× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: 037db87c7947391350f5802ae04337d3edbcf91c892a271086cc54170a2cccc2
Dosya adı: id.dll
Tespit edilme orani 6 / 64
Analiz tarihi: 2017-09-09 10:15:40 UTC ( 1 ay, 1 hafta önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
ESET-NOD32 Win32/Agent.AB potentially unwanted 20170909
NANO-Antivirus Riskware.Win32.Mutabaha.eqblre 20170909
Rising PUA.SpeedBit!8.1F2 (cloud:dRoS09BzbQI) 20170909
Webroot Adware.Goobzo 20170909
Yandex Riskware.Agent! 20170908
Zoner Trojan.Agent 20170909
Ad-Aware 20170909
AegisLab 20170909
AhnLab-V3 20170908
Alibaba 20170908
ALYac 20170909
Antiy-AVL 20170909
Arcabit 20170909
Avast 20170909
AVG 20170909
Avira (no cloud) 20170909
AVware 20170906
Baidu 20170908
BitDefender 20170909
Bkav 20170909
CAT-QuickHeal 20170908
ClamAV 20170909
CMC 20170902
Comodo 20170909
CrowdStrike Falcon (ML) 20170804
Cylance 20170909
Cyren 20170909
DrWeb 20170909
Emsisoft 20170909
Endgame 20170821
F-Prot 20170909
F-Secure 20170909
Fortinet 20170909
GData 20170909
Ikarus 20170909
Sophos ML 20170822
Jiangmin 20170909
K7AntiVirus 20170909
K7GW 20170909
Kaspersky 20170909
Kingsoft 20170909
Malwarebytes 20170909
MAX 20170909
McAfee 20170909
McAfee-GW-Edition 20170909
Microsoft 20170909
eScan 20170909
nProtect 20170909
Palo Alto Networks (Known Signatures) 20170909
Panda 20170909
Qihoo-360 20170909
SentinelOne (Static ML) 20170806
Sophos AV 20170909
SUPERAntiSpyware 20170909
Symantec 20170908
Symantec Mobile Insight 20170908
Tencent 20170909
TheHacker 20170907
TrendMicro 20170909
TrendMicro-HouseCall 20170909
Trustlook 20170909
VBA32 20170907
VIPRE 20170909
ViRobot 20170909
WhiteArmor 20170829
Zillya 20170908
ZoneAlarm by Check Point 20170909
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-16 11:54:19
Entry Point 0x0000420D
Number of sections 6
PE sections
PE imports
ConvertSidToStringSidW
LookupAccountNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
GetComputerNameW
RaiseException
WriteConsoleW
WideCharToMultiByte
TlsFree
GetSystemDirectoryW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
LocalFree
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
SetFilePointerEx
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
SetLastError
LeaveCriticalSection
timeGetTime
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:16 12:54:19+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
57344

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
40960

SubsystemVersion
5.1

EntryPoint
0x420d

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 a879b0ae2ad98ac8e1c0f8912837eb2d
SHA1 3dd7973f0f9c0ded857fe7a64e627ef4155ca708
SHA256 037db87c7947391350f5802ae04337d3edbcf91c892a271086cc54170a2cccc2
ssdeep
1536:pG/iizb3mFKZUaTC2KJ7LXL8MHcFBmQGYbk+31cTs8jcdG+Uj43joj5f:pG/iifabKM8FhQ+JG+Uj43If

authentihash 67e43cb25885d98752ef96ed48d8102e0a69d172c6482be6f0a6ab351d2b3674
imphash ad339b48d44a37aa23f1b91ea2f60354
Dosya boyutu 97.0 KB ( 99328 bytes )
Dosya türü Win32 DLL
Magic lafzı
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2015-07-07 23:03:45 UTC ( 2 yıl, 3 ay önce)
Last submission 2017-10-04 12:06:46 UTC ( 2 hafta, 2 gün önce)
Dosya isimleri rlz_id.dll
id.dll
id.dll
id.dll
id.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!