× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77538c6364ff79df91a83a9bba37b4b25af16c721e935910942645c23ec2acb8
File name: pm22.dll
Detection ratio: 37 / 56
Analysis date: 2016-12-05 19:01:12 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Generic.PWS.2.067AAD8C 20161205
AegisLab Troj.W32.Gen.lDfK 20161205
AhnLab-V3 Trojan/Win32.Tepfer.R190968 20161205
ALYac Generic.PWS.2.067AAD8C 20161205
Arcabit Generic.PWS.2.067AAD8C 20161205
Avast Sf:Crypt-BI [Trj] 20161205
AVG GenericX.352 20161205
Avira (no cloud) TR/Kryptik.avp.8 20161205
AVware Trojan.Win32.Fareit.j (fs) 20161205
Baidu Win32.Trojan-PSW.Fareit.a 20161205
BitDefender Generic.PWS.2.067AAD8C 20161205
ClamAV Win.Trojan.Fareit-403 20161205
Comodo TrojWare.Win32.PWS.Fareit.GS 20161205
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Fareit.U.gen!Eldorado 20161205
DrWeb Trojan.PWS.Stealer.13052 20161205
Emsisoft Generic.PWS.2.067AAD8C (B) 20161205
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20161205
F-Prot W32/Fareit.U.gen!Eldorado 20161205
F-Secure Generic.PWS.2.067AAD8C 20161205
GData Generic.PWS.2.067AAD8C 20161205
Ikarus Trojan.Win32.Pony 20161205
Sophos ML generic.a 20161202
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20161205
Malwarebytes Spyware.Pony 20161205
McAfee PWS-FCGB!388103B496E3 20161205
McAfee-GW-Edition BehavesLike.Win32.Backdoor.mh 20161205
Microsoft PWS:Win32/Fareit!rfn 20161205
eScan Generic.PWS.2.067AAD8C 20161205
Panda Trj/Genetic.gen 20161205
Qihoo-360 HEUR/QVM40.1.0000.Malware.Gen 20161205
Rising Malware.Generic!V8MeClyxsvJ@2 (thunder) 20161205
Sophos AV Troj/Kryptik-FN 20161205
Symantec Downloader.Ponik 20161205
VBA32 BScope.Malware-Cryptor.Ponik 20161205
VIPRE Trojan.Win32.Fareit.j (fs) 20161205
Yandex Trojan.PSteal.Gen.UL 20161205
Alibaba 20161205
Antiy-AVL 20161205
Bkav 20161205
CAT-QuickHeal 20161205
CMC 20161205
Fortinet 20161205
Jiangmin 20161205
K7AntiVirus 20161205
K7GW 20161205
Kingsoft 20161205
NANO-Antivirus 20161205
nProtect 20161205
SUPERAntiSpyware 20161205
Tencent 20161205
TheHacker 20161130
TrendMicro 20161205
TrendMicro-HouseCall 20161205
Trustlook 20161205
ViRobot 20161205
WhiteArmor 20161125
Zillya 20161202
Zoner 20161205
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-05 15:26:33
Entry Point 0x0000E131
Number of sections 4
PE sections
PE imports
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
OpenProcess
GlobalLock
CreateMutexA
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
ObtainUserAgentString
SendMessageA
wsprintfA
FindWindowExA
GetClassNameA
SendMessageW
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2016:12:05 16:26:33+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
62976

LinkerVersion
2.5

EntryPoint
0xe131

InitializedDataSize
22528

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 388103b496e321118049710e3ef86500
SHA1 b95f6255c26bdef1b2055d6677746c0ea7180a13
SHA256 77538c6364ff79df91a83a9bba37b4b25af16c721e935910942645c23ec2acb8
ssdeep
1536:7htTpKBqTUZOvgX+WySp/8LadLePO68zvyPkzZl/PdU/Z:FF4v0WJ8gL8O6I/PdU/

authentihash ab9e716f262aa09a08ded510fc062b62df9aa24d7d5a43f56b84227e5b0d7666
imphash b711e40c704a940b608870b61b2e2613
File size 83.0 KB ( 84992 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (60.1%)
Win32 Executable MS Visual C++ (generic) (13.9%)
Win64 Executable (generic) (12.3%)
Windows screen saver (5.8%)
Win32 Dynamic Link Library (generic) (2.9%)
Tags
pedll

VirusTotal metadata
First submission 2016-12-05 19:01:12 UTC ( 10 months, 2 weeks ago )
Last submission 2016-12-05 19:01:12 UTC ( 10 months, 2 weeks ago )
File names pm22.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!