× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6be5be2d16a24430c795faa7ab7cc7826ed24d6d4bc74ad33da5c2ed0c793d0
File name: Windows7111878064044653248.dll
Detection ratio: 29 / 61
Analysis date: 2017-05-22 12:14:03 UTC ( 3 months ago ) View latest
Antivirus Result Update
AegisLab Generic38.Aflr!c 20170522
AhnLab-V3 Trojan/Win32.Agent.C1874731 20170522
ALYac Trojan.Spy.Agent 20170522
Antiy-AVL Trojan/Win32.Agent 20170522
AVG Generic38.AFLR 20170522
AVware Trojan-Spy.Win32.Agent 20170522
CAT-QuickHeal Trojan.Agent 20170522
ClamAV Win.Trojan.Adwind-9 20170522
Comodo UnclassifiedMalware 20170522
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Endgame malicious (moderate confidence) 20170515
GData Win32.Trojan.Agent.BEVX2X 20170522
Ikarus Trojan-Spy.Agent 20170522
Jiangmin Trojan.Agent.arkr 20170522
K7AntiVirus Riskware ( 0040eff71 ) 20170522
K7GW Riskware ( 0040eff71 ) 20170522
Kaspersky Trojan-Spy.Win32.Agent.derv 20170522
Malwarebytes Backdoor.Adwind 20170522
nProtect Trojan-Spy/W32.Agent.46592.O 20170522
Palo Alto Networks (Known Signatures) generic.ml 20170522
Symantec Trojan.Gen.8!cloud 20170522
Tencent Win32.Trojan-spy.Agent.Gvr 20170522
TrendMicro TSPY_BANKER.FIN 20170522
TrendMicro-HouseCall TSPY_BANKER.FIN 20170522
VBA32 TrojanSpy.Agent 20170522
VIPRE Trojan-Spy.Win32.Agent 20170522
ViRobot Trojan.Win32.S.Agent.46592.NE[h] 20170522
Zillya Trojan.Agent.Win32.753846 20170520
ZoneAlarm by Check Point Trojan-Spy.Win32.Agent.derv 20170522
Ad-Aware 20170522
Alibaba 20170522
Arcabit 20170522
Avast 20170522
Avira (no cloud) 20170522
Baidu 20170503
BitDefender 20170522
Bkav 20170522
CMC 20170521
Cyren 20170522
DrWeb 20170522
Emsisoft 20170522
ESET-NOD32 20170522
F-Prot 20170522
F-Secure 20170522
Fortinet 20170522
Sophos ML 20170519
Kingsoft 20170522
McAfee 20170522
McAfee-GW-Edition 20170521
Microsoft 20170522
eScan 20170522
NANO-Antivirus 20170522
Panda 20170521
Qihoo-360 20170522
Rising 20170522
SentinelOne (Static ML) 20170516
Sophos AV 20170521
SUPERAntiSpyware 20170522
Symantec Mobile Insight 20170522
TheHacker 20170522
Webroot 20170522
WhiteArmor 20170517
Yandex 20170518
Zoner 20170522
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-01 03:00:58
Entry Point 0x00001638
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
InterlockedDecrement
IsValidCodePage
HeapCreate
CreateFileW
GetStringTypeW
IsDebuggerPresent
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
GetWindowTextLengthA
GetForegroundWindow
GetMessageW
SetWinEventHook
TranslateMessage
GetWindowTextA
IsWindow
DispatchMessageW
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:07:01 04:00:58+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
28672

LinkerVersion
10.0

EntryPoint
0x1638

InitializedDataSize
16896

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 0b7b52302c8c5df59d960dd97e3abdaf
SHA1 d85524f464dcded54edfcfe6a5056f6c4008bbcb
SHA256 a6be5be2d16a24430c795faa7ab7cc7826ed24d6d4bc74ad33da5c2ed0c793d0
ssdeep
768:5iUNFqJL3HXiQl2DuhacwRZPE7dmvqID8ouM2PkYEDienAZu+P:TNFW33hdxwz87dmRDbkPKg

authentihash d67dcfa81722c105279bc4691785d29d1d21f785d02e70d49f96a3cd29b39f95
imphash 0fb2f695ccd4338b7177f6f7c04901c2
File size 45.5 KB ( 46592 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2016-07-25 08:53:06 UTC ( 1 year ago )
Last submission 2017-08-16 11:51:50 UTC ( 6 days, 20 hours ago )
File names Windows6560471410394167970.dll.3284.dr
Windows6623222102972437428.dll
Windows4471876121148290715.dll
Windows2243273196001735612.dll.3400.dr
Windows4019519840661179790.dll
Windows7483345080277363630.dll.2980.dr
Windows3698305175373293908.dll.2356.dr
Windows6052555107978301025.dll
Windows216327041167401245.dll.3324.dr
DLL FROM JAVA RAT (4)
DLL FROM JAVA RAT
Windows2340907825839713346.dll
Windows2917921557055320813.dll
Windows3251254686014261424.dll
Windows3118957184642155708.dll.2032.dr
Windows1866478807863682762.dll
Windows284937297976722290.dll
Windows2958259380614042498.dll.3764.dr
Windows991944256988915737.dll.4024.dr
Windows7151854774099751521.dll
Windows4631423732639466090.dll.3912.dr
Windows7009809589235553217.dll
Windows7455133520678083875.dll
Windows5471218137939512002.dll.3104.dr
Windows6052555107978301025.dll.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1126.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!