× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f64dd759d7ae9a5ba7b2b39a0758f13a4e7475e638743503d2139e0dafa91e7
File name: 1f64dd759d7ae9a5ba7b2b39a0758f13a4e7475e638743503d2139e0dafa91e7....
Detection ratio: 25 / 42
Analysis date: 2012-06-12 11:12:30 UTC ( 6 years, 5 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.Genome.gen 20120612
AVG Generic28.IUZ 20120612
BitDefender Gen:Variant.Graftor.1181 20120612
CAT-QuickHeal Trojan.Genome.addxl 20120612
Comodo UnclassifiedMalware 20120612
DrWeb Trojan.PWS.Gamania.34694 20120612
F-Secure Gen:Variant.Graftor.1181 20120612
Fortinet W32/Genome.ADDXL!tr 20120612
GData Gen:Variant.Graftor.1181 20120612
Ikarus Trojan.Win32.Sasfis 20120612
Jiangmin Trojan/Genome.bkbk 20120612
K7AntiVirus Riskware 20120611
Kaspersky Trojan.Win32.Genome.addxl 20120612
McAfee Artemis!C18B5D8A4468 20120612
McAfee-GW-Edition Artemis!C18B5D8A4468 20120612
Microsoft VirTool:Win32/DelfInject.gen!X 20120607
NOD32 a variant of Win32/FlyStudio.Injector.A 20120612
PCTools Trojan.Gen 20120612
Sophos AV Mal/Generic-L 20120612
Symantec Trojan.Gen 20120612
TrendMicro TROJ_SPNR.30EE12 20120612
TrendMicro-HouseCall TROJ_SPNR.30EE12 20120611
VBA32 TrojanSpy.QQLogger.hdv 20120611
VIPRE Trojan.Win32.Generic!BT 20120612
VirusBuster Trojan.Genome!1aZ15hLpw6g 20120611
AhnLab-V3 20120611
AntiVir 20120612
Avast 20120612
ByteHero 20120612
ClamAV 20120612
Commtouch 20120612
Emsisoft 20120612
eSafe 20120610
F-Prot 20120611
Norman 20120611
nProtect 20120612
Panda 20120611
Rising 20120612
SUPERAntiSpyware 20120612
TheHacker 20120612
TotalDefense 20120612
ViRobot 20120612
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signing date 12:38 PM 10/22/2011
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-10-22 10:37:03
Entry Point 0x00004A89
Number of sections 4
PE sections
PE imports
RtlMoveMemory, VirtualAlloc, VirtualFree, LoadLibraryA, GetProcAddress, lstrlenA, RtlFillMemory, CreateThread, CloseHandle, GetProcessHeap, GetModuleHandleA, ExitProcess, HeapAlloc, HeapReAlloc, HeapFree, IsBadReadPtr, CreateDirectoryA, SetFileAttributesA, ReadFile, GetFileSize, CreateFileA, GetModuleFileNameA, WriteFile, GetPrivateProfileStringA, FlushFileBuffers, SetStdHandle, GetStringTypeW, GetStringTypeA, RtlUnwind, GetCommandLineA, GetVersion, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, LCMapStringA, LCMapStringW, RaiseException, GetCPInfo, GetACP, GetOEMCP, SetFilePointer
SHGetSpecialFolderPathA
StrToIntExA, PathFileExistsA
wsprintfA, MessageBoxA
RtlCompareMemory
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:10:22 12:37:03+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

EntryPoint
0x4a89

InitializedDataSize
208896

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c18b5d8a4468b64620b99e9842aed728
SHA1 ba6e2582926271a79add8b5bd6061080c40e60f0
SHA256 1f64dd759d7ae9a5ba7b2b39a0758f13a4e7475e638743503d2139e0dafa91e7
ssdeep
3072:UitiHQSStCnM77CkuMXKvx0FOId7UiyQ/WxVAQgUnOZt9nMAU2i:UitiwEM77CkuMYx0TdByQOrAlZMS

File size 253.1 KB ( 259128 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
Tags
armadillo signed

VirusTotal metadata
First submission 2011-12-28 08:31:10 UTC ( 6 years, 11 months ago )
Last submission 2012-06-12 11:12:30 UTC ( 6 years, 5 months ago )
File names 1F64DD759D7AE9A5BA7B2B39A0758F13A4E7475E638743503D2139E0DAFA91E7.dat
1f64dd759d7ae9a5ba7b2b39a0758f13a4e7475e638743503d2139e0dafa91e7.nad2
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!