefender Gen:Variant.Kazy.350297 20140319
Comodo UnclassifiedMalware 20140319
DrWeb Trojan.Tuscas.1 20140319
ESET-NOD32 Win32/Spy.Tuscas.A 20140319
Emsisoft Gen:Variant.Kazy.350297 (B) 20140319
F-Secure Gen:Variant.Kazy.350297 20140319
Fortinet W32/Agent.A!tr 20140319
GData Gen:Variant.Kazy.350297 20140319
Ikarus Trojan-Spy.Agent 20140319
K7AntiVirus Spyware ( 00496a441 ) 20140319
K7GW Spyware ( 00496a441 ) 20140319
Kaspersky HEUR:Trojan.Win32.Generic 20140319
Malwarebytes Backdoor.Papras 20140319
McAfee RDN/Generic.bfr!gf 20140319
McAfee-GW-Edition RDN/Generic.bfr!gf 20140319
MicroWorld-eScan Gen:Variant.Kazy.350297 20140319
NANO-Antivirus Trojan.Win32.Tuscas.cuwpzs 20140319
Norman Troj_Generic.SZEFV 20140319
Panda Trj/CI.A 20140319
Qihoo-360 Win32/Trojan.8ca 20140319
Sophos Troj/Agent-AGFA 20140319
Symantec Trojan Horse 20140319
TrendMicro TROJ_INJECT.OO 20140319
TrendMicro-HouseCall TROJ_INJECT.OO 20140319
VIPRE Trojan.Win32.Generic!BT 20140319
ViRobot Trojan.Win32.U.Agent.228864 20140319
AegisLab 20140319
Bkav 20140318
ByteHero 20140319
CAT-QuickHeal 20140319
CMC 20140319
ClamAV 20140319
Commtouch 20140319
F-Prot 20140319
Jiangmin 20140319
Kingsoft 20140319
Microsoft 20140319
Rising 20140319
SUPERAntiSpyware 20140319
TheHacker 20140319
TotalDefense 20140319
VBA32 20140319
nProtect 20140319
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-12 09:12:20
Link date 10:12 AM 3/12/2014
Entry Point 0x00004FCC
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
WaitForSingleObject
HeapDestroy
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
lstrcatW
GetThreadContext
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
Thread32First
ResumeThread
FreeLibrary
GetThreadPriority
FreeLibraryAndExitThread
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
OpenThread
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
SetThreadPriority
FlushInstructionCache
CreateThread
CreateMutexW
GetVersion
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
DisableThreadLibraryCalls
VirtualProtect
lstrcmpiW
CreateRemoteThread
GetFileSize
OpenProcess
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
lstrcpyW
lstrcmpA
UnmapViewOfFile
ResetEvent
Thread32Next
WaitForMultipleObjects
GetTempPathW
CreateEventW
CreateFileW
InterlockedIncrement
GetLastError
GetComputerNameW
VirtualAllocEx
GetSystemInfo
lstrlenA
OpenEventW
lstrlenW
Process32NextW
VirtualFree
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
EnumProcessModules
GetModuleFileNameExW
ReleaseDC
CharLowerA
wsprintfA
GetWindowRect
GetDesktopWindow
CharLowerW
wsprintfW
GetWindowDC
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
InternetOpenW
HttpOpenRequestW
_alldiv
_vsnprintf
memmove
_allmul
_aulldiv
memset
_strcmpi
memcpy
_vsnwprintf
CreateStreamOnHGlobal
PE exports
Number of PE resources by type
RT_DATA 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:12 10:12:20+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
58368

LinkerVersion
10.0

FileAccessDate
2014:06:24 06:13:09+01:00

EntryPoint
0x4fcc

InitializedDataSize
169472

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:06:24 06:13:09+01:00

UninitializedDataSize
0

Execution parents
File identification
MD5 4dfde38ff8e1df866e863261f9ba2c07
SHA1 9aaa21e1b4be7a4e19107fd63a20b1a82bd1d3f4
SHA256 e82b78398ab7168580e34f787b5ebf552fa0f674418d198347b2ac49666ccc77
ssdeep
1536:NzxbF5+LyErNuPWvT1MhK/Uyvmo0khQMhnDkWBGVx5Rsun35Ktp:Nzx5YyErNuMhyKd0qHxDvBm1n

imphash ef5d80f616051b297d4ba13c7d9489ea
File size 223.5 KB ( 228864 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-12 14:45:24 UTC ( 11 months, 4 weeks ago )
Last submission 2014-06-24 05:17:54 UTC ( 8 months, 2 weeks ago )
File names client.dll.dr
Data_1.bin.dec
vti-rescan
4DFDE38FF8E1DF866E863261F9BA2C07
client.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!