× Çerezler devre dışı bırakılmış! Bu sitenin düzgün bir şekilde çalışabilmesi için çerezlerin açık olması gerekir.
SHA256: d7f6d727a2ec4eab8a4aca816bbea770078f6f428f5c902e27ae36a00551ca2e
Dosya adı: LDiqtiPJ3.dll.2290858766.DROPPED.dll.bin
Tespit edilme orani 11 / 56
Analiz tarihi: 2016-11-10 16:20:08 UTC ( 2 yıl, 6 ay önce) En sonuncusunu görüntüle
Antivirus Sonuç Güncelle
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161110
Bkav W32.eHeur.Malware03 20161110
CrowdStrike Falcon (ML) malicious_confidence_69% (D) 20161024
Kaspersky UDS:DangerousObject.Multi.Generic 20161110
McAfee Artemis!D7B9CF050198 20161110
McAfee-GW-Edition Artemis 20161110
Sophos AV Mal/RansomDl-C 20161110
Tencent Win32.Trojan.Raas.Auto 20161110
TrendMicro Ransom_HPLOCKY.SMJBA 20161110
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161110
VBA32 SScope.Malware-Cryptor.Filecoder 20161110
Ad-Aware 20161110
AegisLab 20161110
AhnLab-V3 20161110
Alibaba 20161110
ALYac 20161110
Antiy-AVL 20161110
Arcabit 20161110
Avast 20161110
AVG 20161110
Avira (no cloud) 20161110
AVware 20161110
BitDefender 20161110
CAT-QuickHeal 20161110
ClamAV 20161110
CMC 20161110
Comodo 20161110
Cyren 20161110
DrWeb 20161110
Emsisoft 20161110
ESET-NOD32 20161110
F-Prot 20161110
F-Secure 20161110
Fortinet 20161110
GData 20161110
Ikarus 20161110
Sophos ML 20161018
Jiangmin 20161110
K7AntiVirus 20161109
K7GW 20161110
Kingsoft 20161110
Malwarebytes 20161110
Microsoft 20161110
eScan 20161110
NANO-Antivirus 20161110
nProtect 20161110
Panda 20161110
Qihoo-360 20161110
Rising 20161110
SUPERAntiSpyware 20161110
Symantec 20161110
TheHacker 20161109
VIPRE 20161110
ViRobot 20161110
Yandex 20161110
Zillya 20161110
Zoner 20161110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product XXXXXXXXXXXXX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-10 14:31:54
Entry Point 0x0002C0A0
Number of sections 4
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
VirtualAllocEx
GetModuleFileNameW
GetConsoleCP
GetVersionExW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
HeapSize
RtlUnwind
GetModuleFileNameA
FreeLibrary
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
CreateSemaphoreW
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
SetStdHandle
GetTimeFormatW
WideCharToMultiByte
TlsFree
SetFilePointer
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetProcAddress
CompareStringW
GetProcessHeap
TerminateProcess
CreateEventW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
FatalAppExitA
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
GetCurrentThread
WriteConsoleW
CloseHandle
GetSubMenu
GetMenu
TrackPopupMenu
EnumClipboardFormats
InflateRect
GetMenuItemCount
LoadStringW
SetWindowTextW
GetKeyState
GetMenuStringW
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
22528

EntryPoint
0x2c0a0

MIMEType
application/octet-stream

TimeStamp
2016:11:10 15:31:54+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
1, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
XXXXXXXXXXXXX

CodeSize
273920

ProductName
XXXXXXXXXXXXX

ProductVersionNumber
1.9.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 d7b9cf050198a75aca5e1da4818a5a81
SHA1 fe69928f41056ef81c51d86777f27bb70b67bfd1
SHA256 d7f6d727a2ec4eab8a4aca816bbea770078f6f428f5c902e27ae36a00551ca2e
ssdeep
6144:EhyWRzkELXqAK5PTpnQ46O9tROCwIKbg7DV:72tL6ZlnKi9wjC

authentihash 551e06fe27ba06b9c39dcee02e87b060086e4ec6f4079edc962028821de82339
imphash 8fa24129515d9708f31e5f5ab896ce83
Dosya boyutu 282.5 KB ( 289280 bytes )
Dosya türü Win32 DLL
Magic lafzı
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-10 15:15:40 UTC ( 2 yıl, 6 ay önce)
Last submission 2016-11-11 04:49:34 UTC ( 2 yıl, 6 ay önce)
Dosya isimleri PlPCVcOFpca1.bin
LDiqtiPJ3.dll.2290858766.DROPPED.dll.bin
lIqdcKaL3.dll
Yorum yok.. Henüz hiçbir VirusTotal Topluluğu üyesi bu öğeye yorum yapmadı.Bunu yapan ilk sen ol!

Yorum ekleyin...

?
Yorumu gönder.

Üye girişi yapmadınız..Sadece kayıtlı kullanıcılar yorum yapabilir.Sesinizi duyurmak için giriş yapın.

Oy yok.. Bu öğeyi daha önce hiç kimse oylamadı.Bunu yapan ilk sen ol!