× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f9cb7f1e3c3e10bcc6393175b6b38b9560132bebfc96dca82c26de2215dcb27
File name: 0B16EDBC0078EBE2C2B7056831A979003417F20B.exe
Detection ratio: 23 / 43
Analysis date: 2010-09-14 21:15:51 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
AVG SHeur3.AZJA 20100914
AhnLab-V3 Downloader/Win32.Mufanom 20100914
AntiVir TR/Dldr.Mufanom.aevb 20100914
Avast Win32:Rootkit-gen 20100914
Avast5 Win32:Rootkit-gen 20100914
BitDefender Gen:Variant.Kazy.346 20100914
DrWeb Trojan.DownLoader1.21302 20100914
Emsisoft Trojan-Downloader.Win32.Mufanom!IK 20100914
F-Secure Gen:Variant.Kazy.346 20100914
GData Gen:Variant.Kazy.346 20100914
Ikarus Trojan-Downloader.Win32.Mufanom 20100914
Kaspersky Trojan-Downloader.Win32.Mufanom.aevb 20100914
McAfee Artemis!A06E417B9743 20100914
McAfee-GW-Edition Artemis!A06E417B9743 20100914
Microsoft Trojan:Win32/Hiloti 20100914
NOD32 a variant of Win32/Kryptik.GSL 20100914
Panda Suspicious file 20100914
Prevx Medium Risk Malware 20100914
Sophos Sus/UnkPack-C 20100914
Sunbelt Trojan.Win32.Hiloti.aa (v) 20100914
TheHacker Trojan/Downloader.Mufanom.aevb 20100914
VBA32 Bscope.Malware-Cryptor.Tip 20100914
nProtect Gen:Variant.Kazy.346 20100914
Antiy-AVL 20100914
Authentium 20100914
CAT-QuickHeal 20100914
ClamAV 20100914
Comodo 20100914
F-Prot 20100914
Fortinet 20100913
Jiangmin 20100914
K7AntiVirus 20100914
Norman 20100914
PCTools 20100914
Rising 20100914
SUPERAntiSpyware 20100914
Symantec 20100914
TrendMicro 20100914
TrendMicro-HouseCall 20100914
ViRobot 20100914
VirusBuster 20100914
eSafe 20100914
eTrust-Vet 20100914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright(c) RealNetworks, Inc. 1995-2003. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. You may obtain source code at http://www.helixcommunity.org/.

Product RealAudio 8, Sony ATRAC3 audio codec
Original name atrc3260.dll
Internal name atrc3260
File version 6.0.1.1536
Description Sony ATRAC3 Audio Codec for RealAudio 8(tm)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-08 19:03:58
Link date 8:03 PM 3/8/2009
Entry Point 0x0000AC18
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
TerminateThread
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
DisableThreadLibraryCalls
GetVersionExA
RtlUnwind
GetACP
GetStartupInfoA
GetPriorityClass
SizeofResource
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
SetStdHandle
GetFileTime
SetFilePointer
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
ExitThread
HeapReAlloc
CreateConsoleScreenBuffer
GetProcessAffinityMask
HeapCreate
FindClose
WriteConsoleW
ExitProcess
SetLastError
RegGetKeySecurity
ConvertAccessToSecurityDescriptorW
BuildExplicitAccessWithNameW
GetSecurityDescriptorOwner
BackupEventLogW
IsValidSecurityDescriptor
RegOpenUserClassesRoot
InitMUILanguage
FlatSB_SetScrollProp
OleCreateFontIndirect
OleIconToCursor
EnumerateSecurityPackagesW
AddSecurityPackageA
EnumerateSecurityPackagesA
AddSecurityPackageW
DrawTextA
GetWindowRect
EnableWindow
GetSysColorBrush
KillTimer
GetDlgItem
DialogBoxIndirectParamA
InvalidateRgn
IsDialogMessageA
RemoveMenu
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
5.12

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.1.1536

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Sony ATRAC3 Audio Codec for RealAudio 8(tm)

LibraryType
RACodecHelper

CharacterSet
Windows, Latin1

InitializedDataSize
151552

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright(c) RealNetworks, Inc. 1995-2003. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. You may obtain source code at http://www.helixcommunity.org/.

FileVersion
6.0.1.1536

TimeStamp
2009:03:08 20:03:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
atrc3260

FileAccessDate
2014:07:11 01:58:20+01:00

ProductVersion
6.0.1.1536

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:07:11 01:58:20+01:00

OriginalFilename
atrc3260.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
233472

ProductName
RealAudio 8, Sony ATRAC3 audio codec

ProductVersionNumber
6.0.1.1536

EntryPoint
0xac18

ObjectFileType
Unknown

File identification
MD5 a06e417b9743e65bbb9ace16d6d3a65f
SHA1 ac283e4549a8ecf34d32710c45f9245b6a03e587
SHA256 4f9cb7f1e3c3e10bcc6393175b6b38b9560132bebfc96dca82c26de2215dcb27
ssdeep
6144:iF4YXWIetQEL9pebaHBvXsaYLD3xnupanTY1ZTUdl4jSv:iF4JIqab4ErpnB0zUYw

imphash b9f68ffa5776ce4509c93eab56f2d7ee
File size 368.5 KB ( 377344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-09-12 20:53:29 UTC ( 3 years, 10 months ago )
Last submission 2010-09-14 21:15:51 UTC ( 3 years, 10 months ago )
File names atrc3260.dll
atrc3260
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests