× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2962ac2d0b126bb4b0ba45576504f8b5f00b11be0d6ec00dc7234c556ae4e703
File name: basicserve.dll
Detection ratio: 16 / 47
Analysis date: 2014-01-06 13:28:37 UTC ( 1 year, 4 months ago )
Antivirus Result Update
AVG Skodna.Generic_r.HJ 20140106
Ad-Aware Gen:Variant.Symmi.36512 20140106
AntiVir TR/Crypt.ZPACK.Gen 20140106
Avast Win32:OneStep-BS [Adw] 20140106
Baidu-International Adware.Win32.OneStep.CP 20131213
BitDefender Gen:Variant.Symmi.36512 20140106
Bkav HW32.CDB.Ca92 20140106
ESET-NOD32 a variant of Win32/AdWare.OneStep.CP 20140106
Emsisoft Gen:Variant.Symmi.36512 (B) 20140106
GData Gen:Variant.Symmi.36512 20140106
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
McAfee Artemis!BB5B663710E0 20140106
McAfee-GW-Edition Artemis!BB5B663710E0 20140106
MicroWorld-eScan Gen:Variant.Symmi.36512 20140106
Panda Suspicious file 20140106
VIPRE Trojan.Win32.Generic!BT 20140106
Agnitum 20140106
AhnLab-V3 20140106
Antiy-AVL 20140106
ByteHero 20131226
CAT-QuickHeal 20140106
ClamAV 20140102
Commtouch 20140106
Comodo 20140106
DrWeb 20140106
F-Prot 20140106
Fortinet 20140106
Ikarus 20140106
Jiangmin 20140106
K7AntiVirus 20140106
K7GW 20140106
Kaspersky 20140106
Malwarebytes 20140106
Microsoft 20140106
NANO-Antivirus 20140106
Norman 20140106
Rising 20140106
SUPERAntiSpyware 20140106
Sophos 20140106
Symantec 20140105
TheHacker 20140105
TotalDefense 20140105
TrendMicro 20140106
TrendMicro-HouseCall 20140106
VBA32 20140105
ViRobot 20140106
nProtect 20140106
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-02 18:47:11
Entry Point 0x00002406
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:02 19:47:11+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

EntryPoint
0x2406

InitializedDataSize
2113536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bb5b663710e0fcbe76dc0d5b1dc84b4a
SHA1 157a0aecb34236c4bf8f33606a410957db18b405
SHA256 2962ac2d0b126bb4b0ba45576504f8b5f00b11be0d6ec00dc7234c556ae4e703
ssdeep
49152:ILvEDjLaRV53jRZwzd2iIVRVfvKU/eI2QBp6OMwTv9AU:fPgH3jREd5IVjfyU/emdT6U

File size 2.0 MB ( 2142208 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-01-06 13:28:37 UTC ( 1 year, 4 months ago )
Last submission 2014-01-06 13:28:37 UTC ( 1 year, 4 months ago )
File names basicserve.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!