× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
File name: msg.gsm
Detection ratio: 0 / 46
Analysis date: 2013-01-17 09:20:36 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AVG 20130117
Agnitum 20130116
AhnLab-V3 20130117
AntiVir 20130117
Antiy-AVL 20130116
Avast 20130117
BitDefender 20130117
ByteHero 20130116
CAT-QuickHeal 20130117
ClamAV 20130117
Commtouch 20130117
Comodo 20130117
DrWeb 20130117
ESET-NOD32 20130116
Emsisoft 20130117
F-Prot 20130117
F-Secure 20130117
Fortinet 20130117
GData 20130117
Ikarus 20130117
Jiangmin 20121221
K7AntiVirus 20130117
Kaspersky 20130117
Kingsoft 20130115
Malwarebytes 20130117
McAfee 20130117
McAfee-GW-Edition 20130117
MicroWorld-eScan 20130117
Microsoft 20130117
NANO-Antivirus 20130117
Norman 20130116
PCTools 20130117
Panda 20130116
Rising 20130117
SUPERAntiSpyware 20130117
Sophos 20130117
Symantec 20130117
TheHacker 20130117
TotalDefense 20130117
TrendMicro 20130117
TrendMicro-HouseCall 20130117
VBA32 20130116
VIPRE 20130117
ViRobot 20130117
eSafe 20130116
nProtect 20130116
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-12 13:19:54
Link date 2:19 PM 1/12/2013
Entry Point 0x0003B31E
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetPixel
GetSystemTime
GetLastError
HeapFree
EnterCriticalSection
AreFileApisANSI
ReadFile
TerminateThread
lstrlenA
LoadLibraryW
WaitForSingleObject
LoadLibraryA
SetEvent
SetEndOfFile
GetTickCount
GetVersionExA
FlushFileBuffers
lstrcmpiW
LockFile
lstrlenW
DeleteCriticalSection
UnlockFile
GetFileSize
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
lstrcatW
lstrcpyA
GetProcessHeap
GetTempPathA
CreateMutexA
lstrcpyW
GetFullPathNameW
LockFileEx
CreateThread
GetFileAttributesA
SetFilePointer
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
lstrcmpW
GetDiskFreeSpaceA
WaitForMultipleObjects
GetFullPathNameA
FreeLibrary
GetFileAttributesW
QueryPerformanceCounter
InitializeCriticalSection
WriteFile
CreateFileW
CreateEventA
FindClose
InterlockedDecrement
Sleep
FormatMessageA
SetFileAttributesW
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetProcAddress
GetCurrentProcessId
SetLastError
InterlockedIncrement
SysFreeString
SysStringLen
SysAllocString
SHBindToParent
SHGetFolderPathW
SHParseDisplayName
StrRChrW
StrStrW
GetMessageA
MapVirtualKeyA
PostQuitMessage
FindWindowW
keybd_event
KillTimer
RegisterWindowMessageA
DefWindowProcA
FindWindowA
GetLastInputInfo
GetWindowRect
DispatchMessageA
PostMessageA
GetWindowDC
TranslateMessage
ReleaseDC
UnregisterClassA
IsWindowVisible
SendMessageA
CreateWindowExA
RegisterClassA
wsprintfA
FindWindowExA
SetTimer
SendMessageTimeoutA
FindWindowExW
wsprintfW
DestroyWindow
HttpSendRequestA
InternetSetOptionA
InternetConnectW
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
HttpOpenRequestW
strncmp
malloc
strstr
memmove
??2@YAPAXI@Z
realloc
memset
??3@YAXPAX@Z
free
_ftol2
_ftol2_sse
atoi
strrchr
memcpy
_wtoi
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:12 14:19:54+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
239616

LinkerVersion
10.0

FileAccessDate
2014:03:06 10:31:57+01:00

EntryPoint
0x3b31e

InitializedDataSize
45568

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:03:06 10:31:57+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 8fbeb78b06985c3188562e2f1b82d57d
SHA1 b87948722e04fa3edda45303d20c745a6301e567
SHA256 4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
ssdeep
6144:g0SDGz306NZEoa0m6oA7UQ3TzUUtlR3Lr30SLH7O/I9GtzCAdIcjt5cQZ4dwk:C6NZBu5AlDrtlR7r3pH6CAuEtudw

imphash d42994f3567105f497515f6e78b08aed
File size 278.0 KB ( 284672 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2013-01-17 09:20:36 UTC ( 1 year, 3 months ago )
Last submission 2013-10-03 21:15:56 UTC ( 6 months, 3 weeks ago )
File names shylock-skype.exe
8fbeb78b06985c3188562e2f1b8
f
Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D
8fbeb78b06985c3188562e2f1b82d57d
file-5030647_dll
b87948722e04fa3edda45303d20c745a6301e567
b87948722e04fa3edda45303d20c745a6301e567_dll.dl
vti-rescan
4bd97130a89c2f9080259d8e87d8d713a23fd0e4336eabb0bf47a44d700ec842
shylock-skype.dll
8fbeb78b06985c3188562e2f1b82d57d
msg.gsm
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!