home

windllx86.exe

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Publisher:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}  (signed and verified)

MD5:
e48b532a914bf8b893304953e728ba8e

SHA-1:
af6b867db751d975176b8c21f90f34f054636129

SHA-256:
ec2f9bf9aa7f6d437675f27634f19ca9ca6c8e747a8a5dfedc9bc61ecb931ff4

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 7:54:33 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BackDoor.Blackshades.3
9.0.1.05190

ESET NOD32
MSIL/Injector.DPH trojan
6.3.12010.0

File size:
76.1 KB (77,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\ain\windllx86.exe

Digital Signature
Signed by:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:
4/30/2014 5:09:56 AM

Valid to:
4/30/2015 11:09:56 AM

Subject:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:
1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata
Compilation timestamp:
5/5/2014 6:11:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:5t9QclC/59iDs9ca5vp0ZrC4f08ddv8GZTJRSS/Fi9BM24r/SBo:v9LlCh9i49catahy8ddkG7ESdOBWr/Su

Entry address:
0x145FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1867

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
74 KB (75,776 bytes)

Windows Firewall Allowed Program
Name:
windllx86.exe


Scan windllx86.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.