× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65
File name: injectDll32.dll
Detection ratio: 6 / 56
Analysis date: 2016-10-21 13:35:33 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161021
Avast Win32:Malware-gen 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Dyre.713 20161021
Sophos ML virus.win32.ramnit.x 20161018
Symantec Heur.AdvML.B 20161021
Ad-Aware 20161021
AegisLab 20161021
AhnLab-V3 20161021
Alibaba 20161021
ALYac 20161021
Arcabit 20161021
AVG 20161021
Avira (no cloud) 20161021
AVware 20161021
Baidu 20161021
BitDefender 20161021
Bkav 20161021
CAT-QuickHeal 20161021
ClamAV 20161021
CMC 20161021
Comodo 20161021
Cyren 20161021
Emsisoft 20161021
ESET-NOD32 20161021
F-Prot 20161021
F-Secure 20161021
Fortinet 20161021
GData 20161021
Ikarus 20161021
Jiangmin 20161021
K7AntiVirus 20161021
K7GW 20161021
Kaspersky 20161021
Kingsoft 20161021
Malwarebytes 20161021
McAfee 20161021
McAfee-GW-Edition 20161021
Microsoft 20161021
eScan 20161021
NANO-Antivirus 20161021
nProtect 20161021
Panda 20161021
Qihoo-360 20161021
Rising 20161021
Sophos AV 20161021
SUPERAntiSpyware 20161021
Tencent 20161021
TheHacker 20161020
TrendMicro 20161021
TrendMicro-HouseCall 20161021
VBA32 20161021
VIPRE 20161021
ViRobot 20161021
Yandex 20161020
Zillya 20161020
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-10 13:08:15
Entry Point 0x0000372F
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitializeSecurityDescriptor
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
TerminateThread
GetModuleFileNameW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
CreateNamedPipeA
Process32Next
GetStdHandle
CreateRemoteThread
DisconnectNamedPipe
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
RtlUnwind
GetCurrentProcessId
LCMapStringW
OpenProcess
UnhandledExceptionFilter
IsValidCodePage
CreateFileA
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
CreateThread
TlsFree
DeleteCriticalSection
ReadFile
WaitNamedPipeA
WriteFile
ResetEvent
GetSystemTimeAsFileTime
Process32First
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
ConnectNamedPipe
GetConsoleCP
SetUnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
CreateFileW
GetStringTypeW
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CloseHandle
EncodePointer
GetCurrentThreadId
WriteConsoleW
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:10:10 14:08:15+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
69120

LinkerVersion
12.0

EntryPoint
0x372f

InitializedDataSize
449536

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 90421f8531f963d81cf54245b72cde80
SHA1 19852c69e99aa0995a4707f040073d8032318441
SHA256 a5725af4391d21a232dc6d4ad33d7d915bd190bdac9b1826b73f364dc5c1aa65
ssdeep
12288:Erxi2HvPtp9aCjMdYes3XhiskY8dW0YT:ErIKPtbRisKdW0

authentihash ebeed7a4b929624fdb259204b3a322fb4cfe796a47754b8237634f539cb4fa48
imphash b910ad6677f76eb45e20700d3ea0de3b
File size 499.5 KB ( 511488 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-10-21 13:35:33 UTC ( 1 year, 1 month ago )
Last submission 2016-10-21 13:35:33 UTC ( 1 year, 1 month ago )
File names injectDll32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!