× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5afe6253b435668f7fb449bd75a53532f9237e738f4bbc83c511bdbd4df81fab
File name: 1.dll
Detection ratio: 3 / 57
Analysis date: 2015-01-19 08:55:37 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.B293 20150117
K7GW Trojan ( 004b38f81 ) 20150125
McAfee-GW-Edition BehavesLike.Win32.Pate.fc 20150119
Ad-Aware 20150119
AegisLab 20150119
Yandex 20150118
AhnLab-V3 20150119
Alibaba 20150119
ALYac 20150119
Antiy-AVL 20150125
Avast 20150119
AVG 20150125
Avira (no cloud) 20150119
AVware 20150119
Baidu-International 20150119
BitDefender 20150119
ByteHero 20150119
CAT-QuickHeal 20150119
ClamAV 20150119
CMC 20150119
Comodo 20150119
Cyren 20150119
DrWeb 20150125
Emsisoft 20150119
ESET-NOD32 20150119
F-Prot 20150119
F-Secure 20150119
Fortinet 20150119
GData 20150119
Ikarus 20150119
Jiangmin 20150118
K7AntiVirus 20150118
Kaspersky 20150119
Kingsoft 20150119
Malwarebytes 20150119
McAfee 20150119
Microsoft 20150125
eScan 20150119
NANO-Antivirus 20150119
Norman 20150119
nProtect 20150116
Panda 20150118
Qihoo-360 20150119
Rising 20150118
Sophos AV 20150119
SUPERAntiSpyware 20150118
Symantec 20150119
Tencent 20150119
TheHacker 20150118
TotalDefense 20150118
TrendMicro 20150119
TrendMicro-HouseCall 20150119
VBA32 20150119
VIPRE 20150119
ViRobot 20150119
Zillya 20150119
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name ADs
Internal name ADs
File version 5.1.3600.5512 (xpsp.080413-2113)
Description ?????????? DLL ?????? ?????????????? AD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-19 07:17:25
Entry Point 0x000075D0
Number of sections 6
PE sections
PE imports
ClusterRegSetKeySecurity
ClusterRegGetKeySecurity
ReplaceFileA
CreateJobObjectA
GetPrivateProfileStructA
CreateWaitableTimerA
GetProfileSectionW
GetConsoleTitleW
GetPrivateProfileStructW
GetVolumePathNamesForVolumeNameW
SetDefaultCommConfigW
CreatePipe
LocalAlloc
GetTapePosition
InitializeSListHead
CommConfigDialogA
GetCommModemStatus
FindResourceExA
IsSystemResumeAutomatic
InterlockedExchange
FindActCtxSectionStringW
SetFileAttributesA
LocalFree
EnumLanguageGroupLocalesW
GetLogicalDriveStringsA
OutputDebugStringW
FindFirstVolumeMountPointW
QueryDosDeviceW
GetTickCount
GetVolumePathNameA
CancelTimerQueueTimer
GetNumberOfConsoleInputEvents
HeapAlloc
QueryPerformanceFrequency
SetProcessWorkingSetSize
GetPriorityClass
SetCalendarInfoA
GetCalendarInfoW
WritePrivateProfileSectionW
WritePrivateProfileSectionA
CreateMutexA
CreateSemaphoreA
CreateThread
LocalFlags
GetExitCodeThread
SetUnhandledExceptionFilter
GetConsoleDisplayMode
CreateMutexW
GetSystemTimes
TzSpecificLocalTimeToSystemTime
TerminateProcess
GetProcessShutdownParameters
GetNumberFormatA
VirtualQueryEx
SetEndOfFile
SleepEx
CallNamedPipeW
SetHandleCount
RequestDeviceWakeup
FreeLibrary
GetSystemWow64DirectoryA
LoadLibraryA
DeleteVolumeMountPointA
CreateRemoteThread
DecodePointer
SetVolumeMountPointA
SetProcessPriorityBoost
SetFileValidData
GetCommProperties
GetProcAddress
GetConsoleScreenBufferInfo
AssignProcessToJobObject
DebugBreakProcess
FindFirstFileA
GlobalFix
EnumResourceNamesA
QueryInformationJobObject
FindNextFileA
IsValidLocale
WaitForMultipleObjects
CreateEventW
FindFirstVolumeA
GetCurrencyFormatA
SetFileApisToOEM
ReadConsoleOutputW
LocalUnlock
FindFirstVolumeW
InterlockedIncrement
GetLastError
Heap32ListFirst
VirtualAllocEx
GlobalUnlock
IsDBCSLeadByte
LockFile
CreateNamedPipeA
WinExec
HeapCompact
SwitchToThread
CreateIoCompletionPort
SetTapePosition
GetCompressedFileSizeW
GetCPInfoExA
GetConsoleTitleA
InterlockedCompareExchange
RaiseException
GetModuleHandleA
DeleteAtom
CloseHandle
ReadConsoleOutputCharacterA
SetLocalTime
CreateConsoleScreenBuffer
BindIoCompletionCallback
ResetWriteWatch
CreateProcessW
TransactNamedPipe
MprConfigInterfaceTransportSetInfo
MprAdminMIBEntrySet
VarUI1FromCy
BSTR_UserFree
VarCyFromUI2
VarUI4FromDisp
Ord(180)
SHFreeNameMappings
ShellExecuteExW
SHAppBarMessage
SHLoadNonloadedIconOverlayIdentifiers
fputc
putchar
strtok
abort
mblen
iswascii
wcstok
asctime
fwprintf
rand
_chkstk
memset
strcmp
wcslen
iswxdigit
iswdigit
wcsncat
sprintf
strtoul
iswalpha
ispunct
memcpy
VerSetConditionMask
PdhCloseQuery
PdhGetDataSourceTimeRangeA
PdhEnumObjectsA
PdhBrowseCountersW
PdhGetCounterTimeBase
PdhExpandWildCardPathW
PdhParseCounterPathW
RevokeBindStatusCallback
RevokeFormatEnumerator
GetComponentIDFromCLSSPEC
CoInternetParseUrl
HlinkGoBack
FindMimeFromData
FaultInIEFeature
ReleaseBindInfo
URLDownloadToFileW
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
249856

OriginalFilename
ADs

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.3600.5512 (xpsp.080413-2113)

TimeStamp
2015:01:19 08:17:25+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ADs

ProductVersion
5.1.2300.5512

FileDescription
DLL AD

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
69632

ProductName
Microsoft Windows

ProductVersionNumber
5.1.3600.5512

EntryPoint
0x75d0

ObjectFileType
Dynamic link library

File identification
MD5 d5396a78b871a29b6deebeab0c9ead52
SHA1 1c738672596682c15645c73e497abcfc92a3193f
SHA256 5afe6253b435668f7fb449bd75a53532f9237e738f4bbc83c511bdbd4df81fab
ssdeep
6144:Z79SpKJpcawSyGBHlW2uB16MW1UZ7tZLfxIlPaXWy5:50pKcPSyIW2W164r8kW

authentihash 8c7c92355418ad70be7cf8a007f7ce53553991d28d9bc21b091beb83ad917e1c
imphash 3dc18d3efdddd04d16706c1c152193d3
File size 312.0 KB ( 319488 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-01-19 08:55:37 UTC ( 2 years, 7 months ago )
Last submission 2015-03-23 14:47:28 UTC ( 2 years, 4 months ago )
File names ADs
x.26.tmp
vti-rescan
1.dll
1.tmp
5afe6253b435668f7fb449bd75a53532f9237e738f4bbc83c511bdbd4df81fab
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!