× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 443cfadafc5708e1a5554a29074911c31c814c4b2723275cb043834f8ceb4506
Nom du fichier : Samp(32)_5.vir.rename
Ratio de détection : 48 / 67
Date d'analyse : 2018-10-23 21:46:17 UTC (il y a 6 mois, 4 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.PWS.OnlineGames.KEKO 20181023
AhnLab-V3 Trojan/Win32.OnLineGames.C1315927 20181023
ALYac Trojan.PWS.OnlineGames.KEKO 20181023
Antiy-AVL Trojan[PSW]/Win32.Fareit 20181023
Arcabit Trojan.PWS.OnlineGames.KEKO 20181023
Avast Win32:Malware-gen 20181023
AVG Win32:Malware-gen 20181023
Avira (no cloud) HEUR/AGEN.1021134 20181023
BitDefender Trojan.PWS.OnlineGames.KEKO 20181023
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20181023
Cyren W32/Fareit.IWYG-0073 20181023
DrWeb Trojan.PWS.Papras.1572 20181023
Emsisoft Trojan.PWS.OnlineGames.KEKO (B) 20181023
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Kryptik.EJRD 20181023
F-Prot W32/Fareit.MA 20181023
F-Secure Trojan.PWS.OnlineGames.KEKO 20181023
Fortinet W32/Papras.EJ!tr 20181023
GData Trojan.PWS.OnlineGames.KEKO 20181023
Ikarus Trojan.Win32.Crypt 20181023
Sophos ML heuristic 20180717
Jiangmin Trojan.PSW.Fareit.axb 20181023
K7AntiVirus Trojan ( 004daa6c1 ) 20181023
K7GW Trojan ( 004daa6c1 ) 20181023
Kaspersky HEUR:Trojan.Win32.Generic 20181023
MAX malware (ai score=100) 20181023
McAfee Generic Trojan.i 20181023
McAfee-GW-Edition Generic Trojan.i 20181023
Microsoft Trojan:Win32/Dynamer!ac 20181023
eScan Trojan.PWS.OnlineGames.KEKO 20181023
NANO-Antivirus Trojan.Win32.AD.dzkugh 20181023
Palo Alto Networks (Known Signatures) generic.ml 20181023
Panda Trj/Genetic.gen 20181023
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20181023
Rising Trojan.Generic!8.C3 (CLOUD) 20181023
Sophos AV Mal/Generic-S 20181023
SUPERAntiSpyware Trojan.Agent/Gen-Papras 20181022
Symantec Trojan.Gen.2 20181023
Tencent Win32.Trojan.Generic.Htcx 20181023
TrendMicro TSPY_FAREIT.YYSQZ 20181023
TrendMicro-HouseCall TSPY_FAREIT.YYSQZ 20181023
VBA32 TrojanPSW.Fareit 20181023
VIPRE Trojan.Win32.Generic!BT 20181023
Webroot W32.Trojan.Gen 20181023
Yandex Trojan.PWS.Fareit!Fu4GYbb5bbs 20181022
Zillya Trojan.Scar.Win32.96220 20181023
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181023
AegisLab 20181023
Alibaba 20180921
Avast-Mobile 20181023
Babable 20180918
Baidu 20181023
Bkav 20181023
CAT-QuickHeal 20181022
ClamAV 20181023
CMC 20181023
Comodo 20181023
Cybereason 20180225
eGambit 20181023
Kingsoft 20181023
Malwarebytes 20181023
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181001
TACHYON 20181023
TheHacker 20181023
TotalDefense 20181023
Trustlook 20181023
ViRobot 20181023
Zoner 20181023
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-27 09:06:47
Entry Point 0x00004E9C
Number of sections 5
PE sections
PE imports
LookupPrivilegeNameW
CryptReleaseContext
CryptAcquireContextA
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CryptGenRandom
LookupPrivilegeValueW
GetStockObject
CallNamedPipeW
GetLastError
LCMapStringW
lstrcmpiA
GlobalFree
CreateTimerQueue
GetTimeFormatW
BuildCommDCBW
VirtualProtect
CreateNamedPipeA
GetSystemDirectoryA
FoldStringA
GetStartupInfoA
CreateActCtxW
GetLocaleInfoA
DeleteFileA
GetUserDefaultLCID
GetProcessHeap
CreateRemoteThread
CompareStringW
WideCharToMultiByte
GetSystemDirectoryW
GetSystemDefaultUILanguage
GetDiskFreeSpaceW
GlobalFlags
GetCurrentProcess
CloseHandle
GetNumberOfConsoleMouseButtons
lstrcmpW
CreateConsoleScreenBuffer
lstrcatW
MoveFileA
MoveFileExA
CreateDirectoryExA
GlobalAlloc
AllocConsole
IsDebuggerPresent
GetVersion
MulDiv
DrawDibTime
ICSendMessage
GetOpenFileNamePreviewA
DrawDibChangePalette
ICInstall
ICCompress
ICCompressorFree
StretchDIB
ICSeqCompressFrameStart
DrawDibStop
DrawDibRealize
ICGetDisplayFormat
ICLocate
GetSaveFileNamePreviewW
ICInfo
DrawDibSetPalette
ICCompressorChoose
ICSeqCompressFrame
MCIWndCreateW
ICDecompress
DrawDibGetPalette
MCIWndCreateA
DrawDibClose
DrawDibStart
ICSeqCompressFrameEnd
DrawDibGetBuffer
DrawDibEnd
ICOpen
ICMThunk32
ICDrawBegin
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetMappedFileNameW
QueryWorkingSet
GetDeviceDriverBaseNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
EnumPageFilesA
EnumProcessModules
GetMappedFileNameA
GetModuleInformation
EmptyWorkingSet
GetModuleFileNameExW
EnumPageFilesW
GetPerformanceInfo
GetProcessImageFileNameA
EnumDeviceDrivers
GetAsyncKeyState
GetForegroundWindow
GetClassInfoExW
GetMenu
GetKeyboardLayout
GetTopWindow
RegisterClassW
FindWindowW
GetGUIThreadInfo
GetShellWindow
GetClientRect
GetClassNameA
GetClipboardOwner
GetWindow
CreatePopupMenu
FindWindowA
MessageBoxW
IsChild
GetMenuItemID
GetKeyNameTextW
UpdatePerfNameFilesA
LoadPerfCounterTextStringsW
SetServiceAsTrustedA
InstallPerfDllW
UpdatePerfNameFilesW
SetServiceAsTrustedW
BackupPerfRegistryToFileW
InstallPerfDllA
SnmpMgrRequest
SnmpMgrClose
SnmpMgrCtl
SnmpMgrGetTrapEx
SnmpMgrStrToOid
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2009:02:27 10:06:47+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
23552

LinkerVersion
5.12

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug, DLL

EntryPoint
0x4e9c

InitializedDataSize
141824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 26dfaca0c70c6eee983b56aaed834181
SHA1 2d04bf688b74507732822184c80cd4133e5fb753
SHA256 443cfadafc5708e1a5554a29074911c31c814c4b2723275cb043834f8ceb4506
ssdeep
1536:h0ED+j3InbQwBW+5Y8d2F9rbLLEwclmxCe8aqQh7taSiii3QZ6qv:hBCIbQwY+5Y8aZ3L2mM2JaSfiXqv

authentihash d89a0994111b809e8317a2d05d17800ead6c2950d38d5ce36f5f4bda65491b0b
imphash 4dd394501aa85fcf32b4e38465b8aee7
File size 158.5 KB ( 162304 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-12-29 18:08:12 UTC (il y a 3 ans, 4 mois)
Last submission 2018-10-23 21:46:17 UTC (il y a 6 mois, 4 semaines)
Noms du fichier mpr10.dll.txt
mpr10.dll
mpr10.dll.dat
Samp(32)_5.vir.rename
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0101.

Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !