× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5544f34227144bad1913ded07376711b1363a4e2462c7a48c85ecf18ed7a68e2
Detection ratio: 0 / 42
Analysis date: 2012-09-17 09:50:32 UTC ( 6 years, 4 months ago )
Antivirus Result Update
AhnLab-V3 20120917
AntiVir 20120916
Antiy-AVL 20120911
Avast 20120917
AVG 20120916
BitDefender 20120917
ByteHero 20120917
CAT-QuickHeal 20120917
ClamAV 20120917
Commtouch 20120917
Comodo 20120916
DrWeb 20120917
Emsisoft 20120917
eSafe 20120914
ESET-NOD32 20120916
F-Prot 20120916
F-Secure 20120917
Fortinet 20120830
GData 20120917
Ikarus 20120917
Jiangmin 20120917
K7AntiVirus 20120915
Kaspersky 20120917
McAfee 20120917
McAfee-GW-Edition 20120917
Microsoft 20120917
Norman 20120916
nProtect 20120916
Panda 20120916
PCTools 20120917
Rising 20120917
Sophos AV 20120917
SUPERAntiSpyware 20120911
Symantec 20120917
TheHacker 20120917
TotalDefense 20120916
TrendMicro 20120917
TrendMicro-HouseCall 20120917
VBA32 20120914
VIPRE 20120917
ViRobot 20120917
VirusBuster 20120916
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-01-21 19:42:59
Entry Point 0x00044EA9
Number of sections 5
PE sections
PE imports
GetObjectA
SetBitmapBits
CreateDIBSection
GetBitmapBits
GetDIBits
LoadLibraryA
GlobalAlloc
FreeLibrary
GetCurrentDirectoryA
GetModuleFileNameA
GetProcAddress
SetCurrentDirectoryA
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0_Lockit@std@@QAE@XZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1out_of_range@std@@UAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0out_of_range@std@@QAE@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_7out_of_range@std@@6B@
_purecall
strncmp
malloc
abort
sscanf
??0exception@@QAE@ABV0@@Z
realloc
memset
fclose
strcat
__dllonexit
fread
strncat
fprintf
_setjmp3
remove
tan
fopen
strlen
fflush
wcslen
_except_handler3
?terminate@@YAXXZ
strtol
log
fabs
strtok
??2@YAPAXI@Z
fwrite
fseek
sqrt
_onexit
_findclose
ftell
abs
exit
sprintf
??1type_info@@UAE@XZ
strrchr
log10
sin
_snprintf
__CxxFrameHandler
_CxxThrowException
longjmp
tolower
_isctype
_itoa
_adjust_fdiv
memcmp
free
ceil
strtod
_wfopen
getenv
div
_pctype
cos
isupper
__CxxLongjmpUnwind
memmove
floor
_findnext
isspace
memcpy
wcsrchr
atan2
_findfirst
strcpy
_ftol
fmod
__mb_cur_max
exp
_initterm
rename
pow
strcmp
_iob
ReleaseDC
GetDC
deflateReset
inflateEnd
uncompress
inflateInit2_
compress
deflateEnd
deflate
inflateInit_
zError
deflateInit2_
crc32
inflate
compress2
inflateReset
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
GERMAN AUSTRIAN 1
ExifTool file metadata
LegalTrademarks
Licensed under the Gnu General Public License V2 or any later version

SubsystemVersion
4.0

Comments
Provides generic image services for Miranda IM

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.8.0.0

LanguageCode
Neutral

FileFlagsMask
0x0037

FileDescription
fe_imgsrvc

CharacterSet
Unicode

InitializedDataSize
88576

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007, Nightwish, based on the FreeImage project (http://freeimage.sourceforge.net/)

FileVersion
0, 8, 0, 0

TimeStamp
2010:01:21 11:42:59-08:00

FileType
Win32 DLL

PEType
PE32

InternalName
fe_imgsrvc

ProductVersion
0, 8, 0, 0

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
advaimg.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Miranda IM and FreeImage

CodeSize
280064

ProductName
Miranda IM Image services

ProductVersionNumber
0.8.0.0

EntryPoint
0x44ea9

ObjectFileType
Dynamic link library

File identification
MD5 dbdc13ae193c571a952935fc1f9a1230
SHA1 75a3f295209b04de353b94a2157d4ed5d7a3d137
SHA256 5544f34227144bad1913ded07376711b1363a4e2462c7a48c85ecf18ed7a68e2
ssdeep
6144:sHfcMLkHtvs4GKPzY3vUjOObBFw0HX5mjitS5CsqDMPIhpdLVe+chHp:aLcU4GHfUyal9sqDnTKHp

File size 360.0 KB ( 368640 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (47.7%)
Miranda IM plugin (26.7%)
Win32 Executable Generic (10.8%)
Win32 Dynamic Link Library (generic) (9.6%)
Generic Win/DOS Executable (2.5%)
Tags
armadillo pedll

VirusTotal metadata
First submission UTC ( ago )
Last submission UTC ( ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!