× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 8f5deed86adcc92d720afa2c9dc3ca3b010b8da2bf554f100ec24e8a16f0c27b
Имя файла: client.dll
Показатель выявления: 38 / 56
Дата анализа: 2015-03-07 01:36:59 UTC (6 месяцев назад)
Антивирус Результат Дата обновления
ALYac Gen:Variant.Kazy.350297 20150307
AVG PSW.Generic12.APRK 20150307
AVware Trojan.Win32.Generic!BT 20150307
Ad-Aware Gen:Variant.Kazy.350297 20150307
AhnLab-V3 Trojan/Win32.Ransomlock 20150306
Avast Win32:Tuscas-B [Trj] 20150307
Avira TR/Hijacker.Gen 20150307
Baidu-International Trojan.Win32.Dropper.rix 20150306
BitDefender Gen:Variant.Kazy.350297 20150307
Comodo UnclassifiedMalware 20150307
Cyren W32/Trojan.NSQL-3086 20150307
DrWeb DLOADER.Trojan 20150306
ESET-NOD32 a variant of Win32/Spy.Tuscas.A 20150307
Emsisoft Gen:Variant.Kazy.350297 (B) 20150307
F-Secure Gen:Variant.Kazy.350297 20150307
Fortinet W32/Agent.AGFA!tr 20150307
GData Gen:Variant.Kazy.350297 20150307
Ikarus Trojan.Hijacker 20150306
K7AntiVirus Riskware ( 0040eff71 ) 20150306
K7GW Riskware ( 0040eff71 ) 20150306
Kaspersky Trojan-Dropper.Win32.Dinwod.rix 20150306
Kingsoft Win32.Troj.Dinwod.r.(kcloud) 20150307
McAfee Generic.dx!01C1E3AB4676 20150307
McAfee-GW-Edition Generic.dx!01C1E3AB4676 20150307
MicroWorld-eScan Gen:Variant.Kazy.350297 20150307
Microsoft TrojanSpy:Win32/Ursnif.gen!Q 20150307
NANO-Antivirus Trojan.Win32.Dinwod.cxqdjl 20150307
Norman Suspicious_Gen4.FXSCL 20150306
Panda Trj/Genetic.gen 20150306
Qihoo-360 Win32/Trojan.d54 20150307
Sophos Troj/Agent-AGFA 20150307
Symantec Trojan.Gen.2 20150307
Tencent Win32.Trojan-dropper.Dinwod.Eyb 20150307
TrendMicro TROJ_SPNR.11HB14 20150307
TrendMicro-HouseCall TROJ_SPNR.11HB14 20150307
VIPRE Trojan.Win32.Generic!BT 20150307
Zillya Dropper.Dinwod.Win32.802 20150306
nProtect Trojan-Dropper/W32.Dinwod.227840 20150306
AegisLab 20150307
Agnitum 20150306
Alibaba 20150307
Antiy-AVL 20150306
Bkav 20150306
ByteHero 20150307
CAT-QuickHeal 20150306
CMC 20150304
ClamAV 20150306
F-Prot 20150307
Malwarebytes 20150307
Rising 20150306
SUPERAntiSpyware 20150307
TheHacker 20150306
TotalDefense 20150307
VBA32 20150306
ViRobot 20150306
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-27 11:45:55
Link date 12:45 PM 2/27/2014
Entry Point 0x00004F84
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
WaitForSingleObject
HeapDestroy
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
lstrcatW
GetThreadContext
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
Thread32First
ResumeThread
FreeLibrary
GetThreadPriority
FreeLibraryAndExitThread
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
OpenThread
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
SetThreadPriority
FlushInstructionCache
CreateThread
CreateMutexW
GetVersion
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
lstrcmpiA
SetEvent
GetTickCount
DisableThreadLibraryCalls
VirtualProtect
lstrcmpiW
CreateRemoteThread
GetFileSize
OpenProcess
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
lstrcpyW
lstrcmpA
UnmapViewOfFile
ResetEvent
Thread32Next
WaitForMultipleObjects
GetTempPathW
CreateEventW
CreateFileW
InterlockedIncrement
GetLastError
GetComputerNameW
VirtualAllocEx
GetSystemInfo
lstrlenA
OpenEventW
lstrlenW
Process32NextW
VirtualFree
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
EnumProcessModules
GetModuleFileNameExW
ReleaseDC
CharLowerA
wsprintfA
GetWindowRect
GetDesktopWindow
CharLowerW
wsprintfW
GetWindowDC
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoA
InternetOpenW
HttpOpenRequestW
_alldiv
_vsnprintf
memmove
_allmul
_aulldiv
memset
_strcmpi
memcpy
_vsnwprintf
CreateStreamOnHGlobal
PE exports
Number of PE resources by type
RT_DATA 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:02:27 12:45:55+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
57344

LinkerVersion
10.0

EntryPoint
0x4f84

InitializedDataSize
169472

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 01c1e3ab46762ef23eb2ac898ea84c2c
SHA1 ce49354ee3b57dc24bc229fb099d39f4a87fec3b
SHA256 8f5deed86adcc92d720afa2c9dc3ca3b010b8da2bf554f100ec24e8a16f0c27b
ssdeep
1536:WAbu5GlEK+tUODvghKoUypak6H/zv3rZRsGkK5KtajKXg:WAaUEK+tdeKuakK7DFk3g

authentihash 3bdfb320f450c1f0f6375633379d28521f6cd17128b9e3f2aae8716197b93de8
imphash efa0781ea4a8036360cd65fa1ab9a163
Размер файла 222.5 KБ ( 227840 bytes )
Тип файла Win32 DLL
Описание
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-02-27 18:40:46 UTC (1 год, 6 месяцев назад)
Last submission 2014-06-24 08:49:35 UTC (1 год, 2 месяцев назад)
Имена файлов ce49354ee3b57dc24bc229fb099d39f4a87fec3b
91452f4b9c0703866112c604b95af54b3c079902
client.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!