× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a5075b2adccf0c13e9b195e8fb200a8429994b24271f3fd25a67c8e550aa5cc
File name: yahoo
Detection ratio: 0 / 54
Analysis date: 2014-10-24 09:12:52 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20141024
AegisLab 20141024
Yandex 20141023
AhnLab-V3 20141023
Antiy-AVL 20141024
Avast 20141024
AVG 20141024
Avira (no cloud) 20141024
AVware 20141024
Baidu-International 20141023
BitDefender 20141024
Bkav 20141023
ByteHero 20141024
CAT-QuickHeal 20141022
ClamAV 20141023
CMC 20141024
Comodo 20141024
Cyren 20141024
DrWeb 20141024
Emsisoft 20141024
ESET-NOD32 20141024
F-Prot 20141021
F-Secure 20141024
Fortinet 20141024
GData 20141024
Ikarus 20141024
Jiangmin 20141023
K7AntiVirus 20141024
K7GW 20141023
Kaspersky 20141024
Kingsoft 20141024
Malwarebytes 20141024
McAfee 20141024
McAfee-GW-Edition 20141023
Microsoft 20141024
eScan 20141022
NANO-Antivirus 20141024
Norman 20141024
nProtect 20141024
Qihoo-360 20141024
Rising 20141023
Sophos AV 20141024
SUPERAntiSpyware 20141024
Symantec 20141024
Tencent 20141024
TheHacker 20141022
TotalDefense 20141024
TrendMicro 20141024
TrendMicro-HouseCall 20141024
VBA32 20141023
VIPRE 20141024
ViRobot 20141024
Zillya 20141023
Zoner 20141020
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2003-2006 Gennady Feldman

Publisher Gennady Feldman
Product Miranda
Original name yahoo.dll
Internal name yahoo
File version 0.9.211.0
Description Miranda Yahoo plugin
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-06 15:11:05
Entry Point 0x00019659
Number of sections 5
PE sections
PE imports
lstrlenA
GetModuleFileNameW
WaitForSingleObject
SetEvent
GetTickCount
lstrlenW
GetFileSize
lstrcatA
DeleteFileW
WideCharToMultiByte
lstrcmpiA
lstrcmpA
ReadFile
WriteFile
CloseHandle
lstrcpynA
lstrcmpW
CreateEventW
lstrcpyA
CreateFileW
Sleep
SetEndOfFile
CreateFileA
SleepEx
ResetEvent
strncmp
malloc
sscanf
realloc
memset
_wcsnicmp
__dllonexit
_waccess
_access
strlen
strncpy
strncat
wcslen
strcspn
strtol
_onexit
_wcsdup
_strdup
sprintf
_itow
strrchr
_wstat
_adjust_fdiv
strchr
_strlwr
_isctype
atoi
wcschr
wcsncpy
memcmp
free
_vsnprintf
atol
calloc
memcpy
_pctype
_stat
_wcslwr
_snprintf
__mb_cur_max
strstr
_errno
strerror
wcscpy
strcpy
time
_strnicmp
_initterm
strcmp
SetFocus
GetParent
DefWindowProcW
CopyIcon
ShowWindow
SendDlgItemMessageA
SetWindowLongW
MessageBoxW
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
CreateDialogParamW
SendMessageW
SendMessageA
GetDlgItem
wsprintfA
IsDlgButtonChecked
SetDlgItemInt
GetFocus
GetWindowLongW
SetForegroundWindow
DestroyWindow
gethostbyname
inet_addr
PE exports
Number of PE resources by type
RT_ICON 15
RT_DIALOG 7
RT_GROUP_ICON 7
RT_VERSION 1
Number of PE resources by language
RUSSIAN 30
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.9.21.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
81920

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2003-2006 Gennady Feldman

FileVersion
0.9.211.0

TimeStamp
2011:05:06 16:11:05+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
yahoo

FileAccessDate
2014:10:24 10:14:31+01:00

ProductVersion
0.9.211.0

FileDescription
Miranda Yahoo plugin

OSVersion
4.0

FileCreateDate
2014:10:24 10:14:31+01:00

OriginalFilename
yahoo.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gennady Feldman

CodeSize
102400

ProductName
Miranda

ProductVersionNumber
0.9.21.0

EntryPoint
0x19659

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 0d30f8511e9cdc5d4ef1ed5b07961ed3
SHA1 8e8294d2d1d55b1fb1e20918d87b204b844c952e
SHA256 2a5075b2adccf0c13e9b195e8fb200a8429994b24271f3fd25a67c8e550aa5cc
ssdeep
3072:ng3YpiEvuHH1y7KnDbTRXwEXxRzN8oOWEKscGOvv+KWSd1n7MQMuFPUGkkkkckk2:LpisuHH1y7oDBXzna/s9ZT7MX4UGkkkW

authentihash b282c934ec61f90aa0d75a4e3d8e5aec8fb5d3afc4a85df3011b5e98e45ec8ef
imphash ad1902cf90cf5fd58bd28b1c876f5b61
File size 180.1 KB ( 184424 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Miranda IM plugin (31.2%)
Win32 Dynamic Link Library (generic) (9.7%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2011-05-07 07:57:40 UTC ( 7 years, 7 months ago )
Last submission 2011-05-07 07:57:40 UTC ( 7 years, 7 months ago )
File names Yahoo.dll
0A5006056818E7E0D09D02F3D463D60037CBFF48.dll
yahoo
yahoo.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!