× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 296a3992cafb6046e0f7c128644fda70eb0129502966774e0ca9191850fb8139
Detection ratio: 27 / 55
Analysis date: 2015-04-30 16:24:10 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.551661 20150430
AhnLab-V3 Trojan/Win32.Korplug 20150430
ALYac Gen:Variant.Kazy.551661 20150430
Antiy-AVL Trojan/Win32.TSGeneric 20150430
Avast Win32:Malware-gen 20150430
AVG Agent5.TZT 20150430
BitDefender Gen:Variant.Kazy.551661 20150430
Comodo Heur.Packed.Unknown 20150430
Cyren W32/S-9bf54e99!Eldorado 20150430
Emsisoft Gen:Variant.Kazy.551661 (B) 20150430
ESET-NOD32 a variant of Win32/Korplug.CV 20150430
F-Prot W32/S-9bf54e99!Eldorado 20150430
F-Secure Gen:Variant.Kazy.551661 20150430
Fortinet W32/Korplug.CU!tr 20150430
GData Gen:Variant.Kazy.551661 20150430
Ikarus Trojan.Win32.Korplug 20150430
K7AntiVirus Trojan ( 003db13d1 ) 20150430
K7GW Trojan ( 003db13d1 ) 20150430
Kaspersky UDS:DangerousObject.Multi.Generic 20150430
McAfee-GW-Edition BehavesLike.Win32.Conficker.dm 20150430
eScan Gen:Variant.Kazy.551661 20150430
NANO-Antivirus Trojan.Win32.XPACK.dprbvx 20150430
Panda Trj/Genetic.gen 20150430
Sophos Mal/Behav-010 20150430
Tencent Trojan.Win32.Qudamah.Gen.12 20150430
VBA32 Backdoor.Gulpix 20150429
Zillya Trojan.Korplug.Win32.141 20150430
AegisLab 20150430
Yandex 20150430
Alibaba 20150430
AVware 20150430
Baidu-International 20150430
Bkav 20150425
ByteHero 20150430
CAT-QuickHeal 20150430
ClamAV 20150430
CMC 20150423
DrWeb 20150430
Jiangmin 20150429
Kingsoft 20150430
McAfee 20150430
Microsoft 20150430
Norman 20150430
nProtect 20150430
Qihoo-360 20150430
Rising 20150430
SUPERAntiSpyware 20150430
Symantec 20150430
TheHacker 20150429
TotalDefense 20150430
TrendMicro 20150430
TrendMicro-HouseCall 20150430
VIPRE 20150430
ViRobot 20150430
Zoner 20150430
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00019892
Number of sections 2
PE sections
PE imports
GdiplusStartup
GetAdaptersInfo
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
LookupAccountSidW
RegOverridePredefKey
OpenServiceW
QueryServiceConfigW
ControlService
InitializeAcl
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
ChangeServiceConfig2W
ConvertStringSidToSidW
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
SetTokenInformation
QueryServiceConfig2W
EqualSid
CreateServiceW
GetTokenInformation
DuplicateTokenEx
InitiateSystemShutdownA
GetUserNameW
EnumServicesStatusExW
RegEnumKeyExW
GetLengthSid
GetAce
CreateProcessAsUserW
AdjustTokenPrivileges
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
QueryServiceStatusEx
ImpersonateLoggedOnUser
ChangeServiceConfigW
DnsQuery_A
GetDeviceCaps
DeleteDC
SelectObject
CreateDCW
GetDIBits
BitBlt
GdiFlush
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
SetFileTime
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
LocalAlloc
GetConsoleCursorInfo
SetErrorMode
GetFileTime
WideCharToMultiByte
WriteFile
ResumeThread
LocalFree
IsWow64Process
ConnectNamedPipe
InitializeCriticalSection
FindClose
QueryDosDeviceW
SetFileAttributesW
VirtualQueryEx
GetSystemInfo
GetSystemTime
LocalLock
WriteProcessMemory
GetModuleFileNameW
ExitProcess
SetConsoleScreenBufferSize
LoadLibraryA
VerSetConditionMask
SetConsoleCtrlHandler
AllocConsole
GetSystemDefaultLCID
MultiByteToWideChar
VerifyVersionInfoW
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
IsProcessorFeaturePresent
ExitThread
TerminateProcess
ReadConsoleOutputW
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
lstrcmpW
SleepEx
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
lstrcmpiW
WriteConsoleInputW
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
GenerateConsoleCtrlEvent
ReadProcessMemory
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetConsoleScreenBufferInfo
VirtualProtectEx
GetProcessHeap
GetComputerNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
lstrcpyA
ResetEvent
FreeConsole
GetComputerNameA
FindFirstFileW
GlobalMemoryStatus
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetConsoleWindow
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
VirtualAllocEx
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetVolumeInformationW
lstrlenW
VirtualFree
GetQueuedCompletionStatus
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
ProcessIdToSessionId
GetCommandLineW
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetModuleHandleW
UnmapViewOfFile
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
memset
memcpy
memcmp
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
EnumProcesses
EnumProcessModules
ExtractIconExW
SHFileOperationW
CommandLineToArgvW
OpenInputDesktop
SetCapture
GetMessageW
DefWindowProcW
FindWindowW
keybd_event
KillTimer
PostQuitMessage
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
UnhookWindowsHookEx
PostMessageA
OpenWindowStationW
WindowFromPoint
SetProcessWindowStation
mouse_event
SetThreadDesktop
GetProcessWindowStation
CreateDesktopW
DispatchMessageW
GetKeyState
GetAsyncKeyState
GetIconInfo
DestroyIcon
ShowWindow
TranslateMessage
SetCursorPos
RegisterRawInputDevices
GetThreadDesktop
CloseWindowStation
CallNextHookEx
wsprintfA
SetTimer
GetClassNameW
GetWindowTextW
CloseDesktop
SetWindowsHookExW
LoadCursorW
CreateWindowExW
wsprintfW
ExitWindowsEx
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpSendRequestExA
setsockopt
WSASocketA
WSAGetOverlappedResult
socket
WSARecvFrom
bind
inet_addr
WSAStartup
WSACreateEvent
ioctlsocket
gethostbyname
ntohs
WSAIoctl
getsockname
WSAEventSelect
recv
WSAGetLastError
listen
WTSQueryUserToken
File identification
MD5 43f5f8a47f95ec4abc8ae7289f71f6e4
SHA1 55a4863d158c43fb02a49d3052a76c0ba22dacbd
SHA256 296a3992cafb6046e0f7c128644fda70eb0129502966774e0ca9191850fb8139
ssdeep
3072:9AbiVfvvw6B3yKeb86QXltDRN5yt/XvPDpayAlLb6sE0ze4UT/lyg:xVzyKejgltDRN5C/IdEi0yg

authentihash 151fd1343c3046a8c669b52996801c39a4ef9881280e318f4e34f0ad2ff06372
imphash df458250f0d8d155e7bc749e35821798
File size 200.0 KB ( 204800 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable

TrID Win32 Executable (generic) (52.5%)
Generic Win/DOS Executable (23.3%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Sybase iAnywhere database files (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-30 16:24:10 UTC ( 2 years, 1 month ago )
Last submission 2015-04-30 16:24:10 UTC ( 2 years, 1 month ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!