× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f5daef7bae8b8dd43bd7d1e3122586a2ab67b01a6f611b1469e042508c15438
File name: core-dll32.dll
Detection ratio: 15 / 56
Analysis date: 2016-10-25 15:06:06 UTC ( 1 year ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic.C1615062 20161025
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161025
Avast Win32:Malware-gen 20161025
Avira (no cloud) TR/Agent.jafgz 20161025
AVware Trojan.Win32.Generic!BT 20161025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Dyre.720 20161025
ESET-NOD32 Win32/Spy.Agent.PAA 20161025
Sophos ML virus.win32.ramnit.j 20161018
Jiangmin Trojan.Generic.aklmy 20161025
Kaspersky HEUR:Trojan.Win32.Generic 20161025
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161025
Symantec Heur.AdvML.B 20161025
VIPRE Trojan.Win32.Generic!BT 20161025
Yandex Trojan.Agent!VuOBan0DSZg 20161025
Ad-Aware 20161025
AegisLab 20161025
Alibaba 20161025
ALYac 20161025
Arcabit 20161025
AVG 20161025
Baidu 20161025
BitDefender 20161025
Bkav 20161025
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
Cyren 20161025
Emsisoft 20161025
F-Prot 20161025
F-Secure 20161025
Fortinet 20161025
GData 20161025
Ikarus 20161025
K7AntiVirus 20161025
K7GW 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
McAfee-GW-Edition 20161025
Microsoft 20161025
eScan 20161025
NANO-Antivirus 20161025
nProtect 20161025
Panda 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Tencent 20161025
TheHacker 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161025
ViRobot 20161025
Zillya 20161025
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-10 13:08:06
Entry Point 0x0000D430
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
LookupPrivilegeValueA
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
CryptGenRandom
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyA
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatW
GetThreadContext
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
ConnectNamedPipe
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
SetLastError
GetSystemTime
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
RaiseException
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
DisconnectNamedPipe
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
CreateRemoteThread
GetWindowsDirectoryW
ReadProcessMemory
GetProcAddress
VirtualProtectEx
GetProcessHeap
lstrcpyW
lstrcmpA
WaitNamedPipeA
lstrcpyA
CreateFileW
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
CreateNamedPipeA
lstrlenW
VirtualFreeEx
WideCharToMultiByte
SuspendThread
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
IsValidCodePage
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
StrStrIA
PathFindFileNameA
StrToIntA
StrChrA
GetWindowThreadProcessId
GetMessageA
GetForegroundWindow
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
AttachThreadInput
ToUnicodeEx
wsprintfA
GetKeyboardLayout
GetClassNameA
TranslateMessage
GetAsyncKeyState
GetGUIThreadInfo
CallNextHookEx
DeleteUrlCacheEntry
InternetQueryOptionA
InternetSetStatusCallbackA
HttpQueryInfoA
closesocket
recv
WSAGetLastError
send
strtol
_itoa
strstr
memset
atoi
RtlUnwind
memcpy
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:10:10 14:08:06+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
220160

LinkerVersion
12.0

EntryPoint
0xd430

InitializedDataSize
199680

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 c90f766020855047c3a8138842266c5a
SHA1 193d0a4093c703ea586f5bede21c86a9d1f91ad6
SHA256 0f5daef7bae8b8dd43bd7d1e3122586a2ab67b01a6f611b1469e042508c15438
ssdeep
6144:2M1HEwB0MHxj9MFxdYesAOhXAOowiskY8dKpUsZfN059Z21:rp9aCjMdYes3XhiskY8dW0Y

authentihash fa6411b0fbe2f1290b2d4595cf5b796bb96788d220424ad5ee403cc5271f73c7
imphash 9e43bec89fb56860a924e0bcb708edc9
File size 392.5 KB ( 401920 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-25 15:06:06 UTC ( 1 year ago )
Last submission 2016-10-25 15:06:06 UTC ( 1 year ago )
File names core-dll32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!