× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53af22828a2a1190105c6846ae9e32ab6ce87388b77838d456432ee6e9de7343
File name: Engine32.dll
Detection ratio: 4 / 55
Analysis date: 2016-12-19 19:51:23 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
Invincea trojandownloader.win32.tugspay.a 20161216
Qihoo-360 HEUR/QVM30.1.0000.Malware.Gen 20161219
Symantec Heur.AdvML.B 20161219
Ad-Aware 20161219
AegisLab 20161219
AhnLab-V3 20161219
Alibaba 20161219
ALYac 20161219
Antiy-AVL 20161219
Arcabit 20161219
Avast 20161219
AVG 20161219
Avira (no cloud) 20161219
AVware 20161219
BitDefender 20161219
Bkav 20161219
CAT-QuickHeal 20161219
ClamAV 20161219
CMC 20161219
Comodo 20161219
CrowdStrike Falcon (ML) 20161024
Cyren 20161219
DrWeb 20161219
Emsisoft 20161219
ESET-NOD32 20161219
F-Prot 20161219
F-Secure 20161219
Fortinet 20161219
GData 20161219
Ikarus 20161219
Jiangmin 20161219
K7AntiVirus 20161219
K7GW 20161219
Kaspersky 20161219
Kingsoft 20161219
Malwarebytes 20161219
McAfee 20161219
McAfee-GW-Edition 20161219
Microsoft 20161219
eScan 20161219
NANO-Antivirus 20161219
nProtect 20161219
Panda 20161219
Rising 20161219
Sophos 20161219
SUPERAntiSpyware 20161219
Tencent 20161219
TheHacker 20161219
TrendMicro 20161219
TrendMicro-HouseCall 20161219
Trustlook 20161219
VBA32 20161219
VIPRE 20161219
ViRobot 20161219
WhiteArmor 20161212
Yandex 20161219
Zillya 20161219
Zoner 20161219
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-27 16:11:43
Entry Point 0x0000D503
Number of sections 5
PE sections
Overlays
MD5 563ebbdfb43ff18dadece9678d726307
File type ASCII text
Offset 171008
Size 4088832
Entropy 0.00
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
GetVolumeInformationW
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
ResumeThread
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
GetPrivateProfileSectionNamesW
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetWindowsDirectoryW
GetStartupInfoW
GetProcAddress
GetProcessHeap
ExpandEnvironmentStringsW
lstrcmpA
lstrcpyA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
CreateProcessW
Sleep
VirtualAlloc
StrStrA
StrCmpNIW
StrStrIA
PathFindFileNameW
StrToIntA
StrStrIW
StrCmpNA
StrStrW
StrChrA
wsprintfA
MessageBoxA
wsprintfW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetCanonicalizeUrlA
HttpOpenRequestW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:11:27 17:11:43+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
90624

LinkerVersion
11.0

EntryPoint
0xd503

InitializedDataSize
253440

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 c5741253187779764fb548dbdba43870
SHA1 1363ebf01413112b178d4ed354b5dad11ded72d1
SHA256 53af22828a2a1190105c6846ae9e32ab6ce87388b77838d456432ee6e9de7343
ssdeep
3072:42bgxSCWj3mACbPXdpj34OwZ5ExMHyqro5OUW:hbyvWeF+G4b

authentihash 54e1d41fdc1f7f624ebc4563e227c53c73c271da4ce8490c557327816a6176cd
imphash 497cb428c017bdf0b742294daad7ebd4
File size 4.1 MB ( 4259840 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-19 19:51:23 UTC ( 4 months, 1 week ago )
Last submission 2016-12-19 21:41:11 UTC ( 4 months, 1 week ago )
File names mitb.vir
Engine32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!