× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fca1dbcaf17e2374618484a5239488a40c428c791aee2903095c8bcb7a784b6
File name: core-dll64.dll
Detection ratio: 17 / 56
Analysis date: 2016-10-25 15:05:48 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19363456 20161025
ALYac Trojan.Generic.19363456 20161025
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161025
Arcabit Trojan.Generic.D1277680 20161025
Avast Win32:Malware-gen 20161025
BitDefender Trojan.Generic.19363456 20161025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Dyre.723 20161025
Emsisoft Trojan.Generic.19363456 (B) 20161025
ESET-NOD32 Win64/Spy.Agent.S 20161025
F-Secure Trojan.Generic.19363456 20161025
GData Trojan.Generic.19363456 20161025
Kaspersky HEUR:Trojan.Win32.Generic 20161025
McAfee-GW-Edition BehavesLike.Win64.Ramnit.dc 20161025
eScan Trojan.Generic.19363456 20161025
NANO-Antivirus Trojan.Win32.Dyre.ehndtq 20161025
Yandex Trojan.Agent!VuOBan0DSZg 20161025
AegisLab 20161025
AhnLab-V3 20161025
Alibaba 20161025
AVG 20161025
Avira (no cloud) 20161025
AVware 20161025
Baidu 20161025
Bkav 20161025
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
Cyren 20161025
F-Prot 20161025
Fortinet 20161025
Ikarus 20161025
Sophos ML 20161018
Jiangmin 20161025
K7AntiVirus 20161025
K7GW 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
Microsoft 20161025
nProtect 20161025
Panda 20161025
Qihoo-360 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Symantec 20161025
Tencent 20161025
TheHacker 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161025
VIPRE 20161025
ViRobot 20161025
Zillya 20161025
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-10-10 13:09:04
Entry Point 0x000104F0
Number of sections 5
PE sections
Overlays
MD5 b11bd322fba34fe280be796ca9c7cc5f
File type data
Offset 531456
Size 409992
Entropy 7.17
PE imports
SetSecurityDescriptorDacl
LookupPrivilegeValueA
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
CryptGenRandom
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyA
GetStdHandle
WaitForSingleObject
SetEndOfFile
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetThreadContext
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
ConnectNamedPipe
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
DisconnectNamedPipe
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
CreateRemoteThread
ReadProcessMemory
GetProcAddress
VirtualProtectEx
GetProcessHeap
lstrcpyW
lstrcmpA
FindFirstFileA
WaitNamedPipeA
lstrcpyA
FindNextFileA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
CreateNamedPipeA
lstrlenW
VirtualFreeEx
GetCPInfo
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
StrStrIA
PathFindFileNameA
StrToIntA
StrChrA
GetWindowThreadProcessId
GetAsyncKeyState
GetForegroundWindow
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
AttachThreadInput
ToUnicodeEx
wsprintfA
GetKeyboardLayout
GetClassNameA
TranslateMessage
GetMessageA
GetGUIThreadInfo
CallNextHookEx
DeleteUrlCacheEntry
InternetQueryOptionA
InternetSetStatusCallbackA
HttpQueryInfoA
closesocket
recv
WSAGetLastError
send
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2016:10:10 14:09:04+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
313344

LinkerVersion
12.0

EntryPoint
0x104f0

InitializedDataSize
239104

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 5a7459fb0b49a8b28fae507730e2a924
SHA1 3f24efa18d8fd9a7d7aeeb847c974c76eefcc285
SHA256 0fca1dbcaf17e2374618484a5239488a40c428c791aee2903095c8bcb7a784b6
ssdeep
12288:PF6XmVYdA/RsBtyLksVsqiozFOQFUNlCp9aCjMdYes3XhiskY8dW0Y0:PF6YYdApGgL7PiE80bRisKdW0z

authentihash fdc70ec43c0549ebe6547af13f2dd55e524dfcfb256558e55b6cc4bf36335b44
imphash df370c6db5baee352fb7a84da7438c0b
File size 919.4 KB ( 941448 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
64bits assembly pedll overlay

VirusTotal metadata
First submission 2016-10-25 15:05:48 UTC ( 1 year ago )
Last submission 2016-10-25 15:05:48 UTC ( 1 year ago )
File names core-dll64.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!