× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bd947973e8bd3571291c1fc8d54b9215d18c5996b14e9d5a86b3d046d0fc78e
File name: flttools.dlu
Detection ratio: 0 / 42
Analysis date: 2012-08-29 22:50:16 UTC ( 6 years, 7 months ago )
Antivirus Result Update
AhnLab-V3 20120829
AntiVir 20120829
Antiy-AVL 20120829
Avast 20120829
AVG 20120830
BitDefender 20120829
ByteHero 20120827
CAT-QuickHeal 20120829
ClamAV 20120828
Commtouch 20120829
Comodo 20120829
DrWeb 20120830
Emsisoft 20120830
eSafe 20120828
ESET-NOD32 20120829
F-Prot 20120829
F-Secure 20120830
Fortinet 20120830
GData 20120830
Ikarus 20120829
Jiangmin 20120829
K7AntiVirus 20120829
Kaspersky 20120829
McAfee 20120829
McAfee-GW-Edition 20120829
Microsoft 20120830
Norman 20120829
nProtect 20120829
Panda 20120829
PCTools 20120829
Rising 20120829
Sophos AV 20120829
SUPERAntiSpyware 20120829
Symantec 20120829
TheHacker 20120829
TotalDefense 20120829
TrendMicro 20120829
TrendMicro-HouseCall 20120829
VBA32 20120829
VIPRE 20120829
ViRobot 20120829
VirusBuster 20120829
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c)2005 Bluerock Technologies LLC

Publisher Autodesk, Inc.
Product 3ds Max
Original name FltTools.dlu
Internal name FltTools
File version 12.0.0.106
Description Flight Studio Tools utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-12 21:56:05
Entry Point 0x0002DE06
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetDeviceCaps
GetObjectA
GetCurrentObject
RectVisible
GetTextExtentPoint32A
CreateFontA
ExtTextOutA
TextOutA
CreateFontIndirectA
GetTextMetricsA
PtVisible
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
Escape
GetLastError
GetModuleFileNameW
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
OutputDebugStringA
GlobalUnlock
GetFileAttributesW
LoadLibraryA
GlobalSize
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
LoadLibraryW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
MulDiv
GetSystemTimeAsFileTime
lstrcpynA
GlobalLock
GetModuleHandleW
LocalFree
TerminateProcess
Sleep
GetCurrentThreadId
GetVersion
GetCurrentProcessId
SetLastError
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
_malloc_crt
_purecall
malloc
?what@exception@std@@UBEPBDXZ
memset
fclose
_time64
__dllonexit
_stricmp
strtoul
fopen
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtok
fwrite
_lock
qsort
_onexit
_encode_pointer
sprintf
_strdup
_initterm_e
_crt_debugger_hook
free
_except_handler3
_CxxThrowException
_itoa
_unlock
_adjust_fdiv
_CIsqrt
getenv
__CxxFrameHandler3
_except_handler4_common
atoi
vfprintf
atof
memcpy
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
memmove
_decode_pointer
??0exception@std@@QAE@ABQBD@Z
_localtime64_s
_encoded_null
__CppXcptFilter
??0exception@std@@QAE@XZ
_initterm
strftime
?NumParamMaps@ClassDesc2@@UAEHXZ
?NumParamBlockDescs@ClassDesc2@@UAEHXZ
?GetParamBlockDescByID@ClassDesc2@@UAEPAVParamBlockDesc2@@F@Z
?EndEditParams@ClassDesc2@@UAEXPAVIObjParam@@PAVReferenceMaker@@KPAVAnimatable@@@Z
?GetParamBlockDesc@ClassDesc2@@UAEPAVParamBlockDesc2@@H@Z
?AddParamBlockDesc@ClassDesc2@@UAEXPAVParamBlockDesc2@@@Z
?MakeAutoParamBlocks@ClassDesc2@@UAEXPAVReferenceMaker@@@Z
?ResetClassParams@ClassDesc2@@UAEXH@Z
?BeginEditParams@ClassDesc2@@UAEXPAVIObjParam@@PAVReferenceMaker@@KPAVAnimatable@@@Z
?SetUserDlgProc@ClassDesc2@@QAEXPAVParamBlockDesc2@@FPAVParamMap2UserDlgProc@@@Z
??1ClassDesc2@@UAE@XZ
?GetParamMap@ClassDesc2@@UAEPAVIParamMap2@@H@Z
?InvalidateUI@ClassDesc2@@UAEXPAVParamBlockDesc2@@@Z
??0ClassDesc2@@QAE@XZ
DrawEdge
GetParent
ReleaseDC
IntersectRect
SetCapture
OffsetRect
GetCapture
KillTimer
ClipCursor
DefWindowProcA
MessageBeep
LoadBitmapA
DrawTextExA
GetSystemMetrics
IsWindow
GetWindowRect
InflateRect
ScreenToClient
PostMessageA
ReleaseCapture
EnumChildWindows
GrayStringA
GetSysColor
GetDC
GetKeyState
GetCursorPos
DrawTextA
SystemParametersInfoA
GetDlgCtrlID
GetClassInfoA
IsWindowVisible
SendMessageA
GetClientRect
InvertRect
InvalidateRect
TabbedTextOutA
GetWindowLongA
SetTimer
LoadCursorA
GetDesktopWindow
GetFocus
EnableWindow
SetCursor
PtInRect
?RemoveAppDataChunk@Animatable@@QAEHVClass_ID@@KK@Z
?GetAppDataChunk@Animatable@@QAEPAVAppDataChunk@@VClass_ID@@KK@Z
?GetCheckBox@@YAHPAUHWND__@@H@Z
?RegisterNotification@@YAHP6AXPAXPAUNotifyInfo@@@Z0H@Z
?GetCOREInterface@@YAPAVFPInterface@@VInterface_ID@@@Z
?load_descriptor@FPInterfaceDesc@@IAEXVInterface_ID@@PADHPAVClassDesc@@G1@Z
?GetInterface@ClassDesc@@UAEPAVFPInterface@@VInterface_ID@@@Z
?GetInterface@ClassDesc@@UAEPAVFPInterface@@PAD@Z
?GetRsrcString@FPInterfaceDesc@@UAEPADH@Z
??1ObjectState@@QAE@XZ
??1DependentIterator@@QAE@XZ
?AddAppDataChunk@Animatable@@QAEXVClass_ID@@KKKPAX@Z
?GetRsrcString@ClassDesc@@UAEPADH@Z
?Invoke@FPInterface@@UAEHFHAAVFPValue@@PAVFPParams@@@Z
??0FPInterfaceDesc@@QAE@XZ
?IsChecked@FPInterface@@UAEHF@Z
?GetCustAttribContainer@Animatable@@QAEPAVICustAttribContainer@@XZ
?EnableAccelerators@@YAXXZ
?HInstance@FPInterfaceDesc@@UAEPAUHINSTANCE__@@XZ
?GetIsEnabled@FPInterface@@UAEFF@Z
?SetCheckBox@@YAXPAUHWND__@@HH@Z
?IsEnabled@FPInterface@@UAEHF@Z
?UnRegisterNotification@@YAHP6AXPAXPAUNotifyInfo@@@Z0H@Z
??0ObjectState@@QAE@ABV0@@Z
?CreateInstance@@YAPAXKVClass_ID@@@Z
?Invoke@FPInterface@@UAEHFHPAVFPParams@@@Z
?Next@DependentIterator@@QAEPAVReferenceMaker@@XZ
?AllocCustAttribContainer@Animatable@@QAEXXZ
??0DummyObject@@QAE@XZ
?DisableAccelerators@@YAXXZ
?GetCOREInterface@@YAPAVInterface@@XZ
?AddInterface@ClassDesc@@UAEXPAVFPInterface@@@Z
?EnableActions@FPInterfaceDesc@@UAEXH@Z
?IsVisible@FPInterface@@UAEHF@Z
?FindFn@FPInterface@@UAEFPAD@Z
?Loadva@FPValue@@QAEPADHPAD_N@Z
?GetIsVisible@FPInterface@@UAEFF@Z
??1FPInterfaceDesc@@UAE@XZ
??0DependentIterator@@QAE@PAVReferenceTarget@@@Z
?GetIsChecked@FPInterface@@UAEFF@Z
?IdentityMatrix@Matrix3@@QAEXXZ
??4CStr@@QAEAAV0@PBD@Z
??1CStr@@QAE@XZ
??3MaxHeapOperators@@SAXPAX@Z
??2MaxHeapOperators@@SAPAXI@Z
??0CStr@@QAE@PBD@Z
??BCStr@@QAEPADXZ
?GetInterface@BaseInterface@@UAEPAV1@VInterface_ID@@@Z
MAX_malloc
?TBSetCount@@YAXPAPAUTabHdr@@HHH@Z
??0CStr@@QAE@XZ
?zfree@@YAXPAPAX@Z
Ord(4333)
Ord(6802)
Ord(6048)
Ord(4589)
Ord(2539)
Ord(1603)
Ord(6201)
Ord(4668)
Ord(595)
Ord(5668)
Ord(1709)
Ord(4506)
Ord(1046)
Ord(2152)
Ord(1791)
Ord(2273)
Ord(1752)
Ord(4199)
Ord(3126)
Ord(525)
Ord(5608)
Ord(4646)
Ord(367)
Ord(963)
Ord(3277)
Ord(4431)
Ord(3141)
Ord(1767)
Ord(5533)
Ord(321)
Ord(1668)
Ord(4638)
Ord(1446)
Ord(6781)
Ord(1254)
Ord(3477)
Ord(481)
Ord(6527)
Ord(5833)
Ord(5139)
Ord(4714)
Ord(5372)
Ord(2625)
Ord(1681)
Ord(5109)
Ord(1536)
Ord(391)
Ord(4807)
Ord(316)
Ord(4159)
Ord(2277)
Ord(4529)
Ord(5615)
Ord(6710)
Ord(6057)
Ord(3485)
Ord(2592)
Ord(4256)
Ord(4026)
Ord(945)
Ord(3732)
Ord(4160)
Ord(3654)
Ord(4116)
Ord(6552)
Ord(2360)
Ord(1937)
Ord(4396)
Ord(300)
Ord(3612)
Ord(967)
Ord(5497)
Ord(4981)
Ord(453)
Ord(1728)
Ord(1809)
Ord(2618)
Ord(2607)
Ord(6791)
Ord(2251)
Ord(1258)
Ord(1378)
Ord(1061)
Ord(6113)
Ord(266)
Ord(1698)
Ord(1183)
Ord(6782)
Ord(5309)
Ord(1691)
Ord(2635)
Ord(1075)
Ord(3676)
Ord(6291)
Ord(436)
Ord(6398)
Ord(3534)
Ord(2074)
Ord(2481)
Ord(3506)
Ord(4030)
Ord(5327)
Ord(2470)
Ord(5657)
Ord(3107)
Ord(2753)
Ord(1604)
Ord(941)
Ord(5659)
Ord(2372)
Ord(5761)
Ord(3738)
Ord(2961)
Ord(4667)
Ord(4165)
Ord(6074)
Ord(2084)
Ord(4115)
Ord(636)
Ord(589)
Ord(3344)
Ord(1792)
Ord(6388)
Ord(1243)
Ord(1087)
Ord(1278)
Ord(1644)
Ord(1358)
Ord(3135)
Ord(3209)
Ord(6166)
Ord(4157)
Ord(4392)
Ord(2279)
Ord(817)
Ord(1357)
Ord(744)
Ord(322)
Ord(2698)
Ord(5389)
Ord(796)
Ord(3674)
Ord(5957)
Ord(2614)
Ord(5808)
Ord(480)
Ord(1810)
Ord(1137)
Ord(6721)
Ord(265)
Ord(6473)
Ord(791)
Ord(5828)
Ord(2469)
Ord(3931)
Ord(5633)
Ord(6446)
Ord(2766)
Ord(6329)
Ord(4993)
Ord(4067)
Ord(3578)
Ord(2691)
Ord(4331)
Ord(3659)
Ord(1720)
Ord(2368)
Ord(3783)
Ord(958)
Ord(2566)
Ord(5835)
Ord(798)
Ord(6078)
Ord(3049)
Ord(5646)
Ord(1605)
Ord(5813)
Ord(1938)
Ord(2896)
Ord(5666)
Ord(587)
Ord(692)
Ord(569)
Ord(6170)
Ord(590)
Ord(6546)
Ord(2206)
Ord(1275)
Ord(2978)
Ord(3153)
Ord(4292)
Ord(615)
Ord(6084)
Ord(1233)
Ord(1497)
Ord(2610)
Ord(6391)
Ord(1670)
Ord(2105)
Ord(777)
Ord(4409)
Ord(3478)
Ord(5636)
Ord(2612)
Ord(5965)
Ord(6783)
Ord(770)
Ord(1252)
Ord(5750)
Ord(2620)
Ord(6043)
Ord(2283)
Ord(3671)
Ord(2069)
Ord(6549)
Ord(3487)
Ord(2633)
Ord(801)
Ord(5846)
Ord(3110)
Ord(2886)
Ord(4496)
Ord(2888)
Ord(3519)
Ord(2087)
Ord(2197)
Ord(6554)
Ord(4334)
Ord(1241)
Ord(6771)
Ord(1369)
Ord(5663)
Ord(605)
Ord(4568)
Ord(2208)
Ord(611)
Ord(4640)
Ord(6356)
Ord(6157)
Ord(1424)
Ord(3643)
Ord(4688)
Ord(2274)
Ord(2139)
Ord(1268)
Ord(4733)
Ord(6797)
Ord(1220)
Ord(4434)
Ord(3553)
Ord(3579)
Ord(4029)
Ord(790)
Ord(820)
Ord(6495)
Ord(6559)
Ord(2327)
Ord(3159)
Ord(4444)
Ord(1186)
Ord(5152)
Ord(1108)
Ord(4066)
Ord(3940)
Ord(6018)
Ord(2375)
Ord(3480)
Ord(2590)
Ord(6475)
Ord(6079)
Ord(2899)
Ord(5647)
Ord(2588)
Ord(729)
Ord(3273)
Ord(639)
Ord(6584)
Ord(2587)
Ord(6352)
Ord(965)
Ord(6023)
Ord(2628)
Ord(4565)
Ord(1152)
Ord(524)
Ord(1678)
Ord(654)
Ord(601)
Ord(3218)
Ord(2605)
Ord(3178)
Ord(1496)
Ord(1145)
Ord(4617)
Ord(4890)
Ord(2106)
Ord(794)
Ord(6780)
Ord(5307)
Ord(2623)
Ord(4386)
Ord(711)
Ord(3528)
Ord(2630)
Ord(800)
Ord(3726)
Ord(969)
Ord(1755)
Ord(5585)
Ord(4497)
Ord(1387)
Ord(4527)
Ord(3504)
Ord(6001)
Ord(3346)
Ord(4337)
Ord(4502)
Ord(910)
Ord(374)
Ord(4057)
Ord(310)
Ord(1247)
Ord(1277)
Ord(1729)
Ord(1492)
Ord(6046)
Ord(4650)
Ord(4643)
Ord(702)
Ord(2616)
Ord(463)
Ord(6784)
Ord(3980)
Ord(1259)
Ord(2759)
Ord(2103)
Ord(793)
Ord(1180)
Ord(6492)
Ord(2769)
Ord(3987)
Ord(5756)
Ord(2356)
Ord(491)
Ord(4895)
PE exports
Number of PE resources by type
RT_BITMAP 56
RT_DIALOG 4
RT_STRING 3
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 65
ExifTool file metadata
LegalTrademarks
Discreet, Autodesk, Inc., Kinetix, 3D Studio MAX, Autodesk VIZ, Biped, Character Studio, Heidi, Kinetix, Physique, plasma, 3ds max, DWG Unplugged, FLI, FLIC, and DXF are either registered trademarks or trademarks of Discreet Logic Inc./Autodesk, Inc.

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

PrivateBuildData
Renoir with PDBs MAX_R106_RL 03-12-2009 16:38

FileVersionNumber
12.0.0.106

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Flight Studio Tools utility

CharacterSet
Unicode

InitializedDataSize
476672

FileOS
Windows NT 32-bit

FileSubtype
0

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005 Bluerock Technologies LLC

FileVersion
12.0.0.106

TimeStamp
2009:03:12 14:56:05-07:00

FileType
Win32 DLL

PEType
PE32

InternalName
FltTools

ProductVersion
12.0.0.106

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
FltTools.dlu

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Autodesk, Inc.

CodeSize
214016

ProductName
3ds Max

ProductVersionNumber
12.0.0.106

EntryPoint
0x2de06

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 f95eb3772752365af54f79aab425f4bf
SHA1 1e6f43e7992d0ac443824a673f3dcbf4bff1a1a7
SHA256 4bd947973e8bd3571291c1fc8d54b9215d18c5996b14e9d5a86b3d046d0fc78e
ssdeep
12288:yt/F9xERL0ER0VLzOb6ZNgmEeu6Kw33NWMOOOtC88o:ylPxE+ER0V53NWMOOOp

File size 675.5 KB ( 691712 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission UTC ( ago )
Last submission UTC ( ago )
File names flttools.dlu
FltTools.dlu
FltTools
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!