× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3bafa71597843e6b75161003f018ae98afaf281455f2478790c91cc68aa160fe
File name: 25.tmp
Detection ratio: 33 / 42
Analysis date: 2012-04-25 17:44:37 UTC ( 6 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120423
AntiVir TR/Dldr.Vundo.hiyv.1 20120424
Antiy-AVL Trojan/Win32.Cidox.gen 20120424
Avast Win32:MalOb-JZ [Cryp] 20120424
AVG Agent3.BKHP 20120424
BitDefender Trojan.Generic.7366180 20120424
CAT-QuickHeal Trojan.Cidox.csq 20120424
Commtouch W32/Virtumonde.CW.gen!Eldorado 20120424
Comodo UnclassifiedMalware 20120424
DrWeb Trojan.Mayachok.1 20120424
Emsisoft Trojan-Dropper.Win32.Cidox!IK 20120424
F-Prot W32/Virtumonde.CW.gen!Eldorado 20120424
F-Secure Trojan.Generic.7366180 20120424
Fortinet W32/Kryptik.CIK!tr 20120424
GData Trojan.Generic.7366180 20120424
Ikarus Trojan-Dropper.Win32.Cidox 20120424
Jiangmin Trojan/Cidox.ifg 20120424
K7AntiVirus Riskware 20120420
Kaspersky Trojan.Win32.Cidox.csq 20120424
McAfee Downloader.a!blx 20120424
McAfee-GW-Edition Downloader.a!blx 20120423
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120424
NOD32 Win32/Agent.SFM 20120424
Norman W32/Suspicious_Gen4.WJRP 20120424
nProtect Trojan/W32.Agent.53248.CYK 20120424
Panda Suspicious file 20120424
Sophos AV Troj/Virtum-Gen 20120424
SUPERAntiSpyware Trojan.Agent/Gen-Kundo 20120402
TheHacker Trojan/Cidox.csq 20120424
TrendMicro-HouseCall TROJ_GEN.R4FCDDO 20120424
VBA32 Trojan.Cidox.csq 20120422
VIPRE Trojan.Win32.Vundo.pb (v) 20120424
VirusBuster Trojan.Cidox!IsOmXO6ebnA 20120423
ByteHero 20120424
ClamAV 20120424
eSafe 20120423
eTrust-Vet 20120424
PCTools 20120424
Rising 20120424
Symantec 20120424
TrendMicro 20120424
ViRobot 20120424
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-17 06:49:09
Entry Point 0x0000235E
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegSetValueExW
Rectangle
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
LCMapStringA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
MessageBoxA
GetSystemMetrics
GetClientRect
CoInitialize
CoTaskMemAlloc
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2012:03:17 07:49:09+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x235e

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 30f69e8e99f6cc82021854f73b66e0a4
SHA1 cc6e3f0b1820e39484c01993569fc2632ac72725
SHA256 3bafa71597843e6b75161003f018ae98afaf281455f2478790c91cc68aa160fe
ssdeep
768:nTAn1ocYWMR+mTMiGy3eQRM6gkqMzjpIkGyotnFRSp9CiXo9TXS:En1ocVMR+mTMi53eQy6gkzWyotFeoI

authentihash cf6427a2ce50825dfcbb884089b1431417662f0b5d7bc0d765f0ec2c596f9f31
imphash 5735730f35a5a00b9e5cf3e1e4cb8848
File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2012-03-20 05:11:19 UTC ( 6 years, 7 months ago )
Last submission 2014-02-24 10:56:33 UTC ( 4 years, 8 months ago )
File names Rz92XNckKW.scr
aa
9oTAURw.docm
30f69e8e99f6cc82021854f73b66e0a4.dll
0319-0834
25.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!