× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11358f267847f565fe0a4c85ba7070247b1be1171caf4fe61da7ec1262eda1e4
File name: dp1.fne
Detection ratio: 32 / 56
Analysis date: 2017-01-24 00:10:25 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3212614 20170124
ALYac Trojan.Generic.3212614 20170123
Arcabit Trojan.Generic.D310546 20170123
Avast Win32:Malware-gen 20170123
AVG Win32/Heur 20170123
Avira (no cloud) TR/Gendal.114688.CG 20170123
AVware Trojan.Win32.Autorun.dm (v) 20170123
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9504 20170123
BitDefender Trojan.Generic.3212614 20170123
ClamAV Win.Worm.FlyStudio-34 20170123
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Heuristic-162!Eldorado 20170123
Emsisoft Trojan.Generic.3212614 (B) 20170123
F-Prot W32/Heuristic-162!Eldorado 20170124
F-Secure Trojan.Generic.3212614 20170124
Fortinet W32/PckdFlyStudio.gen 20170124
GData Trojan.Generic.3212614 20170124
Sophos ML generic.a 20170111
Malwarebytes Worm.AutoRun 20170124
McAfee Artemis!17A9D116EF88 20170124
McAfee-GW-Edition BehavesLike.Win32.Multiplug.ch 20170123
eScan Trojan.Generic.3212614 20170124
NANO-Antivirus Trojan.Win32.EncPkNB.bkqgj 20170123
Panda Generic Malware 20170123
Qihoo-360 Win32/Trojan.959 20170124
Rising Trojan.Generic-Y8ocqylOR3B (cloud) 20170123
Sophos AV Mal/EncPk-NB 20170124
SUPERAntiSpyware Trojan.Agent/Gen-Exploiter 20170123
Symantec ML.Relationship.HighConfidence [Trojan.Gen] 20170123
Tencent Win32.Trojan.Spnr.Dzkj 20170124
VIPRE Trojan.Win32.Autorun.dm (v) 20170124
Yandex Trojan.Crypt.Gen.4 20170123
AegisLab 20170123
AhnLab-V3 20170123
Alibaba 20170122
Antiy-AVL 20170123
CAT-QuickHeal 20170123
CMC 20170123
Comodo 20170123
DrWeb 20170123
ESET-NOD32 20170124
Ikarus 20170123
Jiangmin 20170123
K7AntiVirus 20170123
K7GW 20170124
Kaspersky 20170123
Kingsoft 20170124
Microsoft 20170124
nProtect 20170123
TheHacker 20170123
TotalDefense 20170123
TrendMicro 20170124
TrendMicro-HouseCall 20170124
Trustlook 20170124
VBA32 20170123
ViRobot 20170123
WhiteArmor 20170123
Zillya 20170123
Zoner 20170123
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
Command PE-Crypt.CF
F-PROT PE-Crypt.CF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-24 05:18:47
Entry Point 0x000133CC
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
IsBadReadPtr
SetStdHandle
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
IsBadCodePtr
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
wsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:05:24 06:18:47+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
77824

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
40960

SubsystemVersion
4.0

EntryPoint
0x133cc

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 17a9d116ef885f21ede1e48877389957
SHA1 a95f9e0a268a0ecacd1fcbf3db85391c4de4340b
SHA256 11358f267847f565fe0a4c85ba7070247b1be1171caf4fe61da7ec1262eda1e4
ssdeep
3072:5U+V7O3MGDKsKcnkemlBNPpZSZsFohFGeCug:h7OhDKs3kBlZZSZZ

authentihash 9fa65c4e9b9a4c7eed27211f63c553d807c014321c69850010751c650343798d
imphash add5dd1fa4b0387f15fda385fe0b8dbe
File size 112.0 KB ( 114688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2009-08-23 23:27:56 UTC ( 9 years, 8 months ago )
Last submission 2013-12-24 11:57:18 UTC ( 5 years, 3 months ago )
File names dp1.fne
VirusShare_17a9d116ef885f21ede1e48877389957
5fa6Md.vbs
S4ZxFiZ8.docx
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!