× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13e418bf18b03ac80580db69ada305a2b7093dfed00692dcf91a99d2526d3a73
File name: user32.dll
Detection ratio: 7 / 53
Analysis date: 2014-08-22 12:58:52 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140822
AVware Trojan.Win32.Patched.nnn (v) 20140822
Bkav W32.HfsAutoA.8140 20140821
DrWeb Trojan.Siggen6.15240 20140822
McAfee Patched-User32!F9E5A0F72D62 20140822
Qihoo-360 Malware.QVM40.Gen 20140822
VIPRE Trojan.Win32.Patched.nnn (v) 20140822
Ad-Aware 20140822
AegisLab 20140822
Yandex 20140821
AhnLab-V3 20140822
AntiVir 20140822
Antiy-AVL 20140822
AVG 20140822
Baidu-International 20140822
BitDefender 20140822
ByteHero 20131127
CAT-QuickHeal 20140822
ClamAV 20140821
CMC 20140822
Commtouch 20140822
Comodo 20140822
Emsisoft 20140822
ESET-NOD32 20140822
F-Prot 20140822
F-Secure 20140822
Fortinet 20140822
GData 20140822
Ikarus 20140822
Jiangmin 20140821
K7AntiVirus 20140822
K7GW 20140822
Kaspersky 20140822
Kingsoft 20130829
Malwarebytes 20140822
McAfee-GW-Edition 20140822
Microsoft 20140822
eScan 20140822
NANO-Antivirus 20140822
Norman 20140822
nProtect 20140822
Panda 20140822
Rising 20140822
Sophos AV 20140822
SUPERAntiSpyware 20140822
Symantec 20140822
Tencent 20140822
TheHacker 20140817
TotalDefense 20140822
TrendMicro 20140822
TrendMicro-HouseCall 20140822
VBA32 20140822
ViRobot 20140822
Zillya 20140822
Zoner 20140821
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name user32
Internal name user32
File version 5.1.2600.5512 (xpsp.080413-2105)
Description Windows XP USER API Client DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-14 00:11:07
Entry Point 0x0000B217
Number of sections 4
PE sections
PE imports
GdiFixUpHandle
SetDIBits
GetCharABCWidthsW
GetTextMetricsW
GetPaletteEntries
GetCharABCWidthsA
CombineRgn
GdiGetCharDimensions
GetViewportOrgEx
GetObjectType
GetBoundsRect
GdiPrinterThunk
CopyEnhMetaFileW
SetLayout
SetBitmapBits
SetPaletteEntries
OffsetWindowOrgEx
CreateEllipticRgn
GetTextFaceW
MirrorRgn
CreatePalette
CreateDIBitmap
PolyPatBlt
cGetTTFFromFOT
GetDIBits
SetTextAlign
GetTextCharacterExtra
StretchBlt
StretchDIBits
SetBkColor
GdiCreateLocalEnhMetaFile
GetBkColor
SetRectRgn
GetTextCharsetInfo
GetDIBColorTable
DeleteEnhMetaFile
TextOutW
CreateFontIndirectW
GetClipBox
EnumFontsW
TextOutA
GdiProcessSetup
CreateRectRgnIndirect
GdiConvertAndCheckDC
SetLayoutWidth
GetPixel
GetLayout
ExcludeClipRect
TranslateCharsetInfo
SetBkMode
BitBlt
EnableEUDC
GetHFONT
CreateBrushIndirect
SelectPalette
ExtSelectClipRgn
SetBoundsRect
GdiAddFontResourceW
GetTextColor
GetTextExtentPointA
GetCharWidthInfo
bMakePathNameW
DeleteObject
SetGraphicsMode
GetWindowExtEx
GetTextFaceAliasW
PatBlt
CreatePen
GdiGetBitmapBitsSize
SetStretchBltMode
GdiConvertEnhMetaFile
GetDeviceCaps
CreateCompatibleDC
DeleteDC
GetMapMode
GdiCreateLocalMetaFilePict
QueryFontAssocStatus
GetObjectW
CreateDCW
GetCharWidthA
RealizePalette
GdiConvertBitmapV5
OffsetRgn
ExtTextOutW
GdiReleaseDC
CreateBitmap
GetStockObject
GetRgnBox
ExtTextOutA
GdiValidateHandle
GetTextAlign
GetTextExtentPointW
GdiGetCodePage
GdiDllInitialize
GdiConvertMetaFilePict
SelectObject
GetViewportExtEx
SetTextCharacterExtra
GdiConvertToDevmodeW
GetBkMode
SaveDC
GetTextCharset
RestoreDC
CreateDIBSection
SetTextColor
GetCurrentObject
IntersectClipRect
SetViewportOrgEx
bInitSystemAndFontsDirectoriesW
PlayEnhMetaFile
SetBrushOrgEx
CreateRectRgn
GetClipRgn
CopyMetaFileW
Ellipse
CreateSolidBrush
CreateCompatibleBitmap
DeleteMetaFile
SetEvent
ProcessIdToSessionId
GetCurrentProcess
LocalAlloc
GetLogicalDrives
lstrcatW
HeapSize
GetFileTime
IsDBCSLeadByteEx
FindResourceExA
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
WritePrivateProfileStringW
SetLastError
LocalLock
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GlobalFindAtomW
lstrcmpiW
GetUserDefaultLCID
DelayLoadFailureHook
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FoldStringW
GetPrivateProfileStringW
GlobalDeleteAtom
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
SearchPathW
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
HeapFree
LoadLibraryW
GlobalGetAtomNameW
GetComputerNameW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
LoadLibraryA
CopyFileW
GlobalSize
GetFileSize
AddAtomA
DeleteFileW
GetProcAddress
AddAtomW
CreateFileMappingW
CompareStringW
lstrcpyW
GlobalReAlloc
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
IsValidLocale
GlobalLock
LocalSize
CreateFileW
GlobalGetAtomNameA
LocalUnlock
GetLocaleInfoW
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetSystemWindowsDirectoryW
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
lstrlenW
GetAtomNameA
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
GetAtomNameW
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
RegisterWaitForInputIdle
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
UnmapViewOfFile
CreateProcessW
Sleep
NtQueryValueKey
RtlReleaseActivationContext
RtlIsNameLegalDOS8Dot3
sscanf
NtRaiseHardError
RtlRunDecodeUnicodeString
NtQuerySystemInformation
NtSetValueKey
wcstoul
NtDeleteValueKey
swprintf
RtlDeactivateActivationContextUnsafeFast
RtlOpenCurrentUser
NtOpenThreadToken
RtlInitializeCriticalSection
NtEnumerateValueKey
wcstol
NtOpenProcessToken
NtQueryInformationToken
RtlActivateActivationContextUnsafeFast
RtlAnsiStringToUnicodeString
RtlUnwind
NtQueryVirtualMemory
NtQueryKey
NtSetSecurityObject
RtlMultiByteToUnicodeSize
RtlUnicodeStringToInteger
RtlPcToFileHeader
qsort
NtCallbackReturn
RtlMultiByteToUnicodeN
wcslen
wcscmp
RtlUnicodeToMultiByteSize
wcsncat
NlsAnsiCodePage
strrchr
RtlLeaveCriticalSection
CsrClientConnectToServer
wcsrchr
LdrFlushAlternateResourceModules
RtlAllocateHeap
_wcsicmp
NtYieldExecution
NtCreateKey
wcsncpy
RtlNtStatusToDosError
wcscat
RtlRunEncodeUnicodeString
RtlFreeHeap
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlUnicodeToMultiByteN
RtlEnterCriticalSection
RtlDeleteCriticalSection
CsrAllocateCaptureBuffer
_chkstk
RtlImageNtHeader
memmove
RtlInitUnicodeString
RtlQueryInformationActiveActivationContext
NtOpenKey
RtlInitAnsiString
RtlFindActivationContextSectionString
CsrCaptureMessageBuffer
wcscpy
NtQuerySecurityObject
CsrFreeCaptureBuffer
CsrClientCallServer
NtOpenDirectoryObject
NtEnumerateKey
NtQueryInformationProcess
NtClose
PE exports
Number of PE resources by type
RT_ICON 51
RT_GROUP_CURSOR 28
RT_CURSOR 28
RT_STRING 8
RT_MENU 7
RT_BITMAP 7
RT_GROUP_ICON 6
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 138
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188928

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2008:04:14 01:11:07+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
user32

FileAccessDate
2014:10:16 13:02:11+01:00

ProductVersion
5.1.2600.5512

FileDescription
Windows XP USER API Client DLL

OSVersion
5.1

FileCreateDate
2014:10:16 13:02:11+01:00

OriginalFilename
user32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
390144

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.2600.5512

EntryPoint
0xb217

ObjectFileType
Dynamic link library

File identification
MD5 f9e5a0f72d62f5cc2678a1326b91953c
SHA1 123f161ca160761dd4ef9f3ecfbba32ce091802e
SHA256 13e418bf18b03ac80580db69ada305a2b7093dfed00692dcf91a99d2526d3a73
ssdeep
6144:QuML7/oIlCGJPY2Z2AlptXbgz0+Q4odCGfTnpbEdd/fudqsa0jucQgBMacCGNoE4:GoHEHblpWz0jPLhEfgP6WMDoEiY+L/W

authentihash 55d0e796352ed0dfc486307b2d839aa520f6fb4300df41e0b050703b378e14f5
imphash b09cd7cb9ae5a48bd10d5b61d744b752
File size 603.5 KB ( 617984 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-08-22 12:58:52 UTC ( 3 years, 3 months ago )
Last submission 2014-10-16 12:02:06 UTC ( 3 years, 1 month ago )
File names 13E418BF18B03AC80580DB69ADA305A2B7093DFED00692DCF91A99D2526D3A73
F9E5A0F72D62F5CC2678A1326B91953C
user32
user32.dll
user32.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!