× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44890ce30a918f19f38784b7155afabbc401227bfe51348c82b73c0c7140913e
File name: clpaXgkk.dll
Detection ratio: 12 / 55
Analysis date: 2015-07-02 16:49:04 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Yandex PUA.Toolbar.Montiera! 20150630
Antiy-AVL RiskWare[WebToolbar:not-a-virus]/Win32.Montiera 20150702
Avast Win32:Dropper-gen [Drp] 20150702
Avira (no cloud) PUA/Montiera.Gen4 20150702
Baidu-International PUA.Win32.Montiera.cras 20150702
ESET-NOD32 a variant of Win32/Toolbar.Montiera.AD potentially unwanted 20150702
K7AntiVirus Adware ( 004c3e5e1 ) 20150702
K7GW Adware ( 004c3e5e1 ) 20150702
Kaspersky not-a-virus:WebToolbar.Win32.Montiera.bk 20150702
NANO-Antivirus Riskware.Win32.Montiera.dstakw 20150702
Panda Trj/Genetic.gen 20150702
Zillya Adware.Montiera.Win32.33 20150702
Ad-Aware 20150702
AegisLab 20150702
AhnLab-V3 20150702
Alibaba 20150630
ALYac 20150702
Arcabit 20150630
AVG 20150702
AVware 20150702
BitDefender 20150702
Bkav 20150702
ByteHero 20150702
CAT-QuickHeal 20150701
ClamAV 20150702
Comodo 20150702
Cyren 20150702
DrWeb 20150702
Emsisoft 20150702
F-Prot 20150702
F-Secure 20150702
Fortinet 20150702
GData 20150702
Ikarus 20150702
Jiangmin 20150701
Kingsoft 20150702
Malwarebytes 20150702
McAfee 20150702
McAfee-GW-Edition 20150702
Microsoft 20150702
eScan 20150702
nProtect 20150702
Qihoo-360 20150702
Rising 20150702
Sophos AV 20150702
SUPERAntiSpyware 20150702
Symantec 20150702
Tencent 20150702
TheHacker 20150702
TrendMicro 20150702
TrendMicro-HouseCall 20150702
VBA32 20150702
VIPRE 20150702
ViRobot 20150702
Zoner 20150702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-01 14:50:51
Entry Point 0x0001D276
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
InterlockedPopEntrySList
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
OpenProcess
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
AccessibleObjectFromWindow
MapVirtualKeyA
GetForegroundWindow
RegisterWindowMessageA
SendInput
KillTimer
GetClassInfoExA
VkKeyScanExA
DefWindowProcA
GetWindowThreadProcessId
IsWindow
GetWindowRect
PostMessageA
CallWindowProcA
SetWindowLongA
LoadKeyboardLayoutA
RegisterClassExA
UnregisterClassA
IsWindowVisible
SendMessageA
SetTimer
CharLowerBuffA
ClientToScreen
RealGetWindowClassA
CallNextHookEx
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LockWindowUpdate
GetClassNameA
GetWindowTextA
GetKeyState
DestroyWindow
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:01 15:50:51+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
206848

LinkerVersion
10.0

FileTypeExtension
dll

InitializedDataSize
69120

SubsystemVersion
5.1

EntryPoint
0x1d276

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 161895967a2e0f43d9de7529029c7e8c
SHA1 c3fab1e7efaeefc12ef0d0a9713c08a688ae6c56
SHA256 44890ce30a918f19f38784b7155afabbc401227bfe51348c82b73c0c7140913e
ssdeep
6144:7pGWpqF2WppfuxOjhDBTI76fRyZHOdq2Ts/hTH3dI:tGRF222MhD+76fRyZHOdq2TETHtI

authentihash fe6e5e75acc805b491f0bb402209e22b252e17bd1fe883b45cfee142ba5439c0
imphash e8c44473d3b097720b114d0de21ff391
File size 270.5 KB ( 276992 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-07-02 16:49:04 UTC ( 2 years, 5 months ago )
Last submission 2015-07-06 13:17:10 UTC ( 2 years, 5 months ago )
File names FST9.xls
clpaXgkk.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!