× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb7fa2046725a9a50b5579eb7e1a9a5d8bd5eca01efbe2e47807b183173ad7de
File name: eb7fa2046725a9a50b5579eb7e1a9a5d8bd5eca01efbe2e47807b183173ad7de
Detection ratio: 33 / 67
Analysis date: 2018-03-13 09:26:03 UTC ( 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30394552 20180313
AegisLab Troj.W32.Agent!c 20180313
AhnLab-V3 Malware/Win64.Generic.C2426535 20180312
Antiy-AVL Trojan/Win32.Agent 20180313
Avast Win64:Malware-gen 20180313
AVG Win64:Malware-gen 20180313
Avira (no cloud) TR/Crypt.ZPACK.ofien 20180312
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9849 20180313
BitDefender Trojan.GenericKD.30394552 20180313
Comodo UnclassifiedMalware 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180313
Cyren W64/Trojan.ECPP-6824 20180313
Emsisoft Trojan.GenericKD.30394552 (B) 20180313
ESET-NOD32 a variant of Win64/Kryptik.BIW 20180313
Fortinet W64/Kryptik.BIW!tr 20180313
GData Win64.Trojan.Agent.6V76T5 20180313
Ikarus Trojan.Win64.Crypt 20180313
Sophos ML heuristic 20180120
Kaspersky Trojan.Win32.Agent.qwfzgk 20180313
MAX malware (ai score=96) 20180313
McAfee Artemis!0A4EF87B5AB1 20180313
McAfee-GW-Edition BehavesLike.Win64.BadFile.jh 20180313
Palo Alto Networks (Known Signatures) generic.ml 20180313
Qihoo-360 Win32/Trojan.4ad 20180313
Rising Trojan.Win64/Kryptik!1.AE80 (CLASSIC) 20180313
Sophos AV Mal/Generic-S 20180313
Symantec Trojan.Cridex 20180313
Tencent Win32.Trojan.Agent.Fik 20180313
TrendMicro-HouseCall TROJ_GEN.R002H0ACC18 20180313
ViRobot Trojan.Win32.Z.Kryptik.647168.CE 20180313
Yandex Trojan.Agent!iAZPu35o+U4 20180313
ZoneAlarm by Check Point Trojan.Win32.Agent.qwfzgk 20180313
Alibaba 20180313
ALYac 20180313
Arcabit 20180313
Avast-Mobile 20180313
AVware 20180313
Bkav 20180312
CAT-QuickHeal 20180313
ClamAV 20180313
CMC 20180313
Cybereason 20180225
DrWeb 20180313
eGambit 20180313
Endgame 20180308
F-Prot 20180313
F-Secure 20180313
Jiangmin 20180313
K7AntiVirus 20180313
K7GW 20180313
Kingsoft 20180313
Malwarebytes 20180313
Microsoft 20180313
eScan 20180313
NANO-Antivirus 20180313
nProtect 20180313
Panda 20180312
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180313
Symantec Mobile Insight 20180311
TheHacker 20180311
TotalDefense 20180313
TrendMicro 20180313
Trustlook 20180313
VBA32 20180312
VIPRE 20180313
Webroot 20180313
WhiteArmor 20180223
Zillya 20180312
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2018-03-06 10:05:33
Entry Point 0x000014F0
Number of sections 7
PE sections
PE imports
CryptHashData
ClusterOpenEnum
ChooseFontW
GetFileTitleA
CertEnumCTLsInStore
JetInit2
JetRetrieveColumn
EnumFontFamiliesExA
GetWindowOrgEx
ImmGetIMEFileNameW
ImmGetCompositionWindow
GetModuleHandleA
lstrcpyW
LPSAFEARRAY_UserUnmarshal
SafeArrayPtrOfIndex
I_RpcBindingIsClientLocal
NdrServerCall2
SetupDiGetClassDevsExA
StrDupA
RegisterClipboardFormatA
CreateDialogIndirectParamA
CreateIconFromResource
MessageBoxA
GetKeyboardType
GetWindowWord
HttpAddRequestHeadersA
InternetOpenW
WSAStartup
ntohs
GetColorDirectoryW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:03:06 10:05:33+00:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
20480

LinkerVersion
12.0

EntryPoint
0x14f0

InitializedDataSize
659456

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0a4ef87b5ab1593121f3e3cfad9ea476
SHA1 626d7f4973b4cd3bc6408cb1a4ad06b04ae8209d
SHA256 eb7fa2046725a9a50b5579eb7e1a9a5d8bd5eca01efbe2e47807b183173ad7de
ssdeep
12288:APYXG3QElmR/YrS6xwfG2V93m9dC29y7Od7fWb9ABtR:AQnlR/YrSreI2nB9tEb

authentihash dd812a06b77f4ed7dc203110e427ac9cfbde73e904708e2bc10bca0feb246890
imphash 1d94ea5b2433422dcb0d619d66c692fd
File size 632.0 KB ( 647168 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-03-12 17:55:49 UTC ( 9 months ago )
Last submission 2018-03-13 09:26:03 UTC ( 9 months ago )
File names 0a4ef87b5ab1593121f3e3cfad9ea476.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!