× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5948ceff8012d80f9b2dcef7316aa94d3a171d309c78e6b021b6af6928f16a0d
File name: zUVTIsviyMy2.dll
Detection ratio: 4 / 56
Analysis date: 2016-10-25 14:32:45 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9718 20161025
Kaspersky UDS:DangerousObject.Multi.Generic 20161025
Qihoo-360 HEUR/QVM30.1.0000.Malware.Gen 20161025
Tencent Win32.Trojan.Raasj.Auto 20161025
Ad-Aware 20161025
AegisLab 20161025
AhnLab-V3 20161025
Alibaba 20161025
ALYac 20161025
Antiy-AVL 20161025
Arcabit 20161025
Avast 20161025
AVG 20161025
Avira (no cloud) 20161025
AVware 20161025
BitDefender 20161025
Bkav 20161025
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
CrowdStrike Falcon (ML) 20160725
Cyren 20161025
DrWeb 20161025
Emsisoft 20161025
ESET-NOD32 20161025
F-Prot 20161025
F-Secure 20161025
Fortinet 20161025
GData 20161025
Ikarus 20161025
Sophos ML 20161018
Jiangmin 20161025
K7AntiVirus 20161025
K7GW 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
McAfee-GW-Edition 20161025
Microsoft 20161025
eScan 20161025
NANO-Antivirus 20161025
nProtect 20161025
Panda 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Symantec 20161025
TheHacker 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161025
VIPRE 20161025
ViRobot 20161025
Yandex 20161024
Zillya 20161025
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product CallMe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-25 12:26:27
Entry Point 0x00027AE7
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
OutputDebugStringA
TlsAlloc
GetDateFormatA
VirtualProtect
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
LoadLibraryExA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetCurrentProcessId
SetFilePointer
GetModuleHandleW
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
InterlockedCompareExchange
GetStringTypeA
GetLocaleInfoW
CompareStringW
WideCharToMultiByte
GetTimeFormatA
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
GetCurrentProcess
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
GetCurrentThread
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetConsoleCtrlHandler
SetLastError
CloseHandle
GetSubMenu
SetWindowLongW
CheckMenuItem
DrawFocusRect
InflateRect
ReleaseCapture
SetMenuItemInfoA
SetWindowTextW
AdjustWindowRectEx
DestroyWindow
CoWaitForMultipleHandles
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
36864

EntryPoint
0x27ae7

MIMEType
application/octet-stream

TimeStamp
2016:10:25 13:26:27+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
1, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CallMe

CodeSize
241664

ProductName
CallMe

ProductVersionNumber
1.9.0.0

FileTypeExtension
dll

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7a131fff8eaf144312494988300d7dc1
SHA1 04f0f8112bd8c35d79cd06ce8088763ba2f4e991
SHA256 5948ceff8012d80f9b2dcef7316aa94d3a171d309c78e6b021b6af6928f16a0d
ssdeep
3072:ZBkmGAsjXefPRYxSdBynP6QfW9ISSUzU1+XIx9kNOME1Agm5Wwls0JsSYBYjFTFD:ZBFjsjk6UBdwUzU9kwME/vwlsPBMTF

authentihash b20331096320b3207bfe40925a4ac387c083a4ac4b4f44f388d5605125c1eb21
imphash bea68958d4bcc1d061f578f0e570a5cb
File size 272.0 KB ( 278528 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-25 13:50:26 UTC ( 1 year, 1 month ago )
Last submission 2017-08-19 06:15:56 UTC ( 3 months, 3 weeks ago )
File names zUVTIsviyMy2.dll
LTBkOq1.dll
KQztXm2.dll
3.bin
IMIvivRR1.bin
owNiUJoobw1.dll
VhAWGz1.dll.3700.dr
AQQkFPm3.dll.2884.dr
1.exe
BPTYnEM1.dll.3420.dr
zdEUqwCax4.dll
mdLKrjTsy1.bin
IbojgrdpP1.dll
NXkDjgA1.dll
UeheoIx1.dll
mdLKrjTsy1.bin
zdEUqwCax1.dll
owNiUJoobw1.dll.1400.dr
fFbWxXogUG1.bin
gqiytD1.bin
iYxxrFUnIM1.dll
ydCahYil1.dll
coGNVyEUpB1.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!