× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8b73e99c22d18d2208e659c9eb9937e1e9bdaf7b4bc9d48985e05559d9669d5
File name: 2.exe
Detection ratio: 8 / 57
Analysis date: 2016-09-21 05:26:48 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160920
CrowdStrike Falcon (ML) malicious_confidence_94% (D) 20160725
ESET-NOD32 Win32/Filecoder.Locky.H 20160921
Kaspersky UDS:DangerousObject.Multi.Generic 20160920
Qihoo-360 Trojan.Generic 20160921
Rising Malware.Generic!uiwzoyhISpL@6 (thunder) 20160921
Sophos AV Troj/Locky-MN 20160921
Tencent Win32.Trojan.Raas.Auto 20160921
Ad-Aware 20160921
AegisLab 20160921
AhnLab-V3 20160921
Alibaba 20160921
ALYac 20160921
Antiy-AVL 20160921
Arcabit 20160920
Avast 20160921
AVG 20160920
Avira (no cloud) 20160921
AVware 20160921
BitDefender 20160921
Bkav 20160920
CAT-QuickHeal 20160920
ClamAV 20160921
CMC 20160921
Comodo 20160920
Cyren 20160921
DrWeb 20160921
Emsisoft 20160921
F-Prot 20160921
F-Secure 20160921
Fortinet 20160921
GData 20160921
Ikarus 20160920
Sophos ML 20160917
Jiangmin 20160921
K7AntiVirus 20160920
K7GW 20160921
Kingsoft 20160921
Malwarebytes 20160921
McAfee 20160921
McAfee-GW-Edition 20160920
Microsoft 20160921
eScan 20160921
NANO-Antivirus 20160920
nProtect 20160921
Panda 20160920
SUPERAntiSpyware 20160920
Symantec 20160921
TheHacker 20160920
TrendMicro 20160921
TrendMicro-HouseCall 20160921
VBA32 20160920
VIPRE 20160921
ViRobot 20160921
Yandex 20160920
Zillya 20160920
Zoner 20160921
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-20 20:21:34
Entry Point 0x00026F40
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetLocaleInfoW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
OutputDebugStringA
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
VirtualQuery
GlobalSize
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
GetTimeZoneInformation
InterlockedExchange
CompareStringW
CompareStringA
WideCharToMultiByte
GetTimeFormatA
TlsFree
SetFilePointer
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHQueryInfoKeyA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:09:20 20:21:34+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
238080

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x26f40

InitializedDataSize
25600

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 4bc0dfb77f055f04fa9871f41f7d9cf8
SHA1 4f5fcf4900e771610dc0dc557143a2a2febdcbc3
SHA256 e8b73e99c22d18d2208e659c9eb9937e1e9bdaf7b4bc9d48985e05559d9669d5
ssdeep
6144:pKzdTacGiotR/rQdnEBWsQ5O7h6/hpsqzl+TSd:HOnufLN6JpTzl+T

authentihash 93ede09c21f1687113cfdcb2fc181a9be54a779674b72b6494941d8f197ffcf8
imphash 2dda2e56bdcca6122c5b59c58e7d328c
File size 255.5 KB ( 261632 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-09-21 05:26:48 UTC ( 2 years, 7 months ago )
Last submission 2018-05-25 21:10:46 UTC ( 11 months ago )
File names 2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!