× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22cfee1e5a8772878b5fe0aeec77eb83167fbe53777e8855474e9f40db1c4788
File name: KUVIL0IhVIFV.dll
Detection ratio: 6 / 55
Analysis date: 2016-11-22 09:23:20 UTC ( 9 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9539 20161122
Bkav HW32.Packed.671C 20161121
CrowdStrike Falcon (ML) malicious_confidence_72% (D) 20161024
Sophos ML trojan.win32.necurs.a 20161018
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161122
Tencent Win32.Trojan.Raasj.Auto 20161122
Ad-Aware 20161122
AegisLab 20161122
AhnLab-V3 20161122
Alibaba 20161122
ALYac 20161122
Antiy-AVL 20161122
Arcabit 20161122
Avast 20161122
AVG 20161122
Avira (no cloud) 20161122
AVware 20161122
BitDefender 20161122
CAT-QuickHeal 20161122
ClamAV 20161122
CMC 20161122
Comodo 20161122
Cyren 20161122
DrWeb 20161122
Emsisoft 20161122
ESET-NOD32 20161122
F-Prot 20161122
F-Secure 20161122
Fortinet 20161122
GData 20161122
Ikarus 20161122
Jiangmin 20161122
K7AntiVirus 20161122
K7GW 20161122
Kaspersky 20161122
Kingsoft 20161122
Malwarebytes 20161122
McAfee 20161122
McAfee-GW-Edition 20161122
Microsoft 20161122
eScan 20161122
NANO-Antivirus 20161122
nProtect 20161122
Panda 20161121
Rising 20161122
Sophos AV 20161122
SUPERAntiSpyware 20161122
Symantec 20161122
TheHacker 20161122
TrendMicro 20161122
TrendMicro-HouseCall 20161122
Trustlook 20161122
VBA32 20161121
VIPRE 20161122
ViRobot 20161122
Yandex 20161121
Zillya 20161122
Zoner 20161122
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2014 Mythicsoft Ltd. All rights reserved.

Product FileLocator Series
Original name RenderLib.dll
Internal name RenderLib.dll
File version 7,0,1239,1
Description FileLocator Rendering Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-22 05:41:19
Entry Point 0x0001A1B9
Number of sections 4
PE sections
Overlays
MD5 8c12a727f8c67f4bd8fc764e66ff2b8d
File type data
Offset 175104
Size 9995
Entropy 7.98
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeLibrary
FreeEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
GetEnvironmentStrings
GetFileType
GetStringTypeW
GetCurrentProcessId
ReleaseSemaphore
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
SetEvent
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
ExitThread
GetTempPathA
RaiseException
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
IsBadCodePtr
WriteFile
GetStartupInfoA
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
CreateThread
WaitForMultipleObjects
SetFileAttributesA
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
GetVersion
GetCurrentProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
IsBadReadPtr
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalAlloc
SetLastError
ResetEvent
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocString
SendMessageA
CharLowerA
CharUpperA
CharLowerW
CharUpperW
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
65024

ImageVersion
0.0

ProductName
FileLocator Series

FileVersionNumber
7.0.1239.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.0

FileTypeExtension
dll

OriginalFileName
RenderLib.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7,0,1239,1

TimeStamp
2016:11:22 06:41:19+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
RenderLib.dll

ProductVersion
7,0,828,1

FileDescription
FileLocator Rendering Library

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 2014 Mythicsoft Ltd. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Mythicsoft Ltd

CodeSize
109056

FileSubtype
0

ProductVersionNumber
7.0.828.1

EntryPoint
0x1a1b9

ObjectFileType
Dynamic link library

File identification
MD5 ebf03567c2a907705a026ff0821d8e63
SHA1 383db73234b2390925fcc15ffb18149831992c8d
SHA256 22cfee1e5a8772878b5fe0aeec77eb83167fbe53777e8855474e9f40db1c4788
ssdeep
3072:UCDMfcISDKj5sAYYHevptiaE+WkCDoLwyJgqssRCNgsS+/42222:UsxKj91+pENk1L/JHCLgx1

authentihash e23608ccf58e6f8d977c0a3b3c4cf7629f66c306b497e5c4582286fb98930e86
imphash 372744c6324acad86c61090d2987b6b0
File size 180.8 KB ( 185099 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-11-22 09:23:20 UTC ( 9 months ago )
Last submission 2016-11-22 09:23:20 UTC ( 9 months ago )
File names KUVIL0IhVIFV.dll
RenderLib.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!