× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56982e69221e8d1ba0ab856a4891f579a4de92d0faabdcec06da38dd784d8a93
File name: 2.dll
Detection ratio: 4 / 57
Analysis date: 2015-03-11 17:03:49 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.6752 20150311
ESET-NOD32 Win32/Dridex.H 20150311
Norman Kryptik.CCLG 20150311
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150311
Ad-Aware 20150311
AegisLab 20150311
Yandex 20150311
AhnLab-V3 20150311
Alibaba 20150311
ALYac 20150311
Antiy-AVL 20150311
Avast 20150311
AVG 20150311
Avira (no cloud) 20150311
AVware 20150311
Baidu-International 20150311
BitDefender 20150311
ByteHero 20150311
CAT-QuickHeal 20150311
ClamAV 20150311
CMC 20150304
Comodo 20150311
Cyren 20150311
DrWeb 20150311
Emsisoft 20150311
F-Prot 20150311
F-Secure 20150311
Fortinet 20150310
GData 20150311
Ikarus 20150311
Jiangmin 20150310
K7AntiVirus 20150311
K7GW 20150311
Kaspersky 20150311
Kingsoft 20150311
Malwarebytes 20150311
McAfee 20150311
McAfee-GW-Edition 20150311
Microsoft 20150311
eScan 20150311
NANO-Antivirus 20150311
nProtect 20150311
Panda 20150311
Rising 20150311
Sophos AV 20150311
SUPERAntiSpyware 20150311
Symantec 20150311
Tencent 20150311
TheHacker 20150310
TotalDefense 20150311
TrendMicro 20150311
TrendMicro-HouseCall 20150311
VBA32 20150311
VIPRE 20150311
ViRobot 20150311
Zillya 20150310
Zoner 20150311
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-1997 Microsoft Corporation

Product Microsoft® Internet Services
Original name piparse.rc
Internal name piparse.dll
File version 6.1.33.0
Description WebPost PostInfo Parser DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-07-26 04:31:58
Entry Point 0x00006320
Number of sections 4
PE sections
PE imports
GetLastError
VirtualAllocEx
GlobalFree
FreeLibrary
SetProcessShutdownParameters
GetUserDefaultLCID
LoadLibraryA
SetConsoleScreenBufferSize
FatalAppExitW
UnlockFile
LocalAlloc
WriteProfileStringA
GetProfileSectionW
MapUserPhysicalPages
EnumSystemLocalesW
TerminateJobObject
GetLogicalDrives
GetProcAddress
InterlockedCompareExchange
CancelIo
GetSystemDefaultLangID
RaiseException
CreateSemaphoreA
GetModuleHandleA
RequestDeviceWakeup
InterlockedExchange
GlobalMemoryStatusEx
Thread32First
GetGeoInfoW
FreeResource
LocalFree
FindFirstVolumeA
GetStringTypeExW
BackupSeek
GetEnvironmentVariableW
wscanf
fprintf
_chkstk
fabs
memset
iswlower
memcpy
isxdigit
isspace
PdhRemoveCounter
PE exports
Number of PE resources by type
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
5.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.33.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x6320

OriginalFileName
piparse.rc

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-1997 Microsoft Corporation

FileVersion
6.1.33.0

TimeStamp
1992:07:26 05:31:58+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
piparse.dll

ProductVersion
6.1.33.0

FileDescription
WebPost PostInfo Parser DLL

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
311296

ProductName
Microsoft Internet Services

ProductVersionNumber
6.1.33.0

FileTypeExtension
dll

ObjectFileType
Executable application

Execution parents
File identification
MD5 8d3a1903358c5f3700ffde113b93dea6
SHA1 84b22065ffee35f1eb5daba163b558d944650fb1
SHA256 56982e69221e8d1ba0ab856a4891f579a4de92d0faabdcec06da38dd784d8a93
ssdeep
6144:2YAe0JhQ5tkLQ6TkgCe6kB7PyuqvJ81YEj3GhfWyiFOMc2DLyjw/s2UGSwNJBs9H:Se0PQ5eJp6kB7auqvJKGhfWyiwADLyjD

authentihash b8334099e68176fbf78852fb121f268b4fd62be0426880c887192e0aa41b6320
imphash 3d6c76a48ff57d599f054bde4668400b
File size 324.0 KB ( 331776 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-03-11 09:17:59 UTC ( 4 years, 2 months ago )
Last submission 2016-09-04 04:46:16 UTC ( 2 years, 8 months ago )
File names piparse.dll
BOKH.msi
2.dll
bot_x32_8d3a1903358c5f3700ffde113b93dea6.dll.bin
2.tmp
piparse.rc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!