5518a9f522c78bc6f59981bbcee1baae

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2015-Jun-07 14:39:20
FileDescription
FileVersion 1.0.0.0
InternalName 8of8u18k.dll
LegalCopyright
OriginalFilename 8of8u18k.dll
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET DLL -> Microsoft
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious VirusTotal score: 33/54 (Scanned on 2016-07-04 13:05:49) MicroWorld-eScan: Adware.Linkury.BD
nProtect: Adware.Linkury.BD
McAfee: Artemis!5518A9F522C7
Malwarebytes: PUP.Optional.Linkury
SUPERAntiSpyware: PUP.Linkury/Variant
K7GW: Adware ( 004dc64f1 )
K7AntiVirus: Adware ( 004dc64f1 )
F-Prot: W32/S-9c8f0b67!Eldorado
Symantec: PUA.Smartbar
ESET-NOD32: a variant of MSIL/Toolbar.Linkury.AJ potentially unwanted
Avast: Win32:Linkury-E [PUP]
Kaspersky: not-a-virus:HEUR:AdWare.MSIL.Linkury.chu
BitDefender: Adware.Linkury.BD
NANO-Antivirus: Trojan.Win32.Linkury.dknlqw
AegisLab: Troj.MSIL.Zapchast.m9d1
Ad-Aware: Adware.Linkury.BD
Emsisoft: Adware.Linkury.BD (B)
Comodo: Application.MSIL.Linkury.J
F-Secure: Adware.Linkury.BD
DrWeb: Adware.Linkury.14
VIPRE: Adware.Linkury (fs)
McAfee-GW-Edition: BehavesLike.Win32.Downloader.xt
Cyren: W32/S-9c8f0b67!Eldorado
Antiy-AVL: GrayWare[Adware]/MSIL.Linkury.aj
Arcabit: Adware.Linkury.BD
ViRobot: Trojan.Win32.AD-Agent.8704[h]
GData: Adware.Linkury.BD
ALYac: Adware.Linkury.BD
AVware: Adware.Linkury (fs)
Ikarus: PUA.Linkury
AVG: Generic6.CFVG
Panda: Trj/CI.A
Qihoo-360: HEUR/QVM23.1.Malware.Gen

Hashes

MD5 5518a9f522c78bc6f59981bbcee1baae
SHA1 0d43f6b2235d406760d8bbac5c5e23e966ba7658
SHA256 4f92a2985fcf91a21c40b09dc07fd180bb9859377a8faf701356039fb8b3a145
SHA3 a7404505f64bea95466730356858fe90291db42c21f0a9435066cedb343bd3b1
SSDeep 96:5OUFNlZRq5aQzE/VvJdkNkfO6TRWRyCZ2izfMVFQ76NwJKhamlHliFDcxdPRrmr:XNzR0azDYR9nL0wJKAmqFgnx/P
Imports Hash dae02f32a21e03ce65412f6e56942daa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2015-Jun-07 14:39:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x1a00
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000398E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 342851d4b39224166a7ffc6cceb5a50f
SHA1 908c852c2145b790861d4013821e251688b3be00
SHA256 b43b8a5de92f4ba19ea68062e54bf24a84a555fcb463ca083648287e478b6fad
SHA3 d92d3a7ba745aae84c9bac74a6dc82939f3b7b8a903aa6778d62f89093df94f8
VirtualSize 0x1994
VirtualAddress 0x2000
SizeOfRawData 0x1a00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.3904

.rsrc

MD5 fc2531d5011f3dd58313863f66c9ecfe
SHA1 bbeeda4027a464d0f5c6fba5d3b9e9668f98d628
SHA256 35e989ce39790e2f4e5dbbd7a9af8d662ed386744c34b7df406672802c357c9e
SHA3 be0e629b4343349b76b7224d06283028818e57fd742d7ac5b8b6e72087a5bf81
VirtualSize 0x2a8
VirtualAddress 0x4000
SizeOfRawData 0x400
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.19948

.reloc

MD5 1b5cc02c2fde6d18c0eed3b36405745d
SHA1 d3f799dacb42bde6f9b3b577d2c6dc0dc5b5b830
SHA256 fa83494c1e8239f4d52adf8b1ceb85e937cccb2ecc393a4b88c86d356a549e02
SHA3 c8cd023533eb4df003cd11a7ba4c25f34361a706c0ebd8292db6d6b6e63ad30b
VirtualSize 0xc
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorDllMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x24c
Entropy 3.21638
MD5 1ee86e1eb4d4da9e9ebc54e6001c56a2
SHA1 b3bf7fe354c99b5cd094f68b6289fed090a4546d
SHA256 30c944304b5b2b8891aca8286e5124626f9d4f357feb4bab183afa3dd46161b7
SHA3 08b6e558289350a9177d814a27ab5fd5e2e3ee23b6d31c4f79e403feaea77669

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
FileDescription
FileVersion (#2) 1.0.0.0
InternalName 8of8u18k.dll
LegalCopyright
OriginalFilename 8of8u18k.dll
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors