× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e84ebe28dd1025f08544b2e179843640c9f54e3807ef8c069d350d5e0b482b31
File name: e84ebe28dd1025f08544b2e179843640c9f54e3807ef8c069d350d5e0b482b31
Detection ratio: 41 / 66
Analysis date: 2018-05-05 13:26:43 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30700833 20180505
AegisLab Win64.Evo.Gen!c 20180505
ALYac Trojan.GenericKD.30700833 20180505
Antiy-AVL Trojan/Win32.TSGeneric 20180505
Arcabit Trojan.Generic.D1D47521 20180505
Avast Win64:Evo-gen [Susp] 20180505
AVG Win64:Evo-gen [Susp] 20180505
Avira (no cloud) TR/Crypt.ZPACK.urxfd 20180505
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180503
BitDefender Trojan.GenericKD.30700833 20180505
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180505
Cyren W64/Trojan.YKJL-3697 20180505
eGambit Unsafe.AI_Score_92% 20180505
Emsisoft Trojan.GenericKD.30700833 (B) 20180505
Endgame malicious (high confidence) 20180504
ESET-NOD32 Win64/Dridex.AM 20180505
Fortinet W64/Kryptik.BIW!tr 20180505
GData Trojan.GenericKD.30700833 20180505
Ikarus Trojan.Win64.Dridex 20180505
Sophos ML heuristic 20180503
Jiangmin Trojan.Agent.bgwh 20180505
K7AntiVirus Trojan ( 005219951 ) 20180505
K7GW Trojan ( 005219951 ) 20180505
Kaspersky Trojan.Win32.Agent.qwgkqx 20180505
McAfee RDN/Generic.dx 20180505
McAfee-GW-Edition BehavesLike.Win64.PWSOnlineGames.jh 20180505
eScan Trojan.GenericKD.30700833 20180505
NANO-Antivirus Trojan.Win64.Dridex.fbdjqf 20180505
Palo Alto Networks (Known Signatures) generic.ml 20180505
Panda Trj/CI.A 20180505
Qihoo-360 Win32/Trojan.7be 20180505
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Dridex-G 20180505
Symantec Trojan.Gen.2 20180505
Tencent Win32.Trojan.Agent.Aihr 20180505
TrendMicro TROJ_GEN.R011C0PE318 20180505
TrendMicro-HouseCall TROJ_GEN.R011C0PE318 20180505
VIPRE Trojan.Win32.Generic!BT 20180505
Webroot W32.Trojan.Gen 20180505
ZoneAlarm by Check Point Trojan.Win32.Agent.qwgkqx 20180505
AhnLab-V3 20180505
Alibaba 20180503
Avast-Mobile 20180505
AVware 20180428
Bkav 20180504
CAT-QuickHeal 20180505
ClamAV 20180505
CMC 20180505
Comodo 20180505
Cybereason None
DrWeb 20180505
F-Prot 20180505
F-Secure 20180505
Kingsoft 20180505
Malwarebytes 20180505
MAX 20180505
Microsoft 20180505
nProtect 20180505
Rising 20180505
SUPERAntiSpyware 20180505
Symantec Mobile Insight 20180505
TheHacker 20180504
TotalDefense 20180505
Trustlook 20180505
VBA32 20180504
ViRobot 20180505
Yandex 20180504
Zillya 20180504
Zoner 20180504
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-05-01 14:43:04
Entry Point 0x00001540
Number of sections 9
PE sections
PE imports
GetUserNameA
GetOldestEventLogRecord
EqualSid
GetSaveFileNameA
GetTextFaceA
GetTapeParameters
EnumResourceNamesW
GetVolumePathNameW
lstrcpyW
GetThreadPriority
FileTimeToSystemTime
GetModuleHandleA
GetQueuedCompletionStatus
FindFirstFileA
GetWindowsDirectoryA
Module32First
GetTimeFormatW
Module32FirstW
LocalReAlloc
GetOpenClipboardWindow
GetClassLongW
GetQueueStatus
GetScrollPos
LockWindowUpdate
GetDlgItem
LoadMenuW
GetFileVersionInfoW
FindCloseUrlCache
GetUrlCacheEntryInfoW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2018:05:01 15:43:04+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
16384

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
663552

SubsystemVersion
5.0

EntryPoint
0x1540

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e7172aadda00497ce11527fe0153132c
SHA1 378c6d33273d437784874d44b282cfdfb63672ce
SHA256 e84ebe28dd1025f08544b2e179843640c9f54e3807ef8c069d350d5e0b482b31
ssdeep
6144:oymZqYfl6YoI9hoXuQUQGDksmKKM0DM9undCbc6lW3lC+Q0ln5gCkw87O4VDvXyf:OqYp9hoyQGUEil3oT0l5tV8vXo

authentihash b5ee2baf33cc9fb56ad92c66cccaafb1790a31988679e38da38c9ca3e8080b61
imphash 55775f6bcb9568a2b5cf323ff0f7498b
File size 632.0 KB ( 647168 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Windows screen saver (68.4%)
OS/2 Executable (generic) (10.6%)
Generic Win/DOS Executable (10.4%)
DOS Executable Generic (10.4%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-05-01 22:01:17 UTC ( 7 months, 1 week ago )
Last submission 2018-05-05 13:26:43 UTC ( 7 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!