× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70284692566b1eb1cff995513b8c087c1c4943dcac76d9690e1f23862117dfff
File name: 24.tmp
Detection ratio: 33 / 42
Analysis date: 2012-04-25 17:44:35 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120424
AntiVir TR/Dldr.Vundo.hiyv.1 20120425
Antiy-AVL Trojan/Win32.Cidox.gen 20120425
Avast Win32:MalOb-JZ [Cryp] 20120425
AVG Generic27.AVDR 20120425
BitDefender Trojan.Generic.KDV.572227 20120425
CAT-QuickHeal Trojan.Cidox.ame 20120425
Commtouch W32/Virtumonde.CW.gen!Eldorado 20120425
Comodo UnclassifiedMalware 20120425
DrWeb Trojan.Mayachok.1 20120425
Emsisoft Trojan-Dropper.Win32.Cidox!IK 20120425
F-Prot W32/Virtumonde.CW.gen!Eldorado 20120425
F-Secure Trojan.Generic.KDV.572227 20120425
Fortinet W32/Kryptik.CIK!tr 20120425
GData Trojan.Generic.KDV.572227 20120425
Ikarus Trojan-Dropper.Win32.Cidox 20120425
Jiangmin Trojan/Cidox.iet 20120425
K7AntiVirus Trojan 20120425
Kaspersky Trojan.Win32.Cidox.ame 20120425
McAfee Downloader.a!bk3 20120425
McAfee-GW-Edition Downloader.a!bk3 20120425
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120425
NOD32 a variant of Win32/Kryptik.ACSY 20120425
Norman W32/Suspicious_Gen4.VZFP 20120425
nProtect Trojan/W32.Agent.53248.CVV 20120425
Panda Suspicious file 20120425
Sophos AV Troj/Virtum-Gen 20120425
TheHacker Trojan/Cidox.ame 20120425
TrendMicro TROJ_GEN.R47CDCH 20120425
TrendMicro-HouseCall TROJ_GEN.R47CDCH 20120425
VBA32 Trojan.Cidox.ame 20120425
VIPRE Trojan.Win32.Vundo.pb (v) 20120425
VirusBuster Trojan.Cidox!rEOMV1TpL3Q 20120425
ByteHero 20120424
ClamAV 20120425
eSafe 20120424
eTrust-Vet 20120425
PCTools 20120424
Rising 20120425
SUPERAntiSpyware 20120402
Symantec 20120425
ViRobot 20120425
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-15 13:12:34
Entry Point 0x00002281
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
Rectangle
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
QueryPerformanceCounter
HeapCreate
VirtualFree
GetFileType
GetTickCount
GetVersion
VirtualAlloc
GetSystemMetrics
GetClientRect
GetDC
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:15 14:12:34+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x2281

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 06e35be14d30708ea5b571bc50f9a04e
SHA1 90bbc811f2e1dc49f12d37465476bd2429860bba
SHA256 70284692566b1eb1cff995513b8c087c1c4943dcac76d9690e1f23862117dfff
ssdeep
768:Ddz1tKW+fSKwykdoTjD8EFhLDTMTBc7jNUCBbIBj1j4o9RPweZ:Ddz1V+fSK3kGTjwcSBcfNUoMBaoMe

File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2012-03-17 15:50:21 UTC ( 6 years, 7 months ago )
Last submission 2012-08-23 15:07:04 UTC ( 6 years, 1 month ago )
File names aa
oNAUiIl.js
24.tmp
qDs_.zip
f2d59065e24e1a9685825e4a7e383b8af35567a11a4e22baa024071a79bab75ca9a886eb839547ddfd444da784102fe7555887679a5a828c32cbf2b42db7adf1
ebsljpi.dll.hz
ekmkopm.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!