× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 325aaaec471f75cf106f07da2d121a4bacf6aa7f1788607dd97e7ec3bb29cbe2
File name: mndmmkg.dll
Detection ratio: 22 / 42
Analysis date: 2012-04-25 17:46:16 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120424
AntiVir TR/Barys.62589 20120425
Antiy-AVL Trojan/Win32.Cidox.gen 20120425
Avast Win32:Vundo-RE [Trj] 20120425
AVG Win32/Cryptor 20120425
BitDefender Gen:Variant.Barys.627 20120425
Comodo TrojWare.Win32.Trojan.XPack.~gen1 20120425
DrWeb Trojan.Mayachok.1 20120425
Emsisoft Trojan-Dropper.Win32.Cidox!IK 20120425
F-Secure Gen:Variant.Barys.627 20120425
Fortinet W32/Kryptik.CIK!tr 20120425
GData Gen:Variant.Barys.627 20120425
Ikarus Trojan-Dropper.Win32.Cidox 20120425
Kaspersky Trojan.Win32.Cidox.ehf 20120425
McAfee Artemis!35D2309C9079 20120425
McAfee-GW-Edition Artemis!35D2309C9079 20120425
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120425
NOD32 a variant of Win32/Kryptik.ADPS 20120425
Norman W32/Agent.AALCR 20120425
Panda Trj/Genetic.gen 20120425
Sophos AV Troj/Virtum-Gen 20120425
VIPRE Trojan.Win32.Vundo.pb (v) 20120425
ByteHero 20120424
CAT-QuickHeal 20120425
ClamAV 20120425
Commtouch 20120425
eSafe 20120424
eTrust-Vet 20120425
F-Prot 20120425
Jiangmin 20120425
K7AntiVirus 20120425
nProtect 20120425
PCTools 20120424
Rising 20120425
SUPERAntiSpyware 20120402
Symantec 20120425
TheHacker 20120425
TrendMicro 20120425
TrendMicro-HouseCall 20120425
VBA32 20120425
ViRobot 20120425
VirusBuster 20120425
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-02 15:39:34
Entry Point 0x000017EB
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegSetValueExW
Rectangle
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
StrStrIA
PathFileExistsA
GetClientRect
MessageBoxA
GetDC
CoInitialize
CoTaskMemAlloc
PE exports
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2012:04:02 16:39:34+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
33792

LinkerVersion
6.0

EntryPoint
0x17eb

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 35d2309c90791ebe1c4edfe705504458
SHA1 c12292e1521d0a9f7fd89484035611977eb7166f
SHA256 325aaaec471f75cf106f07da2d121a4bacf6aa7f1788607dd97e7ec3bb29cbe2
ssdeep
768:6ydLbQXMVIfyu2vloWZaDzJZSJdMInkVCXXmQXo9tJNoPq:FLbQ8VLu9MsJZWM+kVj4ovJNyq

authentihash 36475b09414c1e53f23a92d6359184d39f85bdba725966e309e6a7cfb7d5a096
imphash 73a6a0b5bd5591e5396d1c4362f1a635
File size 46.0 KB ( 47104 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2012-04-25 17:46:16 UTC ( 6 years, 5 months ago )
Last submission 2016-01-11 01:38:52 UTC ( 2 years, 9 months ago )
File names 325aaaec471f75cf106f07da2d121a4bacf6aa7f1788607dd97e7ec3bb29cbe2.vir
mndmmkg.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!