× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1db9c01c03d2f763066846dfe5ad1b9e9cb103a7bc6526172ed192f966f107d3
File name: 30af2c021867b4044dace2f55d5a6174.dll
Detection ratio: 46 / 50
Analysis date: 2014-02-24 14:13:25 UTC ( 5 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.PWS.OnLineGames.NVI 20140224
Yandex Trojan.OnlineGames.Gen.77 20140223
AhnLab-V3 Win-Trojan/OnlineGameHack.29696.AS 20140224
AntiVir TR/PSW.OnlineGames.rxop.1 20140224
Avast Win32:OnLineGames-DQN [Trj] 20140224
AVG PSW.OnlineGames.AGCK 20140224
Baidu-International Trojan.Win32.OnLineGames.AU 20140224
BitDefender Trojan.PWS.OnLineGames.NVI 20140224
Bkav W32.Clod8e3.Trojan.c8b7 20140224
CAT-QuickHeal Win32.PWS.Frethog.AD.5 20140224
ClamAV Trojan.Spy-26882 20140224
CMC Generic.Win32.30af2c0218!CMCRadar 20140220
Commtouch W32/OnlineGames.AD.gen!Eldorado 20140224
Comodo TrojWare.Win32.PSW.OnLineGames.HCV 20140224
DrWeb Trojan.PWS.Wsgame.12873 20140224
Emsisoft Trojan.PWS.OnLineGames.NVI (B) 20140224
ESET-NOD32 Win32/PSW.OnLineGames.HCV 20140224
F-Prot W32/OnlineGames.AD.gen!Eldorado 20140224
F-Secure Trojan.PWS.OnLineGames.NVI 20140223
Fortinet W32/OnLineGames.NFL!tr.pws 20140224
GData Trojan.PWS.OnLineGames.NVI 20140224
Ikarus Trojan-PWS.Win32.Frethog 20140224
Jiangmin Trojan/Ck88866.DLL.Gen 20140224
K7AntiVirus Password-Stealer ( ae369f4e0 ) 20140224
K7GW Backdoor ( 04c4b58c1 ) 20140224
Kaspersky Trojan-GameThief.Win32.OnLineGames.std 20140224
Kingsoft Win32.Troj.OnLineGamesT.ty.(kcloud) 20140224
Malwarebytes PWS.OnlineGames 20140224
McAfee PWS-Gamania.gen.dll 20140224
McAfee-GW-Edition PWS-OnlineGames.ad 20140224
Microsoft PWS:Win32/Frethog.AD 20140224
eScan Trojan.PWS.OnLineGames.NVI 20140224
NANO-Antivirus Trojan.Win32.OnlineGames.bekuvy 20140223
Norman OnLineGames.gen45 20140224
nProtect Trojan.PWS.OnLineGames.NVI 20140224
Panda Trj/Genetic.gen 20140224
Qihoo-360 Win32/Trojan.GameThief.ef7 20140224
Rising PE:Trojan.Win32.Generic.139EBDCE!329170382 20140223
Sophos AV Mal/LegMir-A 20140224
Symantec Infostealer.Gampass 20140224
TheHacker Trojan/PSW.OnLineGames.rxop 20140222
TotalDefense Win32/Frethog!generic 20140224
TrendMicro TSPY_ONLINEG.RKQ 20140224
TrendMicro-HouseCall TSPY_ONLINEG.RKQ 20140224
VBA32 MalwareScope.Trojan-PSW.Game.1 20140224
VIPRE Trojan-PWS.OnLineGames.NSR 20140224
Antiy-AVL 20140219
ByteHero 20140224
SUPERAntiSpyware 20140223
ViRobot 20140224
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-03-02 11:09:01
Entry Point 0x00005EFB
Number of sections 5
PE sections
PE imports
CreateToolhelp32Snapshot
OpenThread
EnterCriticalSection
WriteProcessMemory
Process32First
TerminateThread
GetLastError
ExitProcess
VirtualProtect
GlobalUnlock
LoadLibraryA
GetCommandLineW
GetModuleFileNameA
Process32Next
GetCurrentProcess
GetPrivateProfileStringA
GetCurrentProcessId
OpenProcess
DeleteFileA
CreateThread
ReadProcessMemory
GetCommandLineA
GetProcAddress
VirtualProtectEx
CreateMutexA
WideCharToMultiByte
GetModuleHandleA
ReadFile
GlobalFree
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GlobalLock
SetThreadContext
TerminateProcess
ResumeThread
InitializeCriticalSection
GlobalAlloc
Sleep
IsBadReadPtr
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
malloc
memset
fclose
strcat
_stricmp
fopen
strlen
strncpy
strchr
??2@YAPAXI@Z
wcslen
_strlwr
sprintf
strrchr
fread
_adjust_fdiv
free
_strupr
atoi
memcpy
strstr
strcpy
_strnicmp
_initterm
strcmp
PathFileExistsA
GetWindowThreadProcessId
GetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
FindWindowA
CallNextHookEx
InternetReadFile
InternetCloseHandle
ImageLoad
ImageUnload
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:03:02 12:09:01+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileAccessDate
2014:02:24 15:32:12+01:00

EntryPoint
0x5efb

InitializedDataSize
10240

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:24 15:32:12+01:00

UninitializedDataSize
0

File identification
MD5 30af2c021867b4044dace2f55d5a6174
SHA1 02c86b173d1a8edb54d0c2fc9f629a632a0f48d9
SHA256 1db9c01c03d2f763066846dfe5ad1b9e9cb103a7bc6526172ed192f966f107d3
ssdeep
768:LHnV4FhwhQUZkrFCa9Aj097NeDnC+VtJLoZNuj:LHni/IQUmZC2enCgMZk

imphash 98c01adec6582a2614c83e26ba4a982d
File size 29.0 KB ( 29696 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2008-03-07 10:29:00 UTC ( 11 years, 2 months ago )
Last submission 2014-02-24 14:13:25 UTC ( 5 years, 3 months ago )
File names aa
30AF2C021867B4044DACE2F55D5A6174
90x8.mht
nQWYX0USDN.xls
30af2c021867b4044dace2f55d5a6174.dll
30af2c021867b4044dace2f55d5
30af2c021867b4044dace2f55d5a6174
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!