× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 168ab03d2c33ffc8f7409a80ae46dd362713344e6571b48e353185f44a8a5163
File name: injectDll64.dll
Detection ratio: 3 / 56
Analysis date: 2016-10-25 00:40:22 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20161025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Dyre.721 20161024
Ad-Aware 20161025
AegisLab 20161024
AhnLab-V3 20161024
Alibaba 20161024
ALYac 20161025
Antiy-AVL 20161025
Arcabit 20161025
AVG 20161024
Avira (no cloud) 20161025
AVware 20161025
Baidu 20161024
BitDefender 20161025
Bkav 20161024
CAT-QuickHeal 20161024
ClamAV 20161024
CMC 20161024
Comodo 20161024
Cyren 20161024
Emsisoft 20161024
ESET-NOD32 20161025
F-Prot 20161024
F-Secure 20161024
Fortinet 20161024
GData 20161024
Ikarus 20161024
Sophos ML 20161018
Jiangmin 20161024
K7AntiVirus 20161024
K7GW 20161024
Kaspersky 20161024
Kingsoft 20161025
Malwarebytes 20161024
McAfee 20161024
McAfee-GW-Edition 20161024
Microsoft 20161024
eScan 20161025
NANO-Antivirus 20161024
nProtect 20161024
Panda 20161024
Qihoo-360 20161025
Rising 20161024
Sophos AV 20161024
SUPERAntiSpyware 20161024
Symantec 20161025
Tencent 20161025
TheHacker 20161022
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161024
VIPRE 20161025
ViRobot 20161025
Yandex 20161024
Zillya 20161024
Zoner 20161024
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-10-10 13:09:18
Entry Point 0x00003AA4
Number of sections 6
PE sections
Overlays
MD5 3d35dd53cfbc62179de015367bcce2d3
File type data
Offset 1059840
Size 408
Entropy 5.89
PE imports
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitializeSecurityDescriptor
GetStdHandle
WaitForSingleObject
EncodePointer
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
IsWow64Process
ConnectNamedPipe
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
SetLastError
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
TerminateThread
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
Process32Next
CreateRemoteThread
RtlPcToFileHeader
OpenProcess
GetStartupInfoW
GetProcAddress
GetProcessHeap
WaitNamedPipeA
RtlLookupFunctionEntry
ResetEvent
RtlUnwindEx
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
VirtualAllocEx
GetConsoleCP
GetEnvironmentStringsW
CreateNamedPipeA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
Sleep
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2016:10:10 14:09:18+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
72192

LinkerVersion
12.0

EntryPoint
0x3aa4

InitializedDataSize
996352

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 0b521fd97402c02366184ec413e888cc
SHA1 786246fde2ea0f22ba5fefabe74b91b8613ab250
SHA256 168ab03d2c33ffc8f7409a80ae46dd362713344e6571b48e353185f44a8a5163
ssdeep
12288:Sy6XnlZ6CF6XmVYdA/RsBtyLksVsqiozFOQFUNlCp9aCjMdYes3XhiskY8dW0Y0:7Mz6CF6YYdApGgL7PiE80bRisKdW0z

authentihash 6f85f0f99e2c78f02966eb1d0d42cec1cf5762382f70772654b2f0844a72f982
imphash 416aedb8b65e4c0741df5ccc0b5966d8
File size 1.0 MB ( 1060248 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
64bits assembly pedll overlay

VirusTotal metadata
First submission 2016-10-25 00:40:22 UTC ( 1 year ago )
Last submission 2016-10-25 07:40:43 UTC ( 1 year ago )
File names injectDll64.dll
0b521fd9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!