× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 313ade9fa2ac22aa3cee0c480b3e057e2034d7e65163925496980395039f3a7d
File name: vt-upload-p1etWX
Detection ratio: 0 / 51
Analysis date: 2014-03-30 01:38:55 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware 20140330
AegisLab 20140330
Yandex 20140329
AhnLab-V3 20140329
AntiVir 20140329
Antiy-AVL 20140329
Avast 20140330
AVG 20140330
Baidu-International 20140329
BitDefender 20140330
Bkav 20140329
ByteHero 20140330
CAT-QuickHeal 20140329
ClamAV 20140330
CMC 20140328
Commtouch 20140330
Comodo 20140330
DrWeb 20140329
Emsisoft 20140330
ESET-NOD32 20140329
F-Prot 20140329
F-Secure 20140330
Fortinet 20140330
GData 20140330
Ikarus 20140329
Jiangmin 20140329
K7AntiVirus 20140328
K7GW 20140328
Kaspersky 20140329
Kingsoft 20140330
Malwarebytes 20140330
McAfee 20140330
McAfee-GW-Edition 20140329
Microsoft 20140330
eScan 20140330
NANO-Antivirus 20140330
Norman 20140329
nProtect 20140328
Panda 20140329
Qihoo-360 20140330
Rising 20140329
Sophos AV 20140329
SUPERAntiSpyware 20140329
Symantec 20140330
TheHacker 20140329
TotalDefense 20140329
TrendMicro 20140330
TrendMicro-HouseCall 20140330
VBA32 20140328
VIPRE 20140330
ViRobot 20140329
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name cscui.dll
Internal name cscui
File version 5.1.2600.5512 (xpsp.080413-2105)
Description ????????? ??????????? ?? ??????? ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-14 16:09:47
Entry Point 0x000017F0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
CopySid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
ConvertStringSidToSidW
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
DuplicateToken
RegOpenKeyExW
LookupAccountNameW
EqualSid
GetTokenInformation
GetUserNameW
IsValidSid
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegEnumValueW
RevertToSelf
RegSetValueExW
ReportEventW
ImpersonateLoggedOnUser
Ord(62)
Ord(60)
Ord(58)
Ord(48)
Ord(49)
Ord(42)
Ord(50)
Ord(11)
Ord(44)
Ord(56)
Ord(46)
Ord(40)
Ord(52)
Ord(9)
Ord(63)
Ord(59)
Ord(51)
Ord(10)
Ord(57)
Ord(45)
Ord(55)
Ord(47)
Ord(65)
Ord(14)
Ord(53)
Ord(41)
GetDeviceCaps
DeleteObject
GetObjectW
CreateFontIndirectW
GetVolumeInformationW
OpenThread
GetVolumePathNameW
LocalReAlloc
EnterCriticalSection
GetComputerNameW
ReleaseMutex
lstrcmpiA
GlobalFree
WaitForSingleObject
FindResourceW
FreeLibrary
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
DisableThreadLibraryCalls
GlobalUnlock
GetLocaleInfoW
GetFileAttributesW
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
DeviceIoControl
GetDriveTypeW
CompareFileTime
SetThreadPriority
LocalAlloc
DelayLoadFailureHook
LockResource
lstrlenW
GetWindowsDirectoryW
UnhandledExceptionFilter
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
SuspendThread
CompareStringW
GetNumberFormatW
CreateThread
GetModuleFileNameW
MoveFileExW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
GlobalLock
GetModuleHandleW
WaitForMultipleObjects
GetThreadPriority
lstrcpynW
SetEvent
LocalFree
FormatMessageW
TerminateProcess
ResumeThread
LoadLibraryW
CreateEventW
GetExitCodeThread
lstrcmpiW
InitializeCriticalSection
LoadResource
OpenEventW
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
InterlockedDecrement
SetLastError
SetFileAttributesW
SetConsoleCtrlHandler
CloseHandle
GetCurrentThreadId
InterlockedIncrement
FreeLibraryAndExitThread
GetLastError
LeaveCriticalSection
SHBindToParent
SHBrowseForFolderW
SHChangeNotify
Ord(165)
Ord(152)
Shell_NotifyIconW
Ord(17)
Ord(18)
SHLoadNonloadedIconOverlayIdentifiers
Ord(68)
SHGetSpecialFolderPathW
Ord(190)
SHGetPathFromIDListW
Ord(196)
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
Ord(155)
Ord(100)
Ord(256)
Ord(102)
Ord(680)
Ord(716)
Ord(701)
Ord(21)
Ord(195)
Ord(16)
PathIsContentTypeW
SHSetValueW
StrRChrW
StrCpyNW
Ord(219)
StrCmpNIW
Ord(354)
StrRetToBufW
PathIsUNCW
PathFindExtensionW
Ord(423)
StrFormatKBSizeW
SHStrDupW
PathIsRootW
SHGetValueW
SHRegGetValueW
PathCompactPathW
StrChrW
SHEnumValueW
PathAddBackslashW
PathRemoveBackslashW
StrCmpIW
SHDeleteValueW
PathStripToRootW
PathCombineW
PathRemoveFileSpecW
Ord(215)
Ord(9)
Ord(476)
SHDeleteKeyW
PathSkipRootW
Ord(346)
Ord(437)
SHCreateStreamOnFileW
PathIsUNCServerW
Ord(424)
PathSetDlgItemPathW
PathAppendW
Ord(224)
Ord(223)
StrToIntW
PathFindNextComponentW
StrDupW
Ord(10)
PathFindFileNameW
AssocCreate
Ord(172)
PathIsSameRootW
wnsprintfW
PathIsUNCServerShareW
Ord(16)
StrStrW
PathCompactPathExW
Ord(199)
Ord(8)
PathIsPrefixW
DestroyMenu
SetWindowPos
IsWindow
ScreenToClient
DispatchMessageW
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClassInfoW
SetMenuDefaultItem
GetNextDlgTabItem
LoadImageW
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
DestroyWindow
GetParent
UpdateWindow
GetPropW
EnumWindows
CheckRadioButton
ShowWindow
SetPropW
SetDlgItemInt
PeekMessageW
InsertMenuItemW
CharUpperW
TranslateMessage
IsWindowEnabled
GetDlgItemInt
RegisterClassW
LoadStringW
EnableMenuItem
GetSubMenu
CreateMenu
IsDialogMessageW
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
RegisterWindowMessageW
DefWindowProcW
KillTimer
SendNotifyMessageW
CheckMenuRadioItem
GetSystemMetrics
SetWindowLongW
GetWindowRect
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
ClientToScreen
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
ExitWindowsEx
GetCursorPos
GetCaretBlinkTime
EndDialog
FindWindowW
MessageBeep
LoadMenuW
GetWindowThreadProcessId
MessageBoxW
MoveWindow
DialogBoxParamW
AppendMenuW
SendMessageTimeoutW
MsgWaitForMultipleObjectsEx
SetDlgItemTextW
DestroyIcon
IsWindowVisible
WinHelpW
CallWindowProcW
GetClassNameW
GetClientRect
GetFocus
EnableWindow
SetCursor
_except_handler3
malloc
memmove
??2@YAPAXI@Z
_ftol
_adjust_fdiv
floor
??3@YAXPAX@Z
__dllonexit
_onexit
free
_initterm
_vsnwprintf
PE exports
Number of PE resources by type
RT_ICON 36
RT_STRING 20
RT_DIALOG 18
RT_GROUP_ICON 10
RT_BITMAP 5
AVI 3
RT_MANIFEST 1
RT_MESSAGETABLE 1
REGINST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 97
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
590336

ImageVersion
5.1

ProductName
Microsoft Windows

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

OriginalFilename
cscui.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2008:04:14 17:09:47+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
cscui

FileAccessDate
2014:03:30 02:41:50+01:00

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.1

FileCreateDate
2014:03:30 02:41:50+01:00

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
141312

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

EntryPoint
0x17f0

ObjectFileType
Dynamic link library

File identification
MD5 115e3fac89f23adf172bc3d63a13ebff
SHA1 999b1b309331237f293b8776ac584c4cf45f730e
SHA256 313ade9fa2ac22aa3cee0c480b3e057e2034d7e65163925496980395039f3a7d
ssdeep
6144:K1u+/W/jgrUJgyoRTM6e6sQbFcsfQZE4JxHrPT7HCrCqxKIus3NmoopRgkeLagn:KM0qlu39FcrL77gHUIus31nx

imphash 6e1d265498d3317c25a46f5c97fded27
File size 715.5 KB ( 732672 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (81.3%)
Win32 Executable MS Visual C++ (generic) (12.5%)
Win32 Dynamic Link Library (generic) (2.6%)
Win32 Executable (generic) (1.8%)
Generic Win/DOS Executable (0.8%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-30 01:38:55 UTC ( 4 years, 11 months ago )
Last submission 2014-03-30 01:38:55 UTC ( 4 years, 11 months ago )
File names cscui.dll
vt-upload-p1etWX
cscui.dll
cscui
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!