× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2
Detection ratio: 3 / 34
Analysis date: 2008-08-10 17:15:32 UTC ( 6 years, 9 months ago ) View latest
Antivirus Result Update
F-Secure Trojan-PSW.Win32.LdPinch.spe -
Kaspersky Trojan-PSW.Win32.LdPinch.spe -
Prevx1 Heuristic: Suspicious File With Covert Attributes -
AVG -
AhnLab-V3 -
AntiVir -
Authentium -
Avast -
BitDefender -
CAT-QuickHeal -
ClamAV -
DrWeb -
Ewido -
F-Prot -
FileAdvisor -
Fortinet -
Ikarus -
McAfee -
Microsoft -
NOD32v2 -
Norman -
Panda -
PandaBeta -
Rising -
SAVMail -
Sophos -
Sunbelt -
Symantec -
TheHacker -
VBA32 -
VirusBuster -
Webwasher-Gateway -
eSafe -
eTrust-Vet -
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-24 06:16:52
Link date 7:16 AM 1/24/2008
Entry Point 0x00045857
Number of sections 9
PE sections
PE imports
CreateDCA
DeleteDC
SelectObject
CreatePalette
CreateDIBitmap
SelectPalette
BitBlt
CreateCompatibleDC
DeleteObject
RealizePalette
GlobalGetAtomNameW
InitializeCriticalSection
GetShortPathNameW
EnterCriticalSection
GlobalDeleteAtom
ReleaseMutex
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
GlobalGetAtomNameA
GetVersionExA
VirtualProtect
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
CreateProcessW
GetStartupInfoA
SetThreadPriority
GetFileSize
WriteProcessMemory
VirtualQueryEx
ContinueDebugEvent
GetCommandLineW
CreateThread
ExitProcess
GetStartupInfoW
ReadProcessMemory
GetCommandLineA
GlobalLock
GetThreadContext
GetCurrentThread
OpenMutexA
SuspendThread
CreateMutexA
VirtualProtectEx
GlobalAddAtomW
WideCharToMultiByte
MapViewOfFile
WaitForDebugEvent
GetModuleHandleA
ReadFile
GlobalAddAtomA
GetCurrentProcess
FindFirstFileA
CloseHandle
FreeConsole
CreateFileMappingA
FindFirstFileW
DuplicateHandle
GetProcAddress
SetEnvironmentVariableA
SetThreadContext
GetLastError
ResumeThread
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
DebugActiveProcess
FindClose
Sleep
IsBadReadPtr
CreateFileA
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
malloc
memset
wcschr
strcat
_stricmp
strlen
strncpy
_except_handler3
??2@YAPAXI@Z
wcslen
exit
sprintf
memcmp
strrchr
wcsrchr
_adjust_fdiv
strchr
_wcsicmp
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
wcsncpy
??3@YAXPAX@Z
free
atoi
calloc
memcpy
memmove
wcscpy
strcpy
time
_initterm
vsprintf
SHGetSpecialFolderPathA
PathFileExistsA
GetMessageA
UpdateWindow
SetPropA
BeginPaint
CreateWindowExA
EnumWindows
CreateDialogIndirectParamA
KillTimer
ShowWindow
DefWindowProcA
FindWindowA
GetPropA
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
IsWindow
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
PostMessageW
GetAsyncKeyState
SetWindowTextA
SendMessageW
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
UnpackDDElParam
GetDlgItem
PackDDElParam
RegisterClassA
InSendMessage
SetTimer
LoadCursorA
EnumThreadWindows
WaitForInputIdle
GetDesktopWindow
IsWindowUnicode
CreateWindowExW
DestroyWindow
PR_AtomicIncrement
NS_GetServiceManager
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:01:24 07:16:52+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
286720

LinkerVersion
83.82

EntryPoint
0x45857

InitializedDataSize
344064

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d4f57ce7d0429d46d761c1eea4181ad0
SHA1 bb2cd30f47d219c52f12201edc5a638c589e7c30
SHA256 3f32a9c80dc0c015a097df2c295eb4ced791f1de001bf1dd13e9f4ee88dd7af2
ssdeep
6144:+wC9LeRm0pR2wYCjTKXt0rYR3EF2BqYhA6H1EiHxz82bYjkf:+HtimKR2wYCjTKQ2Bq6C5eYwf

authentihash 360016b24a8aec80573a51abdcd24474054fa368f39448e5665df5a5aaea3f04
imphash 0f3c5bf4d1bab5d89edf430a8d17b855
File size 620.0 KB ( 634880 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows Screen Saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
pedll

VirusTotal metadata
First submission 2008-04-16 00:46:50 UTC ( 7 years, 1 month ago )
Last submission 2014-11-22 10:25:32 UTC ( 6 months, 1 week ago )
File names nsCatcher.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!