× Cookies sú vypnuté! Aby táto stránka vyžaduje mať zapnuté cookies aby fungovala správne.
SHA256: 9d48fbe44a72881b220a0612abb803c2cda02a6143f9939ab2e326f7a04d8aa8
Názov súboru: NhVi1netIL6ZV.tdb.bin
Pomer detekcie: 6 / 57
Dátum analýzy: 2016-11-24 09:08:16 UTC ( pred 2 roky, 5 mesiacov ) Zobraziť posledné
Antivírus Výsledok Aktualizovať
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161124
Bkav HW32.Packed.6848 20161124
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20161024
ESET-NOD32 a variant of Win32/Kryptik.FKHZ 20161124
Sophos ML backdoor.win32.prosti.l 20161018
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161124
Ad-Aware 20161124
AegisLab 20161124
AhnLab-V3 20161124
Alibaba 20161124
ALYac 20161124
Antiy-AVL 20161124
Arcabit 20161124
Avast 20161124
AVG 20161124
Avira (no cloud) 20161124
AVware 20161124
BitDefender 20161124
CAT-QuickHeal 20161124
ClamAV 20161124
CMC 20161124
Comodo 20161124
Cyren 20161124
DrWeb 20161124
Emsisoft 20161124
F-Prot 20161124
F-Secure 20161124
Fortinet 20161124
GData 20161124
Ikarus 20161124
Jiangmin 20161124
K7AntiVirus 20161124
K7GW 20161124
Kaspersky 20161124
Kingsoft 20161124
Malwarebytes 20161124
McAfee 20161124
McAfee-GW-Edition 20161124
Microsoft 20161124
eScan 20161124
NANO-Antivirus 20161124
nProtect 20161124
Panda 20161123
Rising 20161130
Sophos AV 20161124
SUPERAntiSpyware 20161124
Symantec 20161124
Tencent 20161124
TheHacker 20161124
TotalDefense 20161124
TrendMicro 20161124
TrendMicro-HouseCall 20161124
Trustlook 20161124
VBA32 20161123
VIPRE 20161124
ViRobot 20161124
WhiteArmor 20161018
Yandex 20161123
Zillya 20161123
Zoner 20161124
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2013 VMware, Inc.

Product VMware Workstation
Original name adjperm.DLL
Internal name adjperm
File version 10.0.1 build-1379776
Description adjperm DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-24 06:29:35
Entry Point 0x00011CC2
Number of sections 7
PE sections
Overlays
MD5 784dc2c8f58a5f9ec8176eba0943dc18
File type data
Offset 143872
Size 12727
Entropy 7.99
PE imports
LocalAlloc
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetACP
FreeLibrary
GetCPInfo
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetEnvironmentStrings
GetCurrentProcessId
CreateSemaphoreA
WaitForMultipleObjects
DeleteFileA
CreateThread
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
SetEvent
GetCommandLineA
GetProcAddress
GetStringTypeA
IsBadReadPtr
GetTempPathA
RaiseException
CreateFileA
ReleaseSemaphore
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetTempFileNameA
ExitThread
HeapReAlloc
GetStringTypeW
GetVersion
SetFileAttributesA
HeapAlloc
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
GetFileType
TlsSetValue
IsBadCodePtr
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
ResetEvent
SendMessageA
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
40960

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.41495

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
adjperm DLL

ImageFileCharacteristics
Executable, Large address aware, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
31744

EntryPoint
0x11cc2

OriginalFileName
adjperm.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2013 VMware, Inc.

FileVersion
10.0.1 build-1379776

TimeStamp
2016:11:24 07:29:35+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
adjperm

ProductVersion
10.0.1 build-1379776

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
111616

ProductName
VMware Workstation

ProductVersionNumber
10.0.1.41495

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7a8eddf274323f014238d3d54de8094d
SHA1 b91cbe7dd8357eab878424af7228a3e25186462b
SHA256 9d48fbe44a72881b220a0612abb803c2cda02a6143f9939ab2e326f7a04d8aa8
ssdeep
3072:5KHRu2AMRKbBfDO/mEWPcbQ3hI2HmOOmIPzrU2w2CW8YhV:ouMiNYWPcbQ3jGt/JV

authentihash cae12d80c1d741651de7e19f27c80d1d0ea614aec4d1ecc53206df38c635c20c
imphash 02e1f1b3750cf9500ed90d3f14bc8b39
Veľkosť súboru 152.9 KB ( 156599 bytes )
Typ súboru Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-11-24 09:08:16 UTC ( pred 2 roky, 5 mesiacov )
Last submission 2017-08-04 04:45:43 UTC ( pred 1 rok, 9 mesiacov )
Názov súborov: adjperm.DLL
NhVi1netIL6ZV.tdb.bin
adjperm
Žiadne komentáre. Žiaden člen VirusTotal komunity sa ešte nevyjadril. Buď prvý, kto sa vyjadrí!

Zanechať komentár...

?
Pridať komentár

Nie ste prihlásený. Iba registrovaný užívatelia môžu písať komentáre, príhlásiť sa a niečo zmeniť!

Žiadne hlasy. Nikto ešte nehlasoval. Buďte prvý kto tak urobí!