× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6ff9029fe8193563a9804313b39b2f8f16f6c640cfaa33373a2d2b84a52e05c
File name: noxiubc.dll
Detection ratio: 27 / 61
Analysis date: 2017-04-10 21:30:31 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.159372 20170410
AegisLab Troj.W32.Gen.lMBD 20170410
ALYac Gen:Variant.Razy.159372 20170410
Antiy-AVL Trojan/Win32.Agent 20170410
Arcabit Trojan.Razy.D26E8C 20170410
AVG GenericX.1741 20170410
Avira (no cloud) TR/Crypt.XPACK.Gen 20170410
AVware Trojan.Win32.Generic!BT 20170410
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9980 20170410
BitDefender Gen:Variant.Razy.159372 20170410
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Emsisoft Gen:Variant.Razy.159372 (B) 20170410
Endgame malicious (high confidence) 20170407
ESET-NOD32 a variant of Win32/TrojanProxy.Agent.OAU 20170410
F-Secure Gen:Variant.Razy.159372 20170410
GData Gen:Variant.Razy.159372 20170410
Sophos ML trojandownloader.win32.potukorp.a 20170203
K7AntiVirus Trojan ( 005092231 ) 20170410
K7GW Trojan ( 005092231 ) 20170410
Malwarebytes Trojan.Downloader 20170410
McAfee GenericRXBE-UF!F440231249D3 20170410
eScan Gen:Variant.Razy.159372 20170410
Panda Trj/GdSda.A 20170410
Qihoo-360 HEUR/QVM40.1.6545.Malware.Gen 20170410
Rising Trojan.Proxy-Agent!8.16D (cloud:0L4qD6kLBlV) 20170410
SentinelOne (Static ML) static engine - malicious 20170330
VIPRE Trojan.Win32.Generic!BT 20170410
AhnLab-V3 20170410
Alibaba 20170410
Avast 20170410
Bkav 20170410
CAT-QuickHeal 20170410
ClamAV 20170410
CMC 20170410
Comodo 20170410
Cyren 20170410
DrWeb 20170410
F-Prot 20170410
Fortinet 20170410
Ikarus 20170410
Jiangmin 20170410
Kaspersky 20170410
Kingsoft 20170410
McAfee-GW-Edition 20170410
Microsoft 20170410
NANO-Antivirus 20170410
nProtect 20170410
Palo Alto Networks (Known Signatures) 20170410
Sophos AV 20170410
SUPERAntiSpyware 20170410
Symantec 20170410
Symantec Mobile Insight 20170406
Tencent 20170410
TheHacker 20170410
TrendMicro 20170410
TrendMicro-HouseCall 20170410
Trustlook 20170410
VBA32 20170410
ViRobot 20170410
Webroot 20170410
WhiteArmor 20170409
Yandex 20170410
Zillya 20170410
ZoneAlarm by Check Point 20170410
Zoner 20170410
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-08 06:57:01
Entry Point 0x000039AC
Number of sections 4
PE sections
PE imports
OpenFile
LoadLibraryExA
GetModuleFileNameA
LocalFlags
GetFileSize
AddAtomA
lstrcmpA
WriteFile
FindFirstFileA
DeleteFileA
lstrcpyA
Sleep
ReadFile
CreateFileA
ExitProcess
LoadLibraryA
GetModuleHandleW
WinExec
CloseHandle
SysFreeString
SysAllocStringByteLen
ShellAboutA
DragQueryFileA
PathUnquoteSpacesA
PathGetArgsA
SetFocus
GetMessageA
UpdateWindow
EndDialog
LoadMenuA
MoveWindow
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
MessageBoxExA
GetSystemMetrics
DispatchMessageA
SetMenu
IsRectEmpty
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
RegisterClassExA
GetCursorPos
DrawTextA
SetWindowTextA
AnyPopup
BeginDeferWindowPos
SendMessageA
GetClientRect
GetDlgItem
ScreenToClient
GetSubMenu
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawFrame
AttachThreadInput
CallWindowProcA
GetWindowTextA
PtInRect
setsockopt
WSASocketA
recv
socket
gethostbyname
GetOpenFileNameA
GetSaveFileNameA
ExtFloodFill
CreateCompatibleDC
DeleteDC
SelectObject
SetColorSpace
GetStockObject
SetWorldTransform
ExtTextOutA
CreateSolidBrush
DeleteObject
RoundRect
GetPixel
NtAlertThread
RtlGetProcessHeaps
NtWriteFile
NtQueryPerformanceCounter
NtPrivilegeCheck
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:04:08 07:57:01+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
57344

LinkerVersion
5.12

FileTypeExtension
dll

InitializedDataSize
99328

SubsystemVersion
4.0

EntryPoint
0x39ac

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f440231249d39745ba7e5923a7d656eb
SHA1 e719c4534b6cf18583d4ebf359798158e906fba5
SHA256 f6ff9029fe8193563a9804313b39b2f8f16f6c640cfaa33373a2d2b84a52e05c
ssdeep
384:m5IUAe1m0rJ73y4NJRFBsEvjgu1tG8JQ/uvJj4JY0y9GRDO:m5VAHCXLDv0CQ/i5p0u0O

authentihash 58fe5bd96a902bec117799ee85a025a8fdb76826fa58fc490383950cb95b6648
imphash af87c1a5b5e378b690591d51644e747f
File size 85.0 KB ( 87040 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (69.9%)
Win64 Executable (generic) (14.3%)
Windows screen saver (6.8%)
Win32 Dynamic Link Library (generic) (3.4%)
Win32 Executable (generic) (2.3%)
Tags
pedll

VirusTotal metadata
First submission 2017-04-10 21:30:31 UTC ( 1 year, 11 months ago )
Last submission 2017-04-10 21:30:31 UTC ( 1 year, 11 months ago )
File names noxiubc.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!