× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d8bf2bd89437c4fe679949bd06bb7a6cb40d650927e1d242b1e042b5ea63080
File name: MainBond
Detection ratio: 38 / 67
Analysis date: 2018-07-22 20:24:08 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.606976 20180722
AegisLab AdWare.W32.BHO.liy!c 20180722
ALYac Hijacker.R-Cash 20180722
Antiy-AVL GrayWare[AdWare]/Win32.BHO 20180722
Arcabit Trojan.Generic.KDV.D94300 20180722
Avast FileRepMetagen [Malware] 20180722
AVG FileRepMetagen [Malware] 20180722
Avira (no cloud) HEUR/AGEN.1025412 20180722
AVware Trojan.Win32.Generic!BT 20180722
BitDefender Trojan.Generic.KDV.606976 20180722
ClamAV Win.Adware.BHO-7734 20180722
Comodo .UnclassifiedMalware 20180722
Cylance Unsafe 20180722
DrWeb Adware.Benega.3095 20180722
Emsisoft Trojan.Generic.KDV.606976 (B) 20180722
ESET-NOD32 a variant of Win32/Adware.Kraddare.GA 20180722
F-Secure Trojan.Generic.KDV.606976 20180722
Fortinet Riskware/Generic_PUA_PA 20180722
GData Trojan.Generic.KDV.606976 20180722
Ikarus Trojan.SuspectCRC 20180722
Jiangmin Adware/BHO.ddg 20180722
MAX malware (ai score=99) 20180722
McAfee Generic PUP 20180722
McAfee-GW-Edition Generic PUP 20180722
eScan Trojan.Generic.KDV.606976 20180722
NANO-Antivirus Riskware.Win32.BHO.dtmuu 20180722
Panda Trj/CI.A 20180722
Qihoo-360 Win32/Trojan.Generic.9d6 20180722
Rising Trojan.Win32.Generic.125C8FDA (C64:YzY0Or1hEIW5WUyP) 20180722
Sophos AV Generic PUA PA (PUA) 20180722
Symantec Adware.Gen 20180722
Tencent Win32.Adware.Bho.Lfqb 20180722
VBA32 Trojan.BHORA.0322 20180720
VIPRE Trojan.Win32.Generic!BT 20180722
ViRobot Adware.BHO.61440.AD 20180722
Webroot W32.Heuristic.Gen 20180722
Yandex Adware.BHO!Nvjza9q7Oh8 20180720
Zillya Adware.BHO.Win32.4091 20180720
AhnLab-V3 20180721
Alibaba 20180713
Avast-Mobile 20180722
Babable 20180406
Baidu 20180717
Bkav 20180719
CAT-QuickHeal 20180722
CMC 20180722
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180722
eGambit 20180722
Endgame 20180711
F-Prot 20180722
Sophos ML 20180717
K7AntiVirus 20180722
K7GW 20180722
Kaspersky 20180722
Kingsoft 20180722
Malwarebytes 20180722
Microsoft 20180722
Palo Alto Networks (Known Signatures) 20180722
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180722
TACHYON 20180722
TheHacker 20180722
TotalDefense 20180722
TrendMicro 20180722
TrendMicro-HouseCall 20180722
Trustlook 20180722
ZoneAlarm by Check Point 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2006

Product MainBond Module
Original name MainBond.DLL
Internal name MainBond
File version 1, 0, 0, 1
Description MainBond Module
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-03 02:09:38
Entry Point 0x00007A43
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
Ord(42)
Ord(43)
Ord(44)
Ord(23)
Ord(58)
Ord(57)
Ord(46)
Ord(21)
Ord(31)
Ord(30)
Ord(15)
Ord(16)
Ord(32)
Ord(18)
SetBkColor
CreateSolidBrush
SetTextColor
GetSystemTime
GetLastError
EnterCriticalSection
lstrlenA
GlobalFree
FreeLibrary
LoadLibraryA
lstrlenW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
CreateThread
MultiByteToWideChar
GetProcAddress
FlushInstructionCache
RaiseException
WideCharToMultiByte
GetExitCodeThread
SetUnhandledExceptionFilter
CloseHandle
GetSystemDirectoryA
LocalFree
GetModuleFileNameA
InitializeCriticalSection
GlobalAlloc
InterlockedDecrement
Sleep
IsBadCodePtr
GetCurrentThreadId
LeaveCriticalSection
InterlockedIncrement
Ord(4129)
Ord(4080)
Ord(537)
Ord(1168)
Ord(939)
Ord(3136)
Ord(341)
Ord(826)
Ord(1089)
Ord(1253)
Ord(6143)
Ord(3259)
Ord(940)
Ord(815)
Ord(1577)
Ord(654)
Ord(6467)
Ord(5199)
Ord(6874)
Ord(5861)
Ord(941)
Ord(1243)
Ord(4465)
Ord(5300)
Ord(5858)
Ord(4202)
Ord(3738)
Ord(2982)
Ord(1575)
Ord(1182)
Ord(825)
Ord(600)
Ord(269)
Ord(1176)
Ord(5307)
Ord(801)
Ord(1255)
Ord(4424)
Ord(540)
Ord(2554)
Ord(6392)
Ord(823)
Ord(5603)
Ord(2725)
Ord(539)
Ord(2764)
Ord(800)
Ord(2512)
Ord(541)
Ord(4274)
Ord(5683)
Ord(4079)
Ord(6663)
Ord(1197)
Ord(3147)
Ord(6375)
Ord(3953)
Ord(533)
Ord(3262)
Ord(5194)
Ord(2614)
Ord(6877)
Ord(858)
Ord(2396)
Ord(6662)
Ord(3831)
Ord(3825)
Ord(1570)
Ord(2976)
Ord(342)
Ord(1997)
Ord(2985)
Ord(6140)
Ord(3922)
Ord(3346)
Ord(1116)
Ord(2818)
Ord(535)
Ord(3830)
Ord(4278)
Ord(3079)
Ord(1578)
Ord(1131)
Ord(798)
Ord(5714)
Ord(5289)
Ord(861)
Ord(4277)
Ord(4622)
Ord(561)
Ord(5448)
Ord(924)
Ord(4486)
Ord(3081)
Ord(4698)
Ord(926)
Ord(5302)
Ord(860)
Ord(5731)
Ord(3318)
_purecall
malloc
??1type_info@@UAE@XZ
memset
fclose
strcat
__dllonexit
_stricmp
div
fopen
strlen
strncpy
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
_strlwr
memcmp
_filelength
__CxxFrameHandler
_adjust_fdiv
_fileno
free
atoi
_chkesp
memcpy
strstr
_initterm
_EH_prolog
strcmp
LoadRegTypeLib
SysStringLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
MapVirtualKeyA
keybd_event
RegisterWindowMessageA
DefWindowProcA
ShowWindow
IsWindow
GetWindowRect
UnhookWindowsHookEx
PostMessageA
MoveWindow
SetWindowLongA
CallNextHookEx
FindWindowExA
DrawTextA
GetClassInfoA
GetWindowLongA
SetParent
IsWindowVisible
SendMessageA
GetClientRect
RegisterClassA
InvalidateRect
wsprintfA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
SetWindowsHookExA
FillRect
CallWindowProcA
GetClassNameA
HttpSendRequestA
InternetQueryDataAvailable
InternetSetCookieA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
sqlite3_close
sqlite3_exec
sqlite3_open
PE exports
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
KOREAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
MainBond Module

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MainBond Module

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
dll

OriginalFileName
MainBond.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2008:04:03 03:09:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MainBond

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2006

MachineType
Intel 386 or later, and compatibles

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x7a43

ObjectFileType
Dynamic link library

File identification
MD5 320d03aec1f76ac944581b68fad0c572
SHA1 f0837eee6063bce27c3caad56442d5aa3b5abc1a
SHA256 7d8bf2bd89437c4fe679949bd06bb7a6cb40d650927e1d242b1e042b5ea63080
ssdeep
768:JJvl6ASz/u/X0knT0Ku6sEXh70YQnXhSNuEDf9aPkOVi2trIJLeRztQ:XvYAI/WXFD5703gN5DlekOTrIJaRxQ

authentihash 2b1829dfdf8235d8cd6347e79174518fb81e0cbf9d6008a68c35964fd6009f6e
imphash 9427df343bd3002a5e0eb59b7445a139
File size 60.0 KB ( 61440 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.1%)
Windows ActiveX control (29.5%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2008-10-14 23:05:00 UTC ( 9 years, 11 months ago )
Last submission 2013-07-09 09:35:34 UTC ( 5 years, 2 months ago )
File names TYSQim5J_I.tif
1467412
output.1467412.txt
MainBond.DLL
7d8bf2bd89437c4fe679949bd06bb7a6cb40d650927e1d242b1e042b5ea63080
kv5rhNve.sys
rcrunb.dll
MainBond
320D03AEC1F76AC944581B68FAD0C572
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!