× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32a248553f993f13600a89700827eedf1a59b34b0da46cf4c22cc29e7f412141
File name: fMxSkyppYE2.dll
Detection ratio: 13 / 56
Analysis date: 2016-11-09 13:36:53 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9963 20161109
Bkav W32.eHeur.Malware03 20161109
CAT-QuickHeal Ransom.Locky.MUE.A5 20161109
CrowdStrike Falcon (ML) malicious_confidence_82% (D) 20161024
McAfee Artemis!C1B0B1FB4AA5 20161109
McAfee-GW-Edition Artemis 20161109
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161109
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20161109
Sophos AV Mal/RansomDl-C 20161109
Tencent Win32.Trojan.Raas.Auto 20161109
TrendMicro Ransom_HPLOCKY.SMJBA 20161109
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161109
VBA32 SScope.Malware-Cryptor.Filecoder 20161109
Ad-Aware 20161109
AegisLab 20161109
AhnLab-V3 20161109
Alibaba 20161109
ALYac 20161109
Antiy-AVL 20161109
Arcabit 20161109
Avast 20161109
AVG 20161109
Avira (no cloud) 20161109
AVware 20161109
BitDefender 20161109
ClamAV 20161109
CMC 20161109
Comodo 20161109
Cyren 20161109
DrWeb 20161109
Emsisoft 20161109
ESET-NOD32 20161109
F-Prot 20161109
F-Secure 20161109
Fortinet 20161109
GData 20161109
Ikarus 20161109
Sophos ML 20161018
Jiangmin 20161109
K7AntiVirus 20161108
K7GW 20161109
Kaspersky 20161109
Kingsoft 20161109
Malwarebytes 20161109
Microsoft 20161109
eScan 20161109
NANO-Antivirus 20161109
nProtect 20161109
Panda 20161108
SUPERAntiSpyware 20161109
Symantec 20161109
TheHacker 20161109
VIPRE 20161109
ViRobot 20161109
Yandex 20161108
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product Text
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-09 08:53:28
Entry Point 0x00027BC0
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
InterlockedIncrement
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetHandleCount
GetCommandLineA
GetUserDefaultLCID
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
CompareStringW
WideCharToMultiByte
TlsFree
FreeEnvironmentStringsW
GetCurrentThreadId
GetModuleHandleA
WriteFile
GetStartupInfoA
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
GetEnvironmentVariableA
HeapCreate
VirtualFree
FatalAppExitA
TlsGetValue
Sleep
GetCurrentThread
TlsSetValue
HeapAlloc
GetVersion
GetLocaleInfoW
VirtualAlloc
SetLastError
CloseHandle
GetSubMenu
SetWindowLongW
GetMenuItemCount
RegisterClassW
SetCapture
SetWindowTextW
CreateWindowExW
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
28672

EntryPoint
0x27bc0

MIMEType
application/octet-stream

TimeStamp
2016:11:09 09:53:28+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
1, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Text

CodeSize
200704

ProductName
Text

ProductVersionNumber
1.9.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 c1b0b1fb4aa56418ef48421c58ad1b58
SHA1 6e19651659cadaabc5eecac3d994b1896ba72d30
SHA256 32a248553f993f13600a89700827eedf1a59b34b0da46cf4c22cc29e7f412141
ssdeep
6144:y+KHFUAOmT/xWWnvJzt4O89fPIMdY3rgrFL:y+OF/BT/Nndt4rR63re

authentihash f40268d74b8129f9b07453dbdaf11c25d69c344027c8516237c6b3fb42467187
imphash a8adce4bab2180151ae4eb5d8e1d0437
File size 224.0 KB ( 229376 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-09 11:22:41 UTC ( 9 months, 1 week ago )
Last submission 2016-11-09 15:11:54 UTC ( 9 months, 1 week ago )
File names 04.exe
dfhxxJuXLz2.dll
bbMPXbpjC3.dll
hMlUQzVuqNo1.dll.536.dr
fMxSkyppYE2.dll
boWCPcDaQx1.dll
SIfHCpDqA1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!