× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 105fe9735add6aec937c9e6f611d512511c050895fd863a216d25980c54fad45
File name: 1.dll
Detection ratio: 1 / 57
Analysis date: 2015-01-15 10:40:57 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.C396 20150114
Ad-Aware 20150115
AegisLab 20150115
Yandex 20150114
AhnLab-V3 20150115
Alibaba 20150115
ALYac 20150115
Antiy-AVL 20150115
Avast 20150115
AVG 20150115
Avira (no cloud) 20150115
AVware 20150115
Baidu-International 20150115
BitDefender 20150115
ByteHero 20150115
CAT-QuickHeal 20150115
ClamAV 20150115
CMC 20150113
Comodo 20150115
Cyren 20150115
DrWeb 20150115
Emsisoft 20150115
ESET-NOD32 20150115
F-Prot 20150115
F-Secure 20150115
Fortinet 20150115
GData 20150115
Ikarus 20150115
Jiangmin 20150114
K7AntiVirus 20150115
K7GW 20150114
Kaspersky 20150115
Kingsoft 20150115
Malwarebytes 20150115
McAfee 20150115
McAfee-GW-Edition 20150115
Microsoft 20150115
eScan 20150115
NANO-Antivirus 20150115
Norman 20150115
nProtect 20150115
Panda 20150115
Qihoo-360 20150115
Rising 20150114
Sophos 20150115
SUPERAntiSpyware 20150115
Symantec 20150115
Tencent 20150115
TheHacker 20150112
TotalDefense 20150114
TrendMicro 20150115
TrendMicro-HouseCall 20150115
VBA32 20150115
VIPRE 20150115
ViRobot 20150115
Zillya 20150115
Zoner 20150114
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name ADs
Internal name ADs
File version 5.1.3600.5512 (xpsp.080413-2113)
Description ?????????? DLL ?????? ?????????????? AD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-15 07:38:06
Entry Point 0x00008BB0
Number of sections 10
PE sections
PE imports
ClusterNodeEnum
GetClusterResourceKey
ClusterRegGetKeySecurity
SetBkColor
CreateDIBPatternBrushPt
FindFirstFileW
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
LocalLock
GetDriveTypeW
QueryDepthSList
SetCommBreak
FileTimeToSystemTime
GetVersionExW
FreeLibrary
MoveFileWithProgressA
GlobalFindAtomA
GetProcessTimes
IsBadWritePtr
SetConsoleCursorPosition
CreateMailslotA
LoadLibraryA
CreateNamedPipeA
GetModuleFileNameA
GetShortPathNameA
SetDefaultCommConfigW
HeapSetInformation
EnumCalendarInfoA
GetWindowsDirectoryW
CommConfigDialogW
SetThreadPriority
LocalAlloc
WriteProfileStringA
DebugActiveProcessStop
GetVolumeInformationW
WritePrivateProfileSectionW
BuildCommDCBAndTimeoutsW
GetCommProperties
MultiByteToWideChar
GenerateConsoleCtrlEvent
GetVolumePathNamesForVolumeNameA
BackupRead
WriteProfileSectionW
GetProcAddress
InterlockedCompareExchange
FillConsoleOutputAttribute
EnumResourceLanguagesW
SetFilePointer
RaiseException
InterlockedExchangeAdd
FreeEnvironmentStringsA
GetBinaryTypeW
GetModuleHandleA
DebugBreakProcess
CreateJobObjectW
GlobalFix
InterlockedExchange
CreateDirectoryExA
OutputDebugStringA
GetThreadTimes
DeleteTimerQueueEx
GetSystemDirectoryA
SetMailslotInfo
SetCommTimeouts
GetPrivateProfileSectionW
LocalFree
ResumeThread
GlobalGetAtomNameA
FindFirstVolumeA
GetModuleHandleExW
GetCurrencyFormatA
SetConsoleMode
CreateWaitableTimerW
EnumSystemGeoID
Sleep
LocalShrink
LocalUnlock
MprConfigTransportCreate
MprAdminMIBBufferFree
MprConfigTransportGetInfo
MprAdminServerGetInfo
VarUI4FromBool
mbtowc
strtok
exit
setbuf
putwc
iswupper
setvbuf
strtol
vsprintf
memset
iswlower
towlower
memcmp
mbstowcs
memcpy
strncpy
VerSetConditionMask
PdhCollectQueryData
PdhSetCounterScaleFactor
RevokeBindStatusCallback
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
249856

OriginalFilename
ADs

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.3600.5512 (xpsp.080413-2113)

TimeStamp
2015:01:15 08:38:06+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ADs

ProductVersion
5.1.2300.5512

FileDescription
DLL AD

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
77824

ProductName
Microsoft Windows

ProductVersionNumber
5.1.3600.5512

EntryPoint
0x8bb0

ObjectFileType
Dynamic link library

File identification
MD5 54314693eeef8bab50128747e9ec8132
SHA1 711f8f1c4df6b614a79cac5ccd39819e77791806
SHA256 105fe9735add6aec937c9e6f611d512511c050895fd863a216d25980c54fad45
ssdeep
3072:Xn6VqH2BYnFK6mChko/p8dogMDDpwnN/3JOcthDld2F3PvjD35HnDKOnuEj3r0/F:deYc6+coogMHANPHhX2F3TD3H7D1

authentihash 149fc68cc51a636014e92793a3167d0bc2e54a03d7b439e1fee53415fb449ddc
imphash f3b219c247bd9e900834c34268504883
File size 320.0 KB ( 327680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-01-15 10:40:57 UTC ( 2 years, 5 months ago )
Last submission 2015-01-15 13:09:34 UTC ( 2 years, 5 months ago )
File names ADs
1.dll
35.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!