× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 171a5405f1614c0055afd6572ec447a3b9106629e441ad1d006baf0cf1bb183d
File name: 26c1c810ed73b1812a6c31e71fbec468
Detection ratio: 39 / 46
Analysis date: 2013-03-01 04:06:00 UTC ( 5 years, 2 months ago )
Antivirus Result Update
Yandex Trojan.BHO!2hH3si2tNCs 20130228
AhnLab-V3 Win-Trojan/Fakeav.18944.B 20130228
AntiVir TR/Fakeinit.A.125 20130301
Avast Win32:Malware-gen 20130301
AVG Downloader.Crypter.O 20130301
BitDefender Trojan.Generic.4665939 20130301
Commtouch W32/MalwareS.AGXG 20130301
Comodo UnclassifiedMalware 20130228
DrWeb Trojan.Fakealert.4524 20130301
Emsisoft Adware.Win32.InternetSecurity2010 (A) 20130301
ESET-NOD32 Win32/TrojanDownloader.FakeAlert.ASI 20130301
F-Prot W32/MalwareS.AGXG 20130301
F-Secure Trojan.Generic.4665939 20130228
Fortinet W32/Opachki.E!tr 20130301
GData Trojan.Generic.4665939 20130301
Ikarus Trojan.Win32.BHO 20130226
Jiangmin Trojan/BHO.jew 20130301
K7AntiVirus Riskware 20130228
Kaspersky Trojan.Win32.BHO.adgm 20130301
Kingsoft Win32.Troj.BHO.(kcloud) 20130225
Malwarebytes Trojan.BHO 20130301
McAfee Fakealert-KS.dll 20130301
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Backdoor.H 20130301
Microsoft Rogue:Win32/Fakeinit 20130301
eScan Trojan.Generic.4665939 20130301
NANO-Antivirus Trojan.Win32.BHO.cqxmh 20130301
Norman Fakeinit.G 20130228
nProtect Trojan/W32.Small.18944.IT 20130228
Panda Trj/Katusha.J 20130228
PCTools 61715 20130301
Rising Trojan.Win32.Generic.11E61FF4 20130228
Sophos AV Mal/FakeAV-BX 20130301
Symantec Trojan.FakeAV 20130301
TheHacker Trojan/BHO.adgm 20130228
TotalDefense Win32/FakeAlert.AZK 20130228
TrendMicro TROJ_ADGM.B 20130301
TrendMicro-HouseCall TROJ_ADGM.B 20130301
VIPRE VirTool.Win32.Obfuscator.hg!a (v) 20130301
ViRobot Trojan.Win32.BHO.18944.J 20130301
Antiy-AVL 20130228
ByteHero 20130221
CAT-QuickHeal 20130228
ClamAV 20130301
eSafe 20130211
SUPERAntiSpyware 20130301
VBA32 20130228
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-04 20:11:29
Entry Point 0x00001C87
Number of sections 4
PE sections
PE imports
RegOpenKeyExW
GetDeviceCaps
CreateSolidBrush
GetDIBits
GetLastError
HeapFree
GetOEMCP
LCMapStringA
HeapAlloc
VirtualProtect
lstrcmpiW
LockFile
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetCurrentProcessId
GetDateFormatW
GetCommandLineW
SetErrorMode
ExitProcess
TlsGetValue
GlobalLock
GetProcessHeap
SetStdHandle
TlsFree
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetACP
GetModuleHandleW
GetVersion
SetEnvironmentVariableA
SetConsoleCP
SearchPathW
OutputDebugStringW
InterlockedDecrement
GetTickCount
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
SetLastError
InterlockedIncrement
LZRead
LZCopy
LZClose
malloc
_wcsicmp
_errno
_adjust_fdiv
??0exception@@QAE@ABQBD@Z
__getmainargs
_initterm
CoMarshalHresult
SystemParametersInfoA
LoadStringA
IsDialogMessageW
SetDlgItemTextA
GetCapture
CheckRadioButton
GetFocus
GetWindowLongW
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:10:04 21:11:29+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
3584

LinkerVersion
48.21

EntryPoint
0x1c87

InitializedDataSize
37376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 26c1c810ed73b1812a6c31e71fbec468
SHA1 12150c98b6fce345af523200808ef0414f8717ff
SHA256 171a5405f1614c0055afd6572ec447a3b9106629e441ad1d006baf0cf1bb183d
ssdeep
384:0kLveNYA+wK1d0+A6rnnInYZ7kirMd5y3qnigWLKe5:FLZADK11DeYZ7kirMdm5

File size 18.5 KB ( 18944 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
pedll

VirusTotal metadata
First submission 2010-01-17 21:56:17 UTC ( 8 years, 4 months ago )
Last submission 2013-03-01 04:06:00 UTC ( 5 years, 2 months ago )
File names O4GA03M.dwg
26c1c810ed73b1812a6c31e71fbec468
26C1C810ED73B1812A6C31E71FBEC468
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!