× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5dd7824bdf7f776a7dc3bc1d35836552a45f6f4f5a4b3f25d89e75e6e1431f0e
File name: D2648C0300BE3B6B84B802320326290096B9AFFD.dll
Detection ratio: 0 / 42
Analysis date: 2012-07-03 08:58:22 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 20120702
AntiVir 20120703
Antiy-AVL 20120703
Avast 20120703
AVG 20120703
BitDefender 20120703
ByteHero 20120626
CAT-QuickHeal 20120703
ClamAV 20120703
Commtouch 20120703
Comodo 20120703
DrWeb 20120703
Emsisoft 20120703
eSafe 20120702
F-Prot 20120703
F-Secure 20120703
Fortinet 20120703
GData 20120703
Ikarus 20120703
Jiangmin 20120703
K7AntiVirus 20120702
Kaspersky 20120703
McAfee 20120703
McAfee-GW-Edition 20120702
Microsoft 20120703
NOD32 20120703
Norman 20120703
nProtect 20120703
Panda 20120702
PCTools 20120703
Rising 20120703
Sophos AV 20120703
SUPERAntiSpyware 20120703
Symantec 20120703
TheHacker 20120702
TotalDefense 20120629
TrendMicro 20120703
TrendMicro-HouseCall 20120703
VBA32 20120702
VIPRE 20120703
ViRobot 20120703
VirusBuster 20120702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-28 15:42:08
Entry Point 0x0001884C
Number of sections 5
PE sections
PE imports
GetSaveFileNameA
IsDebuggerPresent, GetPrivateProfileIntA, CompareStringW, MultiByteToWideChar, WritePrivateProfileStringA, GetModuleHandleA, Sleep, MulDiv, lstrcmpA, lstrlenA, lstrcpynA, WaitForSingleObject, WideCharToMultiByte, TerminateThread, lstrcpynW, SetThreadPriority, DisableThreadLibraryCalls, GetTempFileNameA, GetShortPathNameW, CloseHandle, GetTempPathA, DeleteFileA, CreateThread, lstrcpyA, FreeLibrary, GetProcAddress, LoadLibraryA, GetModuleFileNameA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedCompareExchange, InterlockedExchange, HeapReAlloc, HeapAlloc, HeapFree, HeapDestroy, HeapCreate, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection
_crt_debugger_hook, _except_handler4_common, __clean_type_info_names_internal, _onexit, _lock, __dllonexit, _unlock, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, _malloc_crt, _encode_pointer, memcpy, fopen, fread, free, calloc, malloc, strstr, strchr, _vsnwprintf, _vsnprintf, atof, _stricmp, strncmp, atoi, _itow, strrchr, strncpy, __3@YAXPAX@Z, memset, __2@YAPAXI@Z, fclose, feof, ftell, fseek, fputc, fgetc, fwrite, rand
PathFindExtensionW, PathIsURLW
SetForegroundWindow, wsprintfA, MessageBoxA, DestroyWindow, SetTimer, GetWindowRect, SetActiveWindow, KillTimer, GetActiveWindow, PostMessageA, GetSystemMetrics, SetWindowTextA, MoveWindow, RegisterWindowMessageW, GetParent, GetClientRect, SendMessageA, PtInRect, SetWindowLongA, GetWindowLongW, GetWindowLongA, GetDlgItem, SetWindowLongW, EndDialog, SetWindowPos, CheckDlgButton, ShowWindow, IsDlgButtonChecked, MessageBoxIndirectW, SendMessageW, MapWindowPoints, EnableWindow, GetDlgCtrlID, GetDlgItemTextA, SetWindowTextW, SetDlgItemTextA, GetDialogBaseUnits
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:28 17:42:08+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
98816

LinkerVersion
9.0

EntryPoint
0x1884c

InitializedDataSize
74240

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 729991b3d3371bce8a100d7a2843f019
SHA1 fb9a65ef70b2d3a77f478a332d1c8153b9f071ab
SHA256 5dd7824bdf7f776a7dc3bc1d35836552a45f6f4f5a4b3f25d89e75e6e1431f0e
ssdeep
3072:FAOg6l5jRDNPiWPkbaDu2zZo7MCuIrulFmz6fLMo1s+DT+7QWx1UtceV:FI6l17mGu0ZBIrulFmGfLMo1sUT+7hUb

File size 161.0 KB ( 164864 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
VirusTotal metadata
First submission 2012-07-03 08:58:22 UTC ( 6 years, 8 months ago )
Last submission 2012-07-03 08:58:22 UTC ( 6 years, 8 months ago )
File names in_mod.dll
D2648C0300BE3B6B84B802320326290096B9AFFD.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!