× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25a361f297c6d399410b47af5504f4bb2c9327de55168a31154fbee21fa4b186
File name: Bot.dll
Detection ratio: 7 / 55
Analysis date: 2016-12-19 19:49:36 UTC ( 8 months ago ) View latest
Antivirus Result Update
AVG Win32/DH{I1uBDg?} 20161219
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20161207
Bkav W32.HfsAutoB.6056 20161219
Sophos ML virus.win32.ramnit.ah 20161216
Qihoo-360 HEUR/QVM30.1.0000.Malware.Gen 20161219
Symantec Heur.AdvML.B 20161219
VBA32 suspected of Trojan.Notifier.gen 20161219
Ad-Aware 20161219
AegisLab 20161219
AhnLab-V3 20161219
Alibaba 20161219
ALYac 20161219
Antiy-AVL 20161219
Arcabit 20161219
Avast 20161219
Avira (no cloud) 20161219
AVware 20161219
BitDefender 20161219
CAT-QuickHeal 20161219
ClamAV 20161219
CMC 20161219
Comodo 20161219
CrowdStrike Falcon (ML) 20161024
Cyren 20161219
DrWeb 20161219
Emsisoft 20161219
ESET-NOD32 20161219
F-Prot 20161219
F-Secure 20161219
Fortinet 20161219
GData 20161219
Ikarus 20161219
Jiangmin 20161219
K7AntiVirus 20161219
K7GW 20161219
Kaspersky 20161219
Kingsoft 20161219
Malwarebytes 20161219
McAfee 20161219
McAfee-GW-Edition 20161219
Microsoft 20161219
eScan 20161219
NANO-Antivirus 20161219
nProtect 20161219
Panda 20161219
Rising 20161219
Sophos AV 20161219
SUPERAntiSpyware 20161219
Tencent 20161219
TheHacker 20161219
TrendMicro 20161219
TrendMicro-HouseCall 20161219
Trustlook 20161219
VIPRE 20161219
ViRobot 20161219
WhiteArmor 20161212
Yandex 20161219
Zillya 20161219
Zoner 20161219
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-27 16:12:18
Entry Point 0x00007F4C
Number of sections 7
PE sections
Overlays
MD5 d039d4110ca75d7cf96df1e9c0fa27ff
File type ASCII text
Offset 306688
Size 25088
Entropy 0.00
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetStringTypeW
LocalAlloc
LoadLibraryExW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
StrChrA
GetUserNameExW
wsprintfA
MessageBoxA
GetDC
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:27 17:12:18+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
53248

LinkerVersion
11.0

EntryPoint
0x7f4c

InitializedDataSize
44032

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 f9cb4322e395aef43f86af76824a165e
SHA1 a323056e5ae928b21c57c87034ed754969d8af89
SHA256 25a361f297c6d399410b47af5504f4bb2c9327de55168a31154fbee21fa4b186
ssdeep
6144:hrac3+BfD6VKviyvu7KZcboxDrlAdPCLrqcjcUM83lpE5qhAedGS:hg760viyvu2morlAdqLrq/2l7hZcS

authentihash f9cf1fca9140235c9b0330a9ea5080db03abd9da7e44ca51067e2dc0322ca67d
imphash 13441cd0d64e1bf15e8940cbd6e57ca5
File size 324.0 KB ( 331776 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-19 19:49:36 UTC ( 8 months ago )
Last submission 2016-12-19 19:49:36 UTC ( 8 months ago )
File names Bot.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!