× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 248db90727a3eaf2b0b69fe7bbf817bc9ccc9b61adb416fa9ae4da81ba067b6e
File name: calc.exerevt
Detection ratio: 1 / 46
Analysis date: 2013-01-10 23:39:08 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20130110
Yandex 20130110
AhnLab-V3 20130110
AntiVir 20130107
Antiy-AVL 20130110
Avast 20130111
AVG 20130110
BitDefender 20130110
ByteHero 20130108
CAT-QuickHeal 20130110
ClamAV 20130110
Commtouch 20130110
Comodo 20130110
DrWeb 20130111
Emsisoft 20130110
eSafe 20130110
ESET-NOD32 20130110
F-Prot 20130110
F-Secure 20130110
Fortinet 20130110
GData 20130110
Ikarus 20130110
Jiangmin 20121221
K7AntiVirus 20130110
Kingsoft 20130107
Malwarebytes 20130111
McAfee 20130110
McAfee-GW-Edition 20130110
Microsoft 20130111
eScan 20130110
NANO-Antivirus 20130110
Norman 20130110
nProtect 20130110
Panda 20130110
PCTools 20130110
Rising 20130110
Sophos AV 20130110
SUPERAntiSpyware 20130111
Symantec 20130110
TheHacker 20130109
TotalDefense 20130108
TrendMicro 20130110
TrendMicro-HouseCall 20130110
VBA32 20130109
VIPRE 20130110
ViRobot 20130110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-08 19:47:31
Entry Point 0x00005A69
Number of sections 5
PE sections
PE imports
Polygon
GetClipBox
Pie
EqualRgn
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetStringTypeA
GetModuleFileNameW
VirtualProtect
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
AddAtomW
DebugBreak
SetStdHandle
SetFilePointer
lstrcpyW
GetCPInfo
LoadLibraryW
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
GetSystemInfo
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
GetConsoleCP
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
OutputDebugStringW
VirtualQuery
VirtualFree
InterlockedDecrement
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
EnableWindow
MessageBeep
SetWindowPos
DestroyIcon
GetSubMenu
PE exports
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
348160

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2009:04:08 20:47:31+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
AVICAP32.DLL

FileAccessDate
2014:08:20 04:45:27+01:00

ProductVersion
5.1.2600.0

FileDescription
AVI

OSVersion
4.0

FileCreateDate
2014:08:20 04:45:27+01:00

OriginalFilename
AVICAP32.DLL

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
102912

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.0

EntryPoint
0x5a69

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 ec7ad2a9c4ccff2630fb00db435a8941
SHA1 ceb1645cc6422b10b2ddd9674b933a7e245de771
SHA256 248db90727a3eaf2b0b69fe7bbf817bc9ccc9b61adb416fa9ae4da81ba067b6e
ssdeep
3072:CF/Jrq5u95HUIYDn9fq5dCvbptRiC3YialGZFkOdmf4WoastX+UWdyB/Lidtm2b:CFFP0INCvbDRL3Y9piXFWdvq2xmPn8

imphash 4984cfad0d98bcf4a02c3b2585823c0c
File size 259.5 KB ( 265728 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
pedll

VirusTotal metadata
First submission 2013-01-10 23:39:08 UTC ( 5 years, 7 months ago )
Last submission 2013-01-12 06:43:01 UTC ( 5 years, 7 months ago )
File names wgsdgsdgdsgsd.ex_
wpbt0.dll
calc.exerevt
vti-rescan
wgsdgsdgdsgsd.exe
ec7ad2a9c4ccff2630fb00db435a8941
file-5001643_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!