× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: ac68597e7150e66b7f5d27012e1fbb8f77186b8bb1c67b2cf1679395bc58858b
Имя файла: CROX.dll
Показатель выявления: 2 / 63
Дата анализа: 2018-02-02 09:06:24 UTC (4 месяцев, 2 недель назад)
Антивирус Результат Дата обновления
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Ikarus Trojan.Graftor 20180202
Ad-Aware 20180202
AegisLab 20180202
AhnLab-V3 20180201
Alibaba 20180202
ALYac 20180202
Antiy-AVL 20180202
Arcabit 20180202
Avast 20180202
Avast-Mobile 20180202
AVG 20180202
Avira (no cloud) 20180202
AVware 20180202
Baidu 20180202
BitDefender 20180202
Bkav 20180201
CAT-QuickHeal 20180202
ClamAV 20180202
CMC 20180202
Comodo 20180202
Cybereason 20171103
Cylance 20180202
Cyren 20180202
DrWeb 20180202
eGambit 20180202
Emsisoft 20180202
Endgame 20171130
ESET-NOD32 20180202
F-Prot 20180202
Fortinet 20180202
GData 20180202
Sophos ML 20180121
Jiangmin 20180202
K7AntiVirus 20180202
K7GW 20180202
Kaspersky 20180202
Kingsoft 20180202
Malwarebytes 20180202
MAX 20180202
McAfee 20180202
McAfee-GW-Edition 20180202
Microsoft 20180202
eScan 20180202
NANO-Antivirus 20180202
nProtect 20180202
Palo Alto Networks (Known Signatures) 20180202
Panda 20180201
Qihoo-360 20180202
Rising 20180202
SentinelOne (Static ML) 20180115
Sophos AV 20180202
SUPERAntiSpyware 20180202
Symantec 20180202
Symantec Mobile Insight 20180202
Tencent 20180202
TheHacker 20180130
TrendMicro-HouseCall 20180202
Trustlook 20180202
VBA32 20180201
VIPRE 20180202
ViRobot 20180202
Webroot 20180202
Yandex 20180130
Zillya 20180201
ZoneAlarm by Check Point 20180202
Zoner 20180202
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-25 23:55:09
Entry Point 0x0003645C
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegEnumValueA
RegCloseKey
ImmSetCompositionWindow
ImmGetContext
GetSystemTimeAsFileTime
EnterCriticalSection
GetModuleFileNameW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
DisableThreadLibraryCalls
VirtualProtect
GlobalUnlock
WaitForSingleObjectEx
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
K32GetModuleInformation
GetWindowsDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
GlobalLock
InitializeSListHead
QueryPerformanceFrequency
CloseHandle
CreateThread
GetModuleHandleA
SetUnhandledExceptionFilter
ResetEvent
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
CreateEventW
GlobalAlloc
Sleep
IsBadCodePtr
GetCurrentThreadId
GetProcAddress
LeaveCriticalSection
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1_Lockit@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xbad_alloc@std@@YAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
GetAsyncKeyState
EmptyClipboard
SetWindowLongW
CallWindowProcW
GetWindowRect
SetClipboardData
OpenClipboard
GetClientRect
CloseClipboard
FindWindowA
SetCursor
FlashWindowEx
GetClipboardData
GetKeyState
strchr
_purecall
_CxxThrowException
strstr
memmove
__std_exception_copy
memset
__std_type_info_destroy_list
__CxxFrameHandler3
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__std_terminate
__std_exception_destroy
memcpy
memchr
malloc
_callnewh
free
_libm_sse2_sqrt_precise
floor
_libm_sse2_pow_precise
_CIatan2
_fdtest
ceil
_except1
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_CIfmod
_cexit
_configure_narrow_argv
_register_onexit_function
_errno
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_initialize_onexit_table
_invalid_parameter_noinfo
_initialize_narrow_environment
_initterm
_initterm_e
_seh_filter_dll
_crt_atexit
fseek
_get_stream_buffer_pointers
__stdio_common_vsscanf
fread
fclose
fflush
fopen
__acrt_iob_func
fputc
fwrite
fgetpos
fsetpos
fputs
ftell
__stdio_common_vsprintf_s
__stdio_common_vfprintf
_fseeki64
_wfopen
__stdio_common_vsprintf
fgetc
ungetc
setvbuf
_strnicmp
isdigit
isprint
strncpy
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2017:12:26 00:55:09+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
230912

LinkerVersion
14.11

EntryPoint
0x3645c

InitializedDataSize
80896

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 9df5d2d35c9e1ef7b81753c9c886131c
SHA1 638e85c2052e2b79297f55deca471ea032c9a776
SHA256 ac68597e7150e66b7f5d27012e1fbb8f77186b8bb1c67b2cf1679395bc58858b
ssdeep
6144:Ne/mYgh5h2d1P/nG85RnbnUpzS4q3llOpjj:imHh5h2v/X7Up+4q3l

authentihash 76d039219c79d64ededb6f682d84f83367a17418d9016b80ba4b2f68f792c4e3
imphash c891cd4d90381a1c929ab2b6826815ac
Размер файла 282.0 KБ ( 288768 bytes )
Тип файла Win32 DLL
Описание
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2017-12-30 19:20:02 UTC (5 месяцев, 3 недель назад)
Last submission 2018-02-02 09:06:24 UTC (4 месяцев, 2 недель назад)
Имена файлов CROX_CROX.dll
ReNaMon MoDz.dll
CROX.dll
[www.OldSchoolHack.me]_CROX.dll
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!