× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f88d5320b3882108f50d3c234313fe604956c0fc057c75b85cdfc3b8e6e9bfd1
File name: vnc64.dump
Detection ratio: 1 / 56
Analysis date: 2014-12-14 15:23:19 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win64.AdwareDoma.dh 20141214
Ad-Aware 20141214
AegisLab 20141214
Yandex 20141213
AhnLab-V3 20141214
ALYac 20141214
Antiy-AVL 20141214
Avast 20141214
AVG 20141214
Avira (no cloud) 20141214
AVware 20141214
Baidu-International 20141214
BitDefender 20141214
Bkav 20141212
ByteHero 20141214
CAT-QuickHeal 20141213
ClamAV 20141214
CMC 20141212
Comodo 20141214
Cyren 20141214
DrWeb 20141214
Emsisoft 20141214
ESET-NOD32 20141214
F-Prot 20141214
F-Secure 20141214
Fortinet 20141213
GData 20141214
Ikarus 20141214
Jiangmin 20141213
K7AntiVirus 20141212
K7GW 20141213
Kaspersky 20141214
Kingsoft 20141214
Malwarebytes 20141214
McAfee 20141214
Microsoft 20141214
eScan 20141214
NANO-Antivirus 20141214
Norman 20141214
nProtect 20141212
Panda 20141214
Qihoo-360 20141214
Rising 20141213
Sophos AV 20141214
SUPERAntiSpyware 20141214
Symantec 20141214
Tencent 20141214
TheHacker 20141212
TotalDefense 20141214
TrendMicro 20141214
TrendMicro-HouseCall 20141214
VBA32 20141212
VIPRE 20141214
ViRobot 20141214
Zillya 20141212
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2014-12-11 17:43:40
Entry Point 0x0002A6AC
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
GetObjectA
GetDeviceCaps
DeleteDC
CreateRectRgn
CreateBitmap
OffsetRgn
GetStockObject
CreatePatternBrush
CreateFontIndirectA
SelectObject
GetDIBits
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SelectClipRgn
GetTcpTable
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
GetHandleInformation
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
SetErrorMode
GetFileInformationByHandle
lstrcatW
lstrcpyA
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
MoveFileA
ResumeThread
GetLogicalDriveStringsA
GetEnvironmentVariableA
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
OutputDebugStringA
SetLastError
GetSystemTime
OpenThread
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
RemoveDirectoryA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
GlobalMemoryStatus
GetModuleHandleExW
VirtualQuery
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
Process32Next
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
lstrcpyW
FreeEnvironmentStringsW
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
GetComputerNameA
FindFirstFileW
TerminateProcess
RtlUnwindEx
GetModuleFileNameA
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
SetThreadExecutionState
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetModuleFileNameExA
GetProcessImageFileNameA
EnumProcesses
SHGetSpecialFolderPathA
ExtractIconExA
PathMatchSpecW
PathCombineW
StrStrIA
RedrawWindow
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
CreateDesktopA
WindowFromPoint
GetDC
DestroyCursor
GetAsyncKeyState
ReleaseDC
GetWindowTextLengthA
SendMessageA
GetClientRect
GetThreadDesktop
IsClipboardFormatAvailable
keybd_event
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
SystemParametersInfoA
RegisterWindowMessageA
EnumWindows
GetUserObjectInformationA
ShowWindow
SetClipboardViewer
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
GetIconInfo
SetClipboardData
MapVirtualKeyExA
GetKeyboardLayoutList
IsIconic
RegisterClassA
OpenDesktopA
GetWindowLongA
CreateWindowExA
UnhookWinEvent
GetKeyboardLayout
FillRect
RealChildWindowFromPoint
DialogBoxIndirectParamA
GetCursorPos
GetWindowInfo
PtInRect
MapWindowPoints
VkKeyScanExW
MapVirtualKeyA
OpenInputDesktop
SetFocus
SetClassLongPtrA
SetWindowLongPtrA
VkKeyScanExA
GetClipboardData
ToUnicodeEx
GetSystemMetrics
GetWindowRect
PostMessageA
DrawIcon
EnumChildWindows
SetWindowLongA
SetWindowTextA
GetLastActivePopup
GetDlgItem
BringWindowToTop
ScreenToClient
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
GetMenuItemInfoA
AttachThreadInput
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
GetClassLongPtrA
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetScrollBarInfo
ChildWindowFromPointEx
EndDialog
GetShellWindow
SetWinEventHook
GetWindowThreadProcessId
MoveWindow
ChangeClipboardChain
mouse_event
GetKeyState
GetWindowRgn
GetDoubleClickTime
PrintWindow
IsWindowVisible
GetGUIThreadInfo
GetWindowLongPtrA
FrameRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
CloseDesktop
IsRectEmpty
GetClassNameA
CloseClipboard
GetAncestor
setsockopt
htonl
socket
__WSAFDIsSet
bind
WSAStartup
send
inet_addr
accept
recvfrom
gethostbyname
select
recv
connect
getpeername
htons
closesocket
inet_ntoa
WSAGetLastError
listen
CoUninitialize
CoCreateInstance
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

TimeStamp
2014:12:11 18:43:40+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
222208

LinkerVersion
12.0

FileAccessDate
2015:01:05 10:07:17+01:00

EntryPoint
0x2a6ac

InitializedDataSize
94720

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2015:01:05 10:07:17+01:00

UninitializedDataSize
0

File identification
MD5 d7da422a3d23de95a9c3c969a31430e9
SHA1 32bcf2adafc5b189c04619c7c484d77a21861aba
SHA256 f88d5320b3882108f50d3c234313fe604956c0fc057c75b85cdfc3b8e6e9bfd1
ssdeep
6144:uus2ffOo1DRaOzSpsdvM8VPuDJrTGSZfWCTuj05X5KTB8YkW:uh2nOo1lGqnVGFRZh5X5KTOq

authentihash 55a6f8968a28518ed51b0d5e49a0fdc25f235439fd500e32cf7a453062cffc5e
imphash b9800d5e7b5b8f2c966880012837a8e1
File size 297.5 KB ( 304640 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits assembly pedll via-tor

VirusTotal metadata
First submission 2014-12-14 15:23:19 UTC ( 2 years, 8 months ago )
Last submission 2015-01-05 09:06:59 UTC ( 2 years, 7 months ago )
File names vti-rescan
vnc64.dump
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!