× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d46baac92c34244c14f4b5e42c8c1c605807f5a32f1605bf21be8b10cd6d6099
File name: 6mHkf3VKB3Anun.dll
Detection ratio: 18 / 55
Analysis date: 2016-12-15 10:10:14 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.RanSerKD.3882238 20161215
AhnLab-V3 Trojan/Win32.Locky.R191955 20161215
Arcabit Trojan.RanSerKD.D3B3CFE 20161215
Avira (no cloud) TR/Crypt.XPACK.Gen 20161215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161207
BitDefender Trojan.RanSerKD.3882238 20161215
Bkav HW32.Packed.8E38 20161214
CrowdStrike Falcon (ML) malicious_confidence_61% (D) 20161024
Emsisoft Trojan-Ransom.Locky (A) 20161215
ESET-NOD32 a variant of Win32/Kryptik.FLON 20161215
F-Secure Trojan.RanSerKD.3882238 20161215
GData Trojan.RanSerKD.3882238 20161215
Invincea virus.win64.expiro.ax 20161202
Malwarebytes Ransom.Locky 20161215
eScan Trojan.RanSerKD.3882238 20161215
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161215
Symantec Suspicious.Cloud.7.F 20161215
Tencent Win32.Trojan.Raas.Auto 20161215
AegisLab 20161215
Alibaba 20161215
ALYac 20161215
Antiy-AVL 20161215
Avast 20161215
AVG 20161215
AVware 20161215
CAT-QuickHeal 20161215
ClamAV 20161215
CMC 20161215
Comodo 20161215
Cyren 20161215
DrWeb 20161215
F-Prot 20161215
Fortinet 20161215
Ikarus 20161214
Jiangmin 20161215
K7AntiVirus 20161215
K7GW 20161215
Kaspersky 20161215
Kingsoft 20161215
McAfee 20161215
McAfee-GW-Edition 20161215
Microsoft 20161215
NANO-Antivirus 20161215
nProtect 20161215
Panda 20161214
Rising 20161215
Sophos 20161215
SUPERAntiSpyware 20161215
TheHacker 20161214
TrendMicro-HouseCall 20161215
Trustlook 20161215
VBA32 20161214
VIPRE 20161215
ViRobot 20161215
WhiteArmor 20161212
Yandex 20161214
Zillya 20161214
Zoner 20161215
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-14 19:06:39
Entry Point 0x0000FB82
Number of sections 5
PE sections
Overlays
MD5 1661a0e838b8cc22a57650c152c9ffb0
File type data
Offset 147968
Size 15191
Entropy 7.99
PE imports
GetOEMCP
GetLastError
GlobalFindAtomA
CloseHandle
IsWindowEnabled
GetForegroundWindow
MessageBoxA
CharLowerW
IsWindowVisible
Ord(161)
free
_exit
malloc
isalnum
__set_app_type
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.0

ImageVersion
0.0

FileVersionNumber
1.2.14.0

LanguageCode
Unknown (????)

FileFlagsMask
0x0000

CharacterSet
Unknown (????)

InitializedDataSize
64000

EntryPoint
0xfb82

MIMEType
application/octet-stream

TimeStamp
2016:12:14 20:06:39+01:00

FileType
Win32 DLL

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
123392

FileSubtype
0

ProductVersionNumber
1.2.14.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 3c0dc513e0745c2d38b7d17dccd92203
SHA1 1095fd2723c60e15f9e49557a0c1534a493790fb
SHA256 d46baac92c34244c14f4b5e42c8c1c605807f5a32f1605bf21be8b10cd6d6099
ssdeep
1536:vVhMXXb/Olm9uZuHm8Yky5odGtDpooGIt8u03egM+/GrdkSzixx+j+Z3te1i2ZKv:thMXL//bfYDu7uRRTiZ3M1tZKxrF

authentihash 38b75439c59d986921610082a2d3faf408332d97e07fa062529aaf2c9ee7ff2a
imphash eea07397253a07dcdbf7fee6b8f2cfa4
File size 159.3 KB ( 163159 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-15 10:10:14 UTC ( 4 months, 1 week ago )
Last submission 2016-12-15 10:10:14 UTC ( 4 months, 1 week ago )
File names 6mHkf3VKB3Anun.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!