× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f9dc502ef6a458b8b16921fb62f7b9862f41a8019d9c10ba16538bb7c7baa27
File name: CF1988F76063C6B06F350020ECCB1E006C8AB9BA.dll
Detection ratio: 0 / 40
Analysis date: 2011-03-14 08:01:25 UTC ( 8 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 20110314
AntiVir 20110314
Antiy-AVL 20110312
Avast 20110314
Avast5 20110314
AVG 20110313
BitDefender 20110314
CAT-QuickHeal 20110314
ClamAV 20110314
Commtouch 20110314
Comodo 20110314
DrWeb 20110314
eSafe 20110313
eTrust-Vet 20110314
F-Prot 20110314
F-Secure 20110314
Fortinet 20110314
GData 20110314
Ikarus 20110314
Jiangmin 20110314
K7AntiVirus 20110311
McAfee 20110314
McAfee-GW-Edition 20110314
Microsoft 20110314
NOD32 20110313
Norman 20110313
nProtect 20110215
Panda 20110313
Prevx 20110314
Rising 20110314
Sophos AV 20110314
SUPERAntiSpyware 20110313
Symantec 20110314
TheHacker 20110313
TrendMicro 20110314
TrendMicro-HouseCall 20110314
VBA32 20110312
VIPRE 20110314
ViRobot 20110314
VirusBuster 20110313
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
PE header basic information
Number of sections 6
PE sections
PE imports
LocalFree
FormatMessageW
MultiByteToWideChar
FormatMessageA
GetVersion
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent
__Y_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@_W@Z
__4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
__1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
_erase@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@II@Z
_npos@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@2IB
_find@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z
_assign@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z
__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z
_clear@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEXXZ
malloc
_CxxThrowException
__CxxFrameHandler3
memcpy
___V@YAXPAX@Z
__1exception@std@@UAE@XZ
__3@YAXPAX@Z
__0exception@std@@QAE@XZ
__2@YAPAXI@Z
__0exception@std@@QAE@ABV01@@Z
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__lconv_init
__clean_type_info_names_internal
_terminate@@YAXXZ
__type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
free
NdrFullPointerXlatInit
NdrPointerUnmarshall
NdrFullPointerXlatFree
NdrServerInitializeNew
NdrConvert
RpcRaiseException
NdrPointerBufferSize
NdrPointerMarshall
NdrClientInitializeNew
NdrGetBuffer
NdrSendReceive
NdrFreeBuffer
ExifTool file metadata
CodeSize
11264

SubsystemVersion
4.0

Comments
Acronis Dynamic RPC Client

InitializedDataSize
10752

ImageVersion
0.0

ProductName
Acronis Dynamic RPC Client

FileVersionNumber
1.0.0.124

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
rpc_client.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1,0,0,124

TimeStamp
2011:02:03 09:44:13+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
rpc_client

ProductVersion
1,0,0,124

FileDescription
Acronis Dynamic RPC Client

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) Acronis, 2000-2010.

MachineType
Intel 386 or later, and compatibles

CompanyName
Acronis

LegalTrademarks
Acronis

FileSubtype
0

ProductVersionNumber
1.0.0.124

EntryPoint
0x16d0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1df368602fdd61c4dacffff6cfb3396d
SHA1 2ad0a35057645fdc659a7d03e3e4225abbd65753
SHA256 2f9dc502ef6a458b8b16921fb62f7b9862f41a8019d9c10ba16538bb7c7baa27
ssdeep
384:PJGyi/wP1jyoXJ0y81pLj9v6uAd9b4bEHrSFfUVEIMQAOy6MR0g1ZRYJLu17rbC8:1i/wP3DQpHFxbE+FfaBPAOXgoLWXbC8

File size 27.8 KB ( 28512 bytes )
File type Win32 DLL
Magic literal

TrID Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
signed

VirusTotal metadata
First submission 2011-03-14 08:01:25 UTC ( 8 years, 1 month ago )
Last submission 2011-03-14 08:01:25 UTC ( 8 years, 1 month ago )
File names rpc_client.dll
CF1988F76063C6B06F350020ECCB1E006C8AB9BA.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!