× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57a0f81246a70462028c1adf1b5d8f02580845084e12a5edf3652bb2d9b2077d
File name: VqXFkkRPsl2.dll.2965385470.DROPPED
Detection ratio: 28 / 56
Analysis date: 2016-11-09 09:43:53 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ransom.TeslaCrypt.10 20161109
AhnLab-V3 Trojan/Win32.Locky.N2150246117 20161108
ALYac Trojan.Ransom.LockyCrypt 20161109
Arcabit Trojan.Ransom.TeslaCrypt.10 20161109
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9970 20161107
BitDefender Gen:Variant.Ransom.TeslaCrypt.10 20161108
Bkav W32.eHeur.Malware03 20161108
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Encoder.3976 20161109
Emsisoft Gen:Variant.Ransom.TeslaCrypt.10 (B) 20161109
ESET-NOD32 a variant of Win32/Kryptik.FJJZ 20161109
F-Secure Gen:Variant.Ransom.TeslaCrypt.10 20161109
Fortinet W32/Kryptik.FJJZ!tr 20161109
GData Gen:Variant.Ransom.TeslaCrypt.10 20161109
Ikarus Trojan.Win32.Crypt 20161109
Invincea trojanspy.win32.ursnif.hn 20161018
K7GW Trojan ( 004fc9fb1 ) 20161109
McAfee Artemis!AD6FB318002D 20161109
McAfee-GW-Edition Artemis!Trojan 20161109
eScan Gen:Variant.Ransom.TeslaCrypt.10 20161108
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161109
Rising Malware.Generic!coZvFCUx5RF@2 (thunder) 20161109
Symantec Ransom.Locky 20161109
Tencent Win32.Trojan.Raas.Auto 20161109
TrendMicro Ransom_HPLOCKY.SMJBA 20161109
TrendMicro-HouseCall Ransom_HPLOCKY.SMJBA 20161109
VBA32 SScope.Malware-Cryptor.Filecoder 20161108
ViRobot Trojan.Win32.Locky.237568.B[h] 20161109
AegisLab 20161109
Alibaba 20161109
Antiy-AVL 20161109
Avast 20161109
AVG 20161109
Avira (no cloud) 20161108
AVware 20161109
CAT-QuickHeal 20161109
ClamAV 20161109
CMC 20161109
Comodo 20161109
Cyren 20161109
F-Prot 20161109
Jiangmin 20161109
K7AntiVirus 20161108
Kaspersky 20161109
Kingsoft 20161109
Malwarebytes 20161109
Microsoft 20161109
NANO-Antivirus 20161108
nProtect 20161109
Panda 20161108
Sophos 20161109
SUPERAntiSpyware 20161109
TheHacker 20161109
VIPRE 20161109
Yandex 20161108
Zillya 20161108
Zoner 20161109
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-08 19:35:33
Entry Point 0x00026F50
Number of sections 5
PE sections
PE imports
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
InterlockedCompareExchange
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
CompareStringW
InitializeCriticalSection
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetCurrentThreadId
WriteFile
GetCurrentProcess
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
VirtualFree
FatalAppExitA
TlsGetValue
Sleep
GetCurrentThread
TlsSetValue
CloseHandle
ExitProcess
GetVersion
GetLocaleInfoW
VirtualAlloc
SetLastError
InterlockedIncrement
CheckMenuItem
TrackPopupMenu
GetMenuItemCount
SetCapture
MoveWindow
OffsetRect
GetClientRect
DestroyWindow
SendMessageW
SetActiveWindow
GetKeyState
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:11:08 20:35:33+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
204800

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x26f50

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ad6fb318002df4ffc80795cc31d529b4
SHA1 2eb5b0546ee8408ec0e0d8e4703dc9b7b511a1c7
SHA256 57a0f81246a70462028c1adf1b5d8f02580845084e12a5edf3652bb2d9b2077d
ssdeep
6144:PZjUq3G/avoW/B03zDBbMf+1XOjWX2ck47ysq:PJUY8awWCDDyfgF2clr

authentihash 10cfa60d6963ceb206dd7e452c1677d77760b1c3efddabb4683badcd0dd54a1c
imphash 5cf97d7989e39a5465cfcd7c9c6aea99
File size 232.0 KB ( 237568 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-08 22:11:44 UTC ( 4 months, 2 weeks ago )
Last submission 2016-11-09 14:50:15 UTC ( 4 months, 2 weeks ago )
File names OO.exe
HMoTbKui1.dll
VsUfov1.dll
wiifGgjkJ1.dll
ad6fb318002df4ffc80795cc31d529b4
VqXFkkRPsl2.dll.2965385470.DROPPED
rTdGHoCB1.dll.2952.dr
78.exe
locky.dll
sgXAWdmNL1.dll
AxytpGQ1.dll.2952.dr
qGYcsCKXx3.dll.3284.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!