× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bdf209354021bc1c517863e06d3ebd3a66e90360280e57333efade806270e55
File name: 0fd1f1987a8c378a452100172ab5f630
Detection ratio: 39 / 42
Analysis date: 2011-07-04 05:47:33 UTC ( 7 years, 3 months ago )
Antivirus Result Update
AhnLab-V3 Dropper/Xema.151552.CW 20110703
AntiVir TR/Crypt.XPACK.Gen2 20110704
Antiy-AVL Trojan/Win32.TDSS.gen 20110704
Avast Win32:Alureon-ACQ 20110703
Avast5 Win32:Alureon-ACQ 20110703
AVG Generic22.AQHT 20110703
BitDefender Trojan.Generic.KD.219190 20110704
CAT-QuickHeal TrojanDropper.TDSS.ampl 20110704
ClamAV Trojan.TDSS-6688 20110704
Commtouch W32/Alureon.AT.gen!Eldorado 20110703
Comodo TrojWare.Win32.Trojan.Agent.Gen 20110704
DrWeb BackDoor.Tdss.5070 20110704
eSafe Win32.TRCrypt.XPACK 20110703
F-Prot W32/Alureon.AT.gen!Eldorado 20110703
F-Secure Trojan.Generic.KD.219190 20110704
Fortinet W32/TDSS.AMPL!tr 20110702
GData Trojan.Generic.KD.219190 20110704
Ikarus Trojan.Win32.Alureon 20110704
Jiangmin TrojanDropper.TDSS.eji 20110703
K7AntiVirus Trojan 20110701
Kaspersky Trojan-Dropper.Win32.TDSS.ampl 20110704
McAfee Generic Dropper.va.af 20110704
McAfee-GW-Edition Generic Dropper.va.af 20110703
Microsoft Trojan:Win32/Alureon.DX 20110704
NOD32 Win32/Olmarik.SC 20110704
Norman W32/Injector.AEU 20110703
nProtect Gen:Variant.Kazy.22864 20110703
Panda Trj/TDSS.GY 20110703
PCTools Trojan.Gen 20110704
Sophos AV Mal/TDSSPack-AX 20110704
SUPERAntiSpyware Rootkit.Agent/Gen-Dix 20110703
Symantec Trojan.Gen 20110704
TheHacker Trojan/Dropper.TDSS.ampl 20110704
TrendMicro TROJ_GEN.F43C1EF 20110704
TrendMicro-HouseCall TROJ_GEN.F43C1EF 20110704
VBA32 TrojanDropper.TDSS.amoa 20110701
VIPRE Trojan-Dropper.Win32.TDSS.cfvs (v) 20110704
ViRobot Dropper.Tdss.151552 20110704
VirusBuster Trojan.DR.TDSS!g6tjlOvKmyY 20110703
eTrust-Vet 20110701
Prevx 20110704
Rising 20110701
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
PE header basic information
Number of sections 8
PE sections
PE imports
AreAllAccessesGranted
PlayEnhMetaFile
GetEnhMetaFileW
SelectClipPath
GetRandomRgn
GetFontData
PolylineTo
CreateFontIndirectA
GetDeviceCaps
CreateEnhMetaFileA
CreatePolyPolygonRgn
GetTextExtentExPointW
SelectPalette
GetLogicalDriveStringsW
MoveFileW
WaitCommEvent
FileTimeToDosDateTime
SetupComm
GetCommModemStatus
LoadLibraryExW
GlobalCompact
SetMessageWaitingIndicator
SetTapePosition
LoadLibraryA
CreateSemaphoreW
lstrcmpW
GetMailslotInfo
GetModuleHandleW
SetWaitableTimer
SetInformationJobObject
StrCmpNIW
PathCompactPathW
StrToIntExW
StrRStrIW
StrCpyNW
PathFindNextComponentW
ChrCmpIW
1 more function(s) imported by ordinal)
GetMouseMovePointsEx
UnregisterClassW
LoadImageW
ScreenToClient
GetSystemMenu
CloseClipboard
GetWindowTextLengthW
WaitForInputIdle
EnumDesktopsW
SetPropW
SetWinEventHook
GetMenuStringA
FrameRect
GetMenuContextHelpId
PostMessageA
SystemParametersInfoA
GetDlgCtrlID
SetWindowTextW
ValidateRect
CheckMenuItem
LoadCursorFromFileW
MapWindowPoints
PE exports
File identification
MD5 0fd1f1987a8c378a452100172ab5f630
SHA1 efcad85fac6c8aa5535d2408df8de709a62c0503
SHA256 7bdf209354021bc1c517863e06d3ebd3a66e90360280e57333efade806270e55
ssdeep
3072:cvaCGmHioY1ZSVnx6/vcc95gkxbYvEoogGgbRPIQ7o3KFVqSSnc:cijmHiXjSJg95g+MogGMRPI6UKF5Y

File size 148.0 KB ( 151552 bytes )
File type Win32 DLL
Magic literal

TrID Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2011-05-12 06:46:00 UTC ( 7 years, 5 months ago )
Last submission 2011-07-04 05:47:33 UTC ( 7 years, 3 months ago )
File names Oe4s.dotm
0fd1f1987a8c378a452100172ab5f630
[17979]malware.exe.#
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!