× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e40e6903716e0a59a898242161c55c2ca100e539a665a8634e101346ce289be
File name: deskadp.dll
Detection ratio: 42 / 51
Analysis date: 2014-04-22 02:35:34 UTC ( 1 day, 20 hours ago )
Antivirus Result Update
AVG Generic32.MFD 20140421
Ad-Aware Trojan.Generic.8802964 20140422
Agnitum Trojan.Kryptik!rNH7eqhxra0 20140421
AhnLab-V3 Win32/Cridex.worm.135168.B 20140421
AntiVir Worm/Cridex.E.457 20140422
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140422
Avast Win32:Reveton-SO [Trj] 20140422
Baidu-International Trojan.Win32.Generic.ABSu 20140422
BitDefender Trojan.Generic.8802964 20140422
Bkav W32.BlackholeYHPtv1.Worm 20140418
CAT-QuickHeal Worm.Cridex 20140421
Comodo UnclassifiedMalware 20140422
DrWeb Trojan.Packed.196 20140422
ESET-NOD32 a variant of Win32/Kryptik.BBVY 20140421
Emsisoft Trojan.Generic.8802964 (B) 20140422
F-Secure Trojan.Generic.8802964 20140422
Fortinet W32/Kryptik.ALRY!tr 20140421
GData Trojan.Generic.8802964 20140422
Ikarus Worm.Win32.Cridex 20140422
K7AntiVirus Riskware ( 0040eff71 ) 20140421
K7GW Riskware ( 0040eff71 ) 20140421
Kaspersky HEUR:Trojan.Win32.Generic 20140421
Kingsoft Win32.Heur.KVMF58.hy.(kcloud) 20140422
Malwarebytes Trojan.FakeMS.ED 20140422
McAfee PWS-Zbot.dx 20140422
McAfee-GW-Edition PWS-Zbot.dx 20140422
MicroWorld-eScan Trojan.Generic.8802964 20140422
Microsoft Worm:Win32/Cridex.E 20140422
NANO-Antivirus Virus.Win32.Gen.ccmw 20140422
Norman Troj_Generic.IVRXI 20140421
Panda Trj/Genetic.gen 20140421
Qihoo-360 HEUR/Malware.QVM20.Gen 20140422
Rising PE:Trojan.Undef!1.9A8B 20140421
Sophos W32/Cridex-BG 20140422
Symantec W32.Cridex 20140421
TheHacker Trojan/Kryptik.bbvy 20140421
TotalDefense Win32/Cridex.fCFdbcD 20140421
TrendMicro WORM_CRIDEX.GD 20140422
VBA32 Trojan.Bublik.ajnd 20140421
VIPRE Trojan.Win32.Cridex.aa (v) 20140422
ViRobot Trojan.Win32.S.Bublik.135168 20140422
nProtect Trojan/W32.Bublik.135168.N 20140421
AegisLab 20140422
ByteHero 20140422
CMC 20140421
ClamAV 20140422
Commtouch 20140422
F-Prot 20140422
Jiangmin 20140421
SUPERAntiSpyware 20140422
TrendMicro-HouseCall 20140422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name deskadp.dll
Internal name deskadp.dll
File version 6.0.6000.16386 (vista_rtm.061101-2205)
Description Advanced display adapter properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-25 05:44:05
Link date 6:44 AM 5/25/2002
Entry Point 0x00001B8C
Number of sections 3
PE sections
PE imports
InitializeCriticalSectionAndSpinCount
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetEnvironmentStringsW
GetModuleFileNameA
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
WideCharToMultiByte
GetStringTypeA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
lstrcpynA
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
IsValidCodePage
InterlockedDecrement
GetFileType
LeaveCriticalSection
InterlockedIncrement
Number of PE resources by type
RT_ICON 12
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.6000.16386

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
69632

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.0.6000.16386 (vista_rtm.061101-2205)

TimeStamp
2002:05:25 06:44:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
deskadp.dll

FileAccessDate
2014:04:22 03:58:54+01:00

ProductVersion
6.0.6000.16386

FileDescription
Advanced display adapter properties

OSVersion
4.0

FileCreateDate
2014:04:22 03:58:54+01:00

OriginalFilename
deskadp.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
94208

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.6000.16386

EntryPoint
0x1b8c

ObjectFileType
Dynamic link library

File identification
MD5 24d406ef41e9a4bc558e22bde0917cc5
SHA1 ee2bea54fae9eb4a482bae868ec5bd7db963a522
SHA256 3e40e6903716e0a59a898242161c55c2ca100e539a665a8634e101346ce289be
ssdeep
3072:Km0iwf0n51dQoYF/zxf3KOILo2Lf2KR4/:Km0YnT0F/zpqthR

imphash 4cca901f1e70cd51caab36d581ef1a31
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe mz

VirusTotal metadata
First submission 2013-03-18 19:06:56 UTC ( 1 year, 1 month ago )
Last submission 2013-03-31 10:55:37 UTC ( 1 year ago )
File names about.exe
pope.exe
KB00121097.exe
output.9833365.txt
KB00205349.exe
deskadp.dll
9833365
borrowingBH2.exe_
24d406ef41e9a4bc558e22bde0917cc5
file-5279198_bin
Copy of KB00883353.exe
readme.exe
about_16.exe
contacts.exe
info.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications