× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82e68d1958b7ec7a46af4a77ae0b4723ddc02d865f8d9aad26a69d37eda1b525
File name: XeAudiere.dll
Detection ratio: 2 / 42
Analysis date: 2012-04-07 22:49:52 UTC ( 2 years ago ) View latest
Antivirus Result Update
TrendMicro PAK_Generic.001 20120407
TrendMicro-HouseCall PAK_Generic.001 20120407
AVG 20120407
AhnLab-V3 20120407
AntiVir 20120406
Antiy-AVL 20120407
Avast 20120407
BitDefender 20120408
ByteHero 20120407
CAT-QuickHeal 20120407
ClamAV 20120407
Commtouch 20120407
Comodo 20120407
DrWeb 20120408
Emsisoft 20120407
F-Prot 20120407
F-Secure 20120407
Fortinet 20120407
GData 20120407
Ikarus 20120407
Jiangmin 20120331
K7AntiVirus 20120407
Kaspersky 20120407
McAfee 20120407
McAfee-GW-Edition 20120407
Microsoft 20120407
NOD32 20120408
Norman 20120405
PCTools 20120408
Panda 20120407
Prevx 20120408
Rising 20120406
SUPERAntiSpyware 20120402
Sophos 20120407
Symantec 20120407
TheHacker 20120407
VBA32 20120405
VIPRE 20120407
ViRobot 20120407
eSafe 20120405
eTrust-Vet 20120406
nProtect 20120407
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-21 21:17:04
Entry Point 0x0001E1E0
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
_AdrOpenSound@12
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:21 21:17:04+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
49152

LinkerVersion
9.0

EntryPoint
0x1e1e0

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
73728

File identification
MD5 31248681db6cdd2615c48a5d74035e4d
SHA1 d996ed352bfc512672acfe42afb491ea5f0bac86
SHA256 82e68d1958b7ec7a46af4a77ae0b4723ddc02d865f8d9aad26a69d37eda1b525
ssdeep
768:aktADWAhglpOHYGCn56wgdLp4ol15ZrZRD+HNlhCohPEKuH6oh2cK9fA9yYdkOKb:aFXGWYgddFhZLD+oohcjhr8fA9yakOZv

File size 47.5 KB ( 48640 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
pedll upx

VirusTotal metadata
First submission 2011-04-11 10:56:23 UTC ( 3 years ago )
Last submission 2013-01-24 23:30:44 UTC ( 1 year, 2 months ago )
File names 31248681db6cdd2615c48a5d74035e4d
smona130251898234308317308
XeAudiere.dll
smona131245741434436735744
smona131477962271516790765
smona131156552851675087498
xeaudiere.dll
smona131699218024136174151
smona131156330364137288747
smona131027223664638221175
smona130706003062107868812
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!