× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff4a021e6175e5f2c0a666270081d74991c69e651c249a6fdf82a004dd9215e5
File name: CDldex2.dll
Detection ratio: 7 / 56
Analysis date: 2016-11-21 16:15:08 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Hplocky.Smjba!c 20161121
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Kaspersky UDS:DangerousObject.Multi.Generic 20161121
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161121
Tencent Win32.Trojan.Raas.Auto 20161121
TrendMicro Ransom_HPLOCKY.SMJBA 20161121
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161121
Ad-Aware 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161121
Antiy-AVL 20161121
Arcabit 20161121
Avast 20161121
AVG 20161121
Avira (no cloud) 20161121
AVware 20161121
Baidu 20161121
BitDefender 20161121
Bkav 20161121
CAT-QuickHeal 20161121
ClamAV 20161121
CMC 20161121
Comodo 20161121
Cyren 20161121
DrWeb 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
Fortinet 20161121
GData 20161121
Ikarus 20161121
Sophos ML 20161018
Jiangmin 20161121
K7AntiVirus 20161121
K7GW 20161121
Kingsoft 20161121
Malwarebytes 20161121
McAfee 20161121
McAfee-GW-Edition 20161121
Microsoft 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161121
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
Symantec 20161121
TheHacker 20161117
TotalDefense 20161121
Trustlook 20161121
VBA32 20161121
VIPRE 20161121
ViRobot 20161121
Yandex 20161121
Zillya 20161121
Zoner 20161121
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-21 14:03:24
Entry Point 0x0002C880
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
GetLocaleInfoW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
FreeEnvironmentStringsW
GetCurrentProcessId
GetUserDefaultLCID
GetCurrentProcess
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
SetHandleCount
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
CompareStringW
CompareStringA
WideCharToMultiByte
GetTimeFormatA
TlsFree
SetFilePointer
GetTimeZoneInformation
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetModuleHandleA
CloseHandle
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
IsDebuggerPresent
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
SetConsoleCtrlHandler
SetLastError
InterlockedIncrement
CoWaitForMultipleHandles
PE exports
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:11:21 15:03:24+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
0

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
286720

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x2c880

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3c8cafb4965d1a0397e301864659172a
SHA1 d04680ac32519982ccf0643060ea8c278f40ec01
SHA256 ff4a021e6175e5f2c0a666270081d74991c69e651c249a6fdf82a004dd9215e5
ssdeep
3072:PGYCL+rXOUzCkNHX2jtfgw9mHOAfNkTJ1FO5PTTzhVKWdxz7yOheEkdXbVYYALil:le7hgw924TvFKPThlz7yO2VYEB

authentihash c6b6be551575dc23a84d0c93df67ba96c79ae41c7763e769bd9072be29f94094
imphash 1667eb143967be4b25ba2b06129e6f17
File size 280.0 KB ( 286720 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-21 14:56:15 UTC ( 2 years, 5 months ago )
Last submission 2017-11-19 00:22:40 UTC ( 1 year, 5 months ago )
File names FCVLtLMB2.dll
Locky-DLL-sample.dll
hfvg623.dll
iJwxPAuOs1.dll
bOFXKAn1.dll
EbtdcqfFU1.dll
CDldex2.dll
GgkqhJlEe1.dll
RqcybcFT1.dll
hfvg623.dll
bTXGJyitoJR1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!