× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7345d19dfea22c28d33375ec8bc454f202afadd50ddeb09a576aecf812f2ecf5
File name: mpk.dll
Detection ratio: 33 / 65
Analysis date: 2017-12-21 20:45:15 UTC ( 1 year, 3 months ago )
Antivirus Result Update
AegisLab Monitor.W32.KGBSpy.cg!c 20171221
Antiy-AVL Trojan[Monitor]/Win32.KGBSpy 20171221
AVware KGB Keylogger 20171221
CAT-QuickHeal Monitor.Generic.19260 20171221
ClamAV Win.Trojan.Kgbspy-3 20171221
CMC Generic.Win32.7473413c34!CMCRadar 20171221
Comodo ApplicUnwnt.Win32.KGBSpy.FZ_20 20171221
Cylance Unsafe 20171221
Cyren W32/Application.PJFN-5376 20171221
DrWeb Program.KgbSpy.38 20171221
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 a variant of Win32/KGBFreeKeyLogger.AD potentially unsafe 20171221
Fortinet Malware_fam.gw 20171221
GData Win32.Application.Agent.E836CE 20171221
Ikarus not-a-virus:Monitor.Win32.KGBSpy 20171221
Jiangmin Monitor.KGBSpy.d 20171221
K7AntiVirus Unwanted-Program ( 004d27911 ) 20171221
K7GW Unwanted-Program ( 004d27911 ) 20171221
Kaspersky not-a-virus:Monitor.Win32.KGBSpy.cg 20171221
Kingsoft Win32.Malware.Heur_Generic.A.(kcloud) 20171221
McAfee Generic Keylogger.af 20171221
McAfee-GW-Edition Generic Keylogger.af 20171221
Microsoft MonitoringTool:Win32/RefogKeylogger 20171221
NANO-Antivirus Riskware.Win32.KGBSpy.gqhl 20171221
Qihoo-360 Win32/Virus.Spy.807 20171221
Sophos AV Generic PUA IL (PUA) 20171221
Symantec Spyware.KGBSpy 20171221
TheHacker Aplicacion/KGBSpy.cg 20171219
VIPRE KGB Keylogger 20171221
ViRobot Trojan.Win32.S.Agent.61440.VJ 20171221
Webroot System.Monitor.Refog.System.Mon 20171221
Yandex Riskware.Monitor! 20171221
ZoneAlarm by Check Point not-a-virus:Monitor.Win32.KGBSpy.cg 20171221
Ad-Aware 20171221
AhnLab-V3 20171221
Alibaba 20171221
ALYac 20171221
Arcabit 20171221
Avast 20171221
Avast-Mobile 20171221
AVG 20171221
Avira (no cloud) 20171221
Baidu 20171221
BitDefender 20171221
Bkav 20171221
CrowdStrike Falcon (ML) 20171016
Cybereason None
eGambit 20171221
Emsisoft 20171221
F-Prot 20171221
F-Secure 20171221
Sophos ML 20170914
Malwarebytes 20171221
MAX 20171221
eScan 20171221
nProtect 20171221
Palo Alto Networks (Known Signatures) 20171221
Panda 20171221
Rising 20171221
SentinelOne (Static ML) 20171207
SUPERAntiSpyware 20171221
Symantec Mobile Insight 20171221
Tencent 20171221
TrendMicro-HouseCall 20171221
Trustlook 20171221
VBA32 20171219
WhiteArmor 20171204
Zillya 20171221
Zoner 20171221
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-09 14:04:38
Entry Point 0x000029C7
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLastError
InterlockedDecrement
HeapFree
LocalLock
EnterCriticalSection
WriteProcessMemory
lstrcatA
lstrcpynA
lstrcmpiA
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
HeapCreate
GetEnvironmentStrings
GetLocaleInfoA
FreeEnvironmentStringsW
LocalAlloc
LCMapStringW
OpenProcess
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
ReadProcessMemory
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
lstrlenA
WideCharToMultiByte
MapViewOfFile
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
GetOEMCP
LocalFree
TerminateProcess
QueryPerformanceCounter
SetHandleCount
InitializeCriticalSection
UnmapViewOfFile
WriteFile
VirtualFree
GetEnvironmentStringsW
GetLongPathNameA
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
LocalUnlock
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
GetWindowLongA
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
PostMessageA
IsWindowVisible
SendMessageA
RegisterWindowMessageA
CallNextHookEx
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:10:09 15:04:38+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
32768

LinkerVersion
8.0

FileTypeExtension
dll

InitializedDataSize
24576

SubsystemVersion
4.0

EntryPoint
0x29c7

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 7473413c349e6ca7c107d30622cd48ee
SHA1 8b6b36483afa185bb21beab49f2aedfedb0323c0
SHA256 7345d19dfea22c28d33375ec8bc454f202afadd50ddeb09a576aecf812f2ecf5
ssdeep
768:98Ze0/kHe6J32LkC2QozcMVW3+byR+76KQaBo2yn:9V0/S120zcMVWOV75XBw

authentihash c6ebfed98271ae3dd62900ad6d8818b752e1868d7fa9ed8420c67123b337dc10
imphash 9fa3443838eb1c01a5610915f8ec1e3e
File size 60.0 KB ( 61440 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2009-06-25 11:47:14 UTC ( 9 years, 10 months ago )
Last submission 2017-12-21 20:45:15 UTC ( 1 year, 3 months ago )
File names Mpk.dll
7473413c349e6ca7c107d30622cd48ee
MPK.dll
mpk.dll
avz00001.dta
Mpk.dll
aa
vt-upload-pT9Lu
vti-rescan
7473413c349e6ca7c107d30622cd48ee
45991-5
mpk.dll
MPK.dll
vt-upload-14v_7
smona131384244249766043658
7473413C349E6CA7C107D30622CD48EE
Advanced heuristic and reputation engines
Sophos
Possibly Unwanted Application labelled as Generic PUA IL. This is a term used to describe applications that, while not malicious, are generally considered unsuitable for business networks. More details about Sophos PUA classifications can be found at: https://www.sophos.com/en-us/support/knowledgebase/14887.aspx .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!