× Cookies 已停用! 本網站需要啟用 Cookies 才能正常工作
SHA256: 14b933fc72e99e0002d6614ab869bd41d3b1ce28dc1f0817b33b9b70126ea45e
檔案名稱: 0UBE8YF7q1BcN.zk
偵測率: 11 / 57
分析日期: 2016-12-01 18:37:45 UTC ( 2 年, 5 月 前 ) 檢視最新
防毒 結果 更新
Bkav W32.eHeur.Malware09 20161201
CrowdStrike Falcon (ML) malicious_confidence_88% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.MLV 20161201
Sophos ML trojan.win32.sirefef.p 20161128
Kaspersky HEUR:Trojan.Win32.Generic 20161201
McAfee Ransomware-FYU!A838F6BC1042 20161201
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161201
Rising Malware.Generic!TAT4iUnzlqQ@2 (thunder) 20161201
Symantec Heur.AdvML.B 20161201
TrendMicro Ransom_HPLOCKY.SM21 20161201
TrendMicro-HouseCall Ransom_HPLOCKY.SM21 20161201
Ad-Aware 20161201
AegisLab 20161201
AhnLab-V3 20161201
Alibaba 20161201
ALYac 20161201
Antiy-AVL 20161201
Arcabit 20161201
Avast 20161201
AVG 20161201
Avira (no cloud) 20161201
AVware 20161201
Baidu 20161201
BitDefender 20161201
CAT-QuickHeal 20161201
ClamAV 20161201
CMC 20161201
Comodo 20161201
Cyren 20161201
DrWeb 20161201
Emsisoft 20161201
F-Prot 20161201
F-Secure 20161201
Fortinet 20161201
GData 20161201
Ikarus 20161201
Jiangmin 20161201
K7AntiVirus 20161201
K7GW 20161201
Kingsoft 20161201
Malwarebytes 20161201
McAfee-GW-Edition 20161201
Microsoft 20161201
eScan 20161201
NANO-Antivirus 20161201
nProtect 20161201
Panda 20161201
Sophos AV 20161201
SUPERAntiSpyware 20161201
Tencent 20161201
TheHacker 20161130
TotalDefense 20161201
Trustlook 20161201
VBA32 20161201
VIPRE 20161201
ViRobot 20161201
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161201
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.

Product EaseUS Todo Backup Boot Dynamic Link Library
Original name BootItem.dll
Internal name BootItem
File version 5.8.0.0
Description EaseUS Todo Backup Boot Dynamic Link Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-01 15:46:57
Entry Point 0x0000FB42
Number of sections 7
PE sections
Overlays
MD5 b7efaa004f47ca6295ec5bf865ef8cee
File type data
Offset 139264
Size 10073
Entropy 7.98
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
GetDeviceCaps
CreateDCA
SetMapMode
DeleteDC
RestoreDC
SaveDC
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
LPtoDP
GetLastError
DisableThreadLibraryCalls
EnterCriticalSection
LoadLibraryA
lstrlenA
lstrcmpiA
HeapDestroy
ExitProcess
IsBadWritePtr
GetModuleFileNameA
IsDBCSLeadByte
GetShortPathNameA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
SizeofResource
lstrcatA
LockResource
lstrlenW
MultiByteToWideChar
GetProcAddress
FlushInstructionCache
FindResourceExA
WideCharToMultiByte
LoadLibraryW
GetModuleHandleA
lstrcmpA
FindFirstFileA
GlobalFindAtomA
lstrcpyA
InterlockedIncrement
lstrcpynA
GetACP
ExpandEnvironmentStringsA
GetFileAttributesW
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
GetCurrentThreadId
FindResourceA
LeaveCriticalSection
VarUI4FromStr
VARIANT_UserMarshal
SysStringLen
VARIANT_UserFree
LoadRegTypeLib
SysAllocStringLen
RegisterTypeLib
VariantClear
SysAllocString
BSTR_UserFree
OleCreatePropertyFrame
BSTR_UserUnmarshal
VARIANT_UserUnmarshal
BSTR_UserSize
LoadTypeLib
SysFreeString
VARIANT_UserSize
VariantInit
BSTR_UserMarshal
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall2
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrDllGetClassObject
NdrOleFree
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
SetFocus
SetWindowRgn
IntersectRect
BeginPaint
OffsetRect
GetClassInfoExA
DefWindowProcA
ShowWindow
SetWindowPos
GetParent
CharLowerA
IsWindow
EndPaint
CallWindowProcA
CharLowerW
SetWindowLongA
IsWindowEnabled
GetDC
RegisterClassExA
ReleaseDC
EqualRect
GetKeyState
GetWindowLongA
GetClientRect
UnionRect
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
CharNextA
IsWindowUnicode
GetFocus
DestroyWindow
IsChild
PtInRect
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
malloc
sscanf
realloc
memset
strcat
_mbslwr
toupper
strlen
_mbsrchr
??2@YAPAXI@Z
memcpy
isalpha
_snprintf
memcmp
strrchr
_mbsicmp
tolower
strcspn
_adjust_fdiv
??3@YAXPAX@Z
free
_mbschr
atoi
atol
_exit
strstr
strcpy
_strnicmp
_initterm
_mbsnbcmp
__set_app_type
CLSIDFromProgID
OleRegGetUserType
CoTaskMemAlloc
OleRegGetMiscStatus
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
StringFromCLSID
CLSIDFromString
CoTaskMemFree
CreateOleAdviseHolder
CoInternetParseUrl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.1

UninitializedDataSize
40960

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
39424

EntryPoint
0xfb42

OriginalFileName
BootItem.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.

FileVersion
5.8.0.0

TimeStamp
2016:12:01 16:46:57+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
BootItem

ProductVersion
5.8.0.0

FileDescription
EaseUS Todo Backup Boot Dynamic Link Library

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CHENGDU YIWO Tech Development Co., Ltd

CodeSize
96768

ProductName
EaseUS Todo Backup Boot Dynamic Link Library

ProductVersionNumber
2.5.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 a838f6bc1042da5d675e5b69547fa08f
SHA1 713cd569b2f368ff7a312d156306d6937a2555f7
SHA256 14b933fc72e99e0002d6614ab869bd41d3b1ce28dc1f0817b33b9b70126ea45e
ssdeep
3072:+1s8M3g6D/+IDDzdkFy/oZE/8Ax4sEnjC/P:+u8a9/PEdZE/WFGH

authentihash d629ebb8daeb44d71a294eb499671a736384a253ab59d410b6f541482b10b8ba
imphash 9144c05d8e52fbbab2371e23ab429305
File size 145.8 KB ( 149337 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-01 18:37:45 UTC ( 2 年, 5 月 前 )
Last submission 2017-11-08 22:53:11 UTC ( 1 年, 6 月 前 )
檔案名稱 0UBE8YF7q1BcN.zk
q4kot1fod0nmq.zk
BootItem.dll
BootItem
沒有評論. 尚未有 VirusTotal 社群成員評論此項目,您將是第一個這樣做!

留下您的評論...

?
張貼評論

您尚未登入。 只有註冊的使用者才可以發表評論、登入!

沒有投票. 尚未有人對此項目投票,您將是第一個這樣做!