× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48bc6c0df3302f7eaa6061c4f3b0357b4c512d5bd6f6088abc6fc274f2efc5aa
File name: fputlsat.dll
Detection ratio: 50 / 66
Analysis date: 2018-11-10 05:29:32 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.8602537 20181110
AegisLab Trojan.Win32.Agent.b!c 20181110
AhnLab-V3 Win-Trojan/Activehijack.126976 20181109
ALYac Trojan.Activehijack 20181110
Antiy-AVL Trojan[Dropper]/Win32.Agent 20181110
Arcabit Trojan.Generic.D8343A9 20181110
Avast FileRepMetagen [Malware] 20181110
AVG FileRepMetagen [Malware] 20181110
Avira (no cloud) TR/Drop.Kaliox.A 20181110
BitDefender Trojan.Generic.8602537 20181110
Bkav W32.PisongasU.Trojan 20181110
CAT-QuickHeal Trojan.IGENERIC 20181108
ClamAV Win.Exploit.Doc-4 20181109
Cylance Unsafe 20181110
Cyren W32/Trojan.YMZB-1441 20181110
DrWeb Trojan.MulDrop3.34467 20181110
Emsisoft Trojan.Generic.8602537 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/TrojanDropper.Agent.PRG 20181110
F-Secure Trojan.Generic.8602537 20181110
Fortinet W32/Agent.PRG!tr 20181110
GData Trojan.Generic.8602537 20181110
Ikarus Trojan-Dropper.Agent 20181109
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 00532b271 ) 20181109
K7GW Trojan ( 00532b271 ) 20181109
Kaspersky Trojan-Dropper.Win32.Agent.gjnt 20181110
MAX malware (ai score=99) 20181110
McAfee Generic Dropper.p 20181110
McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20181110
Microsoft TrojanDropper:Win32/Kaliox.A 20181110
eScan Trojan.Generic.8602537 20181110
NANO-Antivirus Trojan.Win32.Agent.mwgqh 20181110
Panda Generic Suspicious 20181109
Qihoo-360 Win32/Trojan.e53 20181110
Rising Dropper.Kaliox!8.DC5D (TFE:5:axMavNFnu1P) 20181110
Sophos AV Troj/Spy-YL 20181110
Symantec Trojan.Dropper 20181109
TACHYON Trojan-Dropper/W32.Agent.126976.CS 20181110
Tencent Win32.Trojan-dropper.Agent.Wjry 20181110
TotalDefense Win32/CVE-2011-1980!exploit 20181109
TrendMicro TROJ_MULDROP.IC 20181110
TrendMicro-HouseCall TROJ_MULDROP.IC 20181110
VBA32 TrojanDropper.Agent 20181109
VIPRE Trojan.Win32.Generic!BT 20181109
ViRobot Trojan.Win32.Activehijack.126976 20181109
Webroot W32.Malware.Gen 20181110
Yandex Trojan.DR.Agent!ly6ZRARwo6A 20181109
Zillya Dropper.Agent.Win32.99555 20181109
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.gjnt 20181110
Alibaba 20180921
Avast-Mobile 20181109
Babable 20180918
Baidu 20181109
CMC 20181110
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
F-Prot 20181110
Jiangmin 20181110
Kingsoft 20181110
Malwarebytes 20181110
Palo Alto Networks (Known Signatures) 20181110
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TheHacker 20181108
Trustlook 20181110
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(C) Microsoft Corporation 2003. All rights reserved.

Product FP40CUTL.DLL
Original name FP40CUTL
Internal name FP40CUTL
File version 11.0.5510.0
Description Microsoft Office FrontPage Client Utility Library
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-12 08:26:18
Entry Point 0x00001577
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
MoveFileExA
GetCPInfo
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
MoveFileA
TerminateProcess
CreateProcessA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
StrStrIA
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
114688

ImageVersion
0.0

ProductName
FP40CUTL.DLL

FileVersionNumber
11.0.0.0

UninitializedDataSize
0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
dll

OriginalFileName
FP40CUTL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.5510.0

TimeStamp
2012:01:12 09:26:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
FP40CUTL

ProductVersion
11, 0, 0, 0

FileDescription
Microsoft Office FrontPage Client Utility Library

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright(C) Microsoft Corporation 2003. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
12800

FileSubtype
0

ProductVersionNumber
11.0.0.0

EntryPoint
0x1577

ObjectFileType
Dynamic link library

File identification
MD5 60068812b59e58d6338aaebd649f9020
SHA1 8f86b7fcaf0c1ee9b795fa8e559def47ef468128
SHA256 48bc6c0df3302f7eaa6061c4f3b0357b4c512d5bd6f6088abc6fc274f2efc5aa
ssdeep
1536:uxTR0LwL1lt9d2Q/Sw4wqt4oo0I+peeyCKd8nU17JEzktn0+vslCjoQ7O:uJDt90uSwlqa+IucCrU1a8nFseL

authentihash fe4c4a849f3f87bef811e817991675577ea48cdae88b33128a2d486e2f3450c8
imphash bb7ff4725cf79961f6f5c60f927b2a3d
File size 124.0 KB ( 126976 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
cve-2011-1980 exploit armadillo pedll

VirusTotal metadata
First submission 2012-01-16 05:26:09 UTC ( 7 years, 4 months ago )
Last submission 2018-11-10 05:29:32 UTC ( 6 months, 2 weeks ago )
File names bAQz.html
WuoyCt7K.inf
Thumbs.db
fputlsat.dll
8f86b7fcaf0c1ee9b795fa8e559def47ef468128.bin
60068812b59e58d6338aaebd649f9020
file-3830967_
FP40CUTL
60068812b59e58d6338aaebd649f9020.virus
fputlsat.dll
smona_48bc6c0df3302f7eaa6061c4f3b0357b4c512d5bd6f6088abc6fc274f2efc5aa.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!