× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 285ea9c44a3cbb488ac4558c777dbdf6f01c0917dc2c04254d008dac9ce2dda5
File name: avicap32.dll.x-msdos-program
Detection ratio: 41 / 56
Analysis date: 2016-10-17 08:13:25 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Spy.Pavica.A 20161017
AegisLab DangerousObject.Multi.Generic!c 20161017
AhnLab-V3 Malware/Win32.Generic.N1663829420 20161017
ALYac Trojan.Spy.Pavica.A 20161017
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20161017
Arcabit Trojan.Spy.Pavica.A 20161017
Avast Win32:Malware-gen 20161017
AVG Generic13_c.BHTY 20161017
Avira (no cloud) TR/Taranis.367 20161017
AVware Trojan.Win32.Generic!BT 20161017
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20161015
BitDefender Trojan.Spy.Pavica.A 20161017
Bkav W32.Clod269.Trojan.a20e 20161015
CAT-QuickHeal Trojan.Dynamer 20161017
Comodo UnclassifiedMalware 20161017
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Trojan.Spy.Pavica.A (B) 20161017
ESET-NOD32 a variant of Win32/Spy.Pavica.O 20161017
F-Secure Trojan.Spy.Pavica.A 20161017
Fortinet W32/Pavica.O!tr 20161017
GData Trojan.Spy.Pavica.A 20161017
Ikarus Trojan-Spy.Agent 20161017
Jiangmin Trojan/Generic.bkbip 20161017
K7AntiVirus Spyware ( 004cd5851 ) 20161017
K7GW Spyware ( 004cd5851 ) 20161017
Kaspersky HEUR:Trojan.Win32.Generic 20161017
McAfee Generic.amv 20161017
McAfee-GW-Edition BehavesLike.Win32.Injector.mh 20161017
Microsoft Trojan:Win32/Dynamer!ac 20161017
eScan Trojan.Spy.Pavica.A 20161017
NANO-Antivirus Trojan.Win32.Agent.dvlzgg 20161017
Panda Trj/Genetic.gen 20161016
Rising Malware.Generic!u38BkCKMPAB@5 (thunder) 20161017
Sophos AV Mal/Generic-S 20161017
Symantec Heur.AdvML.C 20161017
Tencent Win32.Trojan.Taranis.Eerd 20161017
TrendMicro TROJ_GEN.R0FBC0DH316 20161017
TrendMicro-HouseCall TROJ_GEN.R0FBC0DH316 20161017
VIPRE Trojan.Win32.Generic!BT 20161017
Yandex Trojan.Agent!ORlk+dd2kN0 20161016
Zillya Trojan.Pavica.Win32.4 20161016
Alibaba 20161017
ClamAV 20161017
CMC 20161017
Cyren 20161017
DrWeb 20161017
F-Prot 20161017
Sophos ML 20160928
Kingsoft 20161017
Malwarebytes 20161016
nProtect 20161017
Qihoo-360 20161017
SUPERAntiSpyware 20161017
TheHacker 20161016
VBA32 20161014
ViRobot 20161017
Zoner 20161017
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-11 21:17:59
Entry Point 0x0000888D
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
CreateWellKnownSid
OpenProcessToken
RegSetValueExW
FreeSid
GetUserNameW
DuplicateToken
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
GetStdHandle
WaitForSingleObject
FindFirstFileW
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
lstrcatA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
WideCharToMultiByte
lstrcmpiA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
IsBadWritePtr
OpenThread
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetThreadContext
TerminateProcess
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
LoadLibraryA
GetFileSize
OpenProcess
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
VirtualProtectEx
GetComputerNameW
lstrcpyW
GetBinaryTypeW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
ResetEvent
Thread32Next
lstrcmpW
SuspendThread
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetEnvironmentStringsW
lstrlenW
Process32NextW
CreateProcessW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
Process32FirstW
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
RtlZeroMemory
RtlUnwind
RtlAdjustPrivilege
RtlDecompressBuffer
NtShutdownSystem
CoCreateInstance
CoUninitialize
CoInitialize
GetDeviceDriverBaseNameW
EnumDeviceDrivers
GetModuleFileNameExW
SHGetSpecialFolderPathW
Ord(165)
CommandLineToArgvW
PathAddBackslashW
PathFindFileNameA
PathRemoveFileSpecW
PathFindFileNameW
GetWindowThreadProcessId
wsprintfA
SetWindowLongW
CallWindowProcW
GetClassNameW
SendMessageW
CharLowerW
EnableWindow
wsprintfW
EnumWindows
GetWindowTextW
GetClientRect
GetDlgCtrlID
GetDlgItem
WaitForInputIdle
GetWindowLongW
GetWindowTextA
FindWindowExW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetGetConnectedState
InternetOpenW
HttpOpenRequestW
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:08:11 22:17:59+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
52224

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x888d

InitializedDataSize
37888

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 fb6d31af6f4fc7dc278f8240e37cb7bc
SHA1 7bbd33a4114f10b2a5570150ed14c692edfe3ba0
SHA256 285ea9c44a3cbb488ac4558c777dbdf6f01c0917dc2c04254d008dac9ce2dda5
ssdeep
1536:fuiGeZG5twWY0A+qHTmT6TU0eLA7RWPYMTatYFNA:fuinSwVf+qzJUpA7RqYMTatYFN

authentihash 24ef6007917e828f4c743dbb1b1d29e67bd96991dde3d2fd8f42d1ad0970fca3
imphash c6904aed0b4d04f02385ae14e1e418fb
File size 84.0 KB ( 86016 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-08-18 12:01:16 UTC ( 3 years, 3 months ago )
Last submission 2018-10-04 02:11:06 UTC ( 2 months, 1 week ago )
File names HTTP-FDv2mTXmqNXEERcOl.exe
avicap32.dll
HTTP-FDv2mTXmqNXEERcOl.exe
avicap32.dll
file.None.0xfffffa80035712a0.dat
file.None.0xfffffa80035712a0.dat.dll
avicap32.dll.x-msdos-program
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!