× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 207ffc28743a64c8514df05f382f2a424ba44207297678f4ea7c798c640eb91b
File name: ff_unrar.dll
Detection ratio: 11 / 57
Analysis date: 2015-01-24 17:20:31 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.50006 20150124
Avira (no cloud) PCK/Themida 20150124
BitDefender Gen:Variant.Symmi.50006 20150124
Bkav HW32.Packed.E909 20150124
Emsisoft Gen:Variant.Symmi.50006 (B) 20150124
ESET-NOD32 a variant of Win32/Boaxxe.CO.gen 20150124
F-Secure Gen:Variant.Symmi.50006 20150124
GData Gen:Variant.Symmi.50006 20150124
McAfee Trojan-FFPD!0FCCDC92566F 20150124
McAfee-GW-Edition BehavesLike.Win32.Sefnit.tc 20150124
eScan Gen:Variant.Symmi.50006 20150124
AegisLab 20150124
Yandex 20150124
AhnLab-V3 20150124
Alibaba 20150120
ALYac 20150202
Antiy-AVL 20150124
Avast 20150124
AVG 20150124
AVware 20150124
Baidu-International 20150124
ByteHero 20150124
CAT-QuickHeal 20150124
ClamAV 20150124
CMC 20150124
Comodo 20150124
Cyren 20150124
DrWeb 20150202
F-Prot 20150124
Fortinet 20150124
Ikarus 20150124
Jiangmin 20150123
K7AntiVirus 20150124
K7GW 20150124
Kaspersky 20150124
Kingsoft 20150124
Malwarebytes 20150124
Microsoft 20150124
NANO-Antivirus 20150124
Norman 20150123
nProtect 20150123
Panda 20150124
Qihoo-360 20150124
Rising 20150123
Sophos AV 20150124
SUPERAntiSpyware 20150124
Symantec 20150124
Tencent 20150202
TheHacker 20150123
TotalDefense 20150124
TrendMicro 20150124
TrendMicro-HouseCall 20150124
VBA32 20150123
VIPRE 20150124
ViRobot 20150124
Zillya 20150124
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-07 18:40:46
Entry Point 0x00355000
Number of sections 6
PE sections
PE imports
InitCommonControls
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:07 19:40:46+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
5632

LinkerVersion
9.0

FileAccessDate
2015:01:24 18:20:44+01:00

EntryPoint
0x355000

InitializedDataSize
3584

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2015:01:24 18:20:44+01:00

UninitializedDataSize
0

File identification
MD5 0fccdc92566f11d67d7e9144f388dabb
SHA1 cc5d21fd868e5716a7a9c53639ab6614d5027340
SHA256 207ffc28743a64c8514df05f382f2a424ba44207297678f4ea7c798c640eb91b
ssdeep
24576:WNofIHTp3wGH6sl7nw1biPzFKLm+K3k+Oalf3IjQaP1mOlWuhAb33P:sofGDHRebWzFONK3kYlfYjfjDh2

authentihash 4df485aeb58ad825072cda72483d44f8410762674f8820b24626e287cb3c5b43
imphash baa93d47220682c04d92f7797d9224ce
File size 1.2 MB ( 1299968 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-01-24 17:20:31 UTC ( 4 years, 1 month ago )
Last submission 2015-01-24 17:20:31 UTC ( 4 years, 1 month ago )
File names ff_unrar.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!