× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: d843403b871a353020bffdedd9c4905e34ed195c1222c3bfd3567c97eb4f69a4
Nom du fichier : 7fb9e521f4aa86dfb994e63ab8058e3f
Ratio de détection : 40 / 55
Date d'analyse : 2017-01-08 23:47:00 UTC (il y a 9 mois, 2 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Gen:Variant.Zusy.174632 20170109
AegisLab Troj.Dropper.W32.Agent.lBfj 20170108
ALYac Gen:Variant.Zusy.174632 20170109
Antiy-AVL Trojan/Win32.Inject 20170108
Arcabit Trojan.Zusy.D2AA28 20170108
Avast Win32:Malware-gen 20170108
AVG Generic_r.MQT 20170108
Avira (no cloud) TR/Crypt.XPACK.Gen8 20170108
AVware Trojan.Win32.Generic!BT 20170108
BitDefender Gen:Variant.Zusy.174632 20170108
Cyren W32/Trojan.DMOR-3005 20170108
DrWeb Trojan.PWS.Papras.2329 20170108
Emsisoft Gen:Variant.Zusy.174632 (B) 20170108
ESET-NOD32 a variant of Win32/PSW.Papras.EH 20170108
F-Secure Gen:Variant.Zusy.174632 20170108
Fortinet W32/Inject.ACAJK!tr 20170108
GData Gen:Variant.Zusy.174632 20170108
Ikarus Trojan-Banker.Gozi 20170108
Sophos ML virus.win32.ramnit.p 20161216
Jiangmin Trojan.Inject.uij 20170108
K7AntiVirus Password-Stealer ( 004c815b1 ) 20170108
K7GW Password-Stealer ( 004c815b1 ) 20170108
Kaspersky Trojan.Win32.Inject.acajk 20170108
Malwarebytes Trojan.Banker 20170108
McAfee RDN/Generic PWS.y 20170108
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lc 20170108
Microsoft TrojanSpy:Win32/Ursnif.HS 20170108
eScan Gen:Variant.Zusy.174632 20170108
NANO-Antivirus Trojan.Win32.Papras.eihujw 20170108
Panda Trj/GdSda.A 20170108
Qihoo-360 Win32/Trojan.815 20170109
Rising Stealer.Papras!8.132-vm4unzojS9L (cloud) 20170108
Sophos AV Mal/Generic-S 20170108
Tencent Win32.Trojan.Inject.Ammr 20170109
TrendMicro TROJ_GEN.R047C0DKC16 20170108
TrendMicro-HouseCall TROJ_GEN.R047C0DKC16 20170109
VBA32 Trojan.Inject 20170106
VIPRE Trojan.Win32.Generic!BT 20170109
Yandex Trojan.Inject!Ai/XNpf94dY 20170106
Zillya Trojan.Papras.Win32.6064 20170104
AhnLab-V3 20170108
Alibaba 20170108
Baidu 20170107
Bkav 20170107
CAT-QuickHeal 20170107
ClamAV 20170108
CMC 20170108
Comodo 20170108
CrowdStrike Falcon (ML) 20161024
F-Prot 20170108
Kingsoft 20170109
nProtect 20170108
SUPERAntiSpyware 20170108
TheHacker 20170108
TotalDefense 20170108
Trustlook 20170109
ViRobot 20170108
WhiteArmor 20161221
Zoner 20170108
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-12 20:18:25
Entry Point 0x00001137
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExA
RegCloseKey
GetLastError
HeapFree
HeapCreate
lstrlenA
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
HeapDestroy
ExitProcess
GetModuleFileNameA
lstrlenW
CompareFileTime
GetCurrentProcessId
OpenProcess
FindClose
ExpandEnvironmentStringsA
lstrcatW
VirtualProtectEx
SuspendThread
GetFileTime
SetFilePointer
lstrcmpiA
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
lstrcatA
CreateFileA
lstrcpyA
FindFirstFileA
ResetEvent
CreateWaitableTimerA
FindNextFileA
GetProcAddress
GetLongPathNameW
SetEvent
LocalFree
ResumeThread
CreateProcessA
GetVersion
UnmapViewOfFile
VirtualFree
CreateEventA
CreateFileMappingA
InterlockedDecrement
Sleep
CloseHandle
HeapAlloc
SetWaitableTimer
lstrcpynA
VirtualAlloc
SetLastError
InterlockedIncrement
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
StrStrIA
StrRChrA
StrChrA
FindWindowA
wsprintfA
GetCursorInfo
NtQuerySystemInformation
NtCreateSection
RtlUnwind
ZwOpenProcess
ZwOpenProcessToken
memset
NtUnmapViewOfSection
ZwClose
ZwQueryInformationToken
RtlNtStatusToDosError
RtlUpcaseUnicodeString
RtlImageNtHeader
RtlFreeUnicodeString
ZwQueryInformationProcess
mbstowcs
memcpy
NtQueryVirtualMemory
NtMapViewOfSection
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:08:12 21:18:25+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
14848

LinkerVersion
8.0

EntryPoint
0x1137

InitializedDataSize
8704

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7fb9e521f4aa86dfb994e63ab8058e3f
SHA1 2a320549ce39902d888eebb133bc1e8822261c66
SHA256 d843403b871a353020bffdedd9c4905e34ed195c1222c3bfd3567c97eb4f69a4
ssdeep
1536:ZfZkgpFdexOUlth0TsxpWShOiCysKJ/gAGhrrWZWFiAV:ZB9AOUltGTsyM6ysggAOrWZ1A

authentihash 0e16d765f0cce8bdb3816ec28a311bf78598f21f48c3bb8d65c7e97f303347f5
imphash 6246bae3199a468b1544ddeb93b29b06
File size 74.5 KB ( 76288 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-12 13:11:50 UTC (il y a 11 mois, 1 semaine)
Last submission 2016-11-24 10:22:47 UTC (il y a 11 mois)
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !