× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040
File name: fe5783e64aa70fac_dp1.fne
Detection ratio: 22 / 67
Analysis date: 2018-10-27 04:54:01 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
ALYac Worm.Autorun.RF 20181027
Bkav W32.Ongame0XQ.Trojan 20181025
CAT-QuickHeal Trojan.IGENERIC 20181026
Cylance Unsafe 20181027
Cyren W32/Autorun.EYAZ-7486 20181027
F-Prot W32/Autorun.GC 20181027
F-Secure Trojan:W32/Agent.DUIF 20181027
GData Win32.Trojan.Agent.AO 20181027
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181026
K7GW Riskware ( 0040eff71 ) 20181025
Malwarebytes Worm.AutoRun 20181027
MAX malware (ai score=99) 20181027
Sophos AV W32/SillyFDC-DX 20181027
SUPERAntiSpyware Trojan.Agent/Gen-Exploiter 20181022
TotalDefense Win32/Tnega.AKRS 20181026
TrendMicro WORM_FLYSTUDI.F 20181027
TrendMicro-HouseCall WORM_FLYSTUDI.F 20181027
VIPRE Trojan.Win32.Generic!BT 20181027
ViRobot Adware.Agent.Do.114688 20181026
Webroot W32.Malware.Gen 20181027
Yandex Trojan.Autorun!AG29Virh6vM 20181026
Ad-Aware 20181027
AegisLab 20181027
AhnLab-V3 20181027
Alibaba 20180921
Antiy-AVL 20181026
Arcabit 20181027
Avast 20181027
Avast-Mobile 20181026
AVG 20181027
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181027
ClamAV 20181026
CMC 20181026
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
DrWeb 20181027
eGambit 20181027
Emsisoft 20181027
Endgame 20180730
ESET-NOD32 20181026
Fortinet 20181027
Ikarus 20181026
Jiangmin 20181027
Kaspersky 20181027
Kingsoft 20181027
McAfee 20181027
McAfee-GW-Edition 20181027
Microsoft 20181027
eScan 20181027
NANO-Antivirus 20181027
Palo Alto Networks (Known Signatures) 20181027
Panda 20181026
Qihoo-360 20181027
Rising 20181027
SentinelOne (Static ML) 20181011
Symantec 20181026
Symantec Mobile Insight 20181026
TACHYON 20181027
Tencent 20181027
TheHacker 20181025
Trustlook 20181027
VBA32 20181026
Zillya 20181026
ZoneAlarm by Check Point 20181027
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-24 05:18:47
Entry Point 0x0000C28A
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
IsBadReadPtr
SetStdHandle
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
IsBadCodePtr
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
wsprintfA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2008:05:24 06:18:47+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
77824

LinkerVersion
6.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0xc28a

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 6d4b2e73f6f8ecff02f19f7e8ef9a8c7
SHA1 09c32ca167136a17fd69df8c525ea5ffeca6c534
SHA256 fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040
ssdeep
1536:IxM5MufmW0C3flmskqT0qYvwDr3cFoWPrE:IxMmomWP3fQEFrsFoWT

authentihash 7726835fbc3442fcb648a6ab0e24f6c21262f5f71bddb1ad1b78654913182278
imphash add5dd1fa4b0387f15fda385fe0b8dbe
File size 112.0 KB ( 114688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2008-08-15 16:05:06 UTC ( 10 years, 3 months ago )
Last submission 2018-10-27 04:54:01 UTC ( 2 weeks, 4 days ago )
File names smona132319025623306296855
smona132239536496758474502
file-3907534_fne
smona130871558945695625046
dp1.fne
smona131039586194364158088
vti-rescan
09C32CA167136A17FD69DF8C525EA5FFECA6C534.sample
09c32ca167136a17fd69df8c525ea5ffeca6c534.fne
smona131452075876248515311
fe5783e64aa70fac_dp1.fne
6d4b2e73f6f8ecff02f19f7e8ef9a8c7
DLL.dll
dp1.fne.exe
dp1.fne
6d4b2e73f6f8ecff02f19f7e8ef9a8c7
09c32ca167136a17fd69df8c525ea5ffeca6c534
get.vbp
dp1.1.fne
dp1.fne-6d4b2e73f6f8ecff02f19f7e8ef9a8c7
avz00013.dta
dp1.fne
6D4B2E73F6F8ECFF02F19F7E8EF9A8C7
smona132239592679684971115
09C32CA167136A17FD69DF8C525EA5FFECA6C534.a2m
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!