× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84ccc4b9d6b67c56dc48a022d207f5490f49ea81661d5d655fce705c0274f3aa
File name: 2.dll
Detection ratio: 2 / 57
Analysis date: 2015-03-06 09:09:10 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.FB4E 20150305
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150306
Ad-Aware 20150306
AegisLab 20150306
Yandex 20150228
AhnLab-V3 20150306
Alibaba 20150306
ALYac 20150306
Antiy-AVL 20150306
Avast 20150306
AVG 20150306
Avira (no cloud) 20150306
AVware 20150306
Baidu-International 20150306
BitDefender 20150306
ByteHero 20150306
CAT-QuickHeal 20150306
ClamAV 20150306
CMC 20150304
Comodo 20150306
Cyren 20150306
DrWeb 20150306
Emsisoft 20150306
ESET-NOD32 20150306
F-Prot 20150306
F-Secure 20150306
Fortinet 20150306
GData 20150306
Ikarus 20150306
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150306
Kaspersky 20150306
Kingsoft 20150306
Malwarebytes 20150306
McAfee 20150306
McAfee-GW-Edition 20150306
Microsoft 20150306
eScan 20150306
NANO-Antivirus 20150306
Norman 20150306
nProtect 20150306
Panda 20150306
Rising 20150305
Sophos AV 20150306
SUPERAntiSpyware 20150306
Symantec 20150306
Tencent 20150306
TheHacker 20150306
TotalDefense 20150306
TrendMicro 20150306
TrendMicro-HouseCall 20150306
VBA32 20150305
VIPRE 20150306
ViRobot 20150306
Zillya 20150305
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PortableDeviceApi.dll
File version 5.2.5721.5145 (WMP_11.061018-2006)
Description Windows Portable Device API Components
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-06 08:11:36
Entry Point 0x000045A0
Number of sections 5
PE sections
PE imports
GetLastError
GlobalMemoryStatus
GetEnvironmentStrings
GetModuleHandleA
GetCalendarInfoW
GetPrivateProfileSectionNamesA
CreateDirectoryW
GetVersionExA
GetTapePosition
InterlockedCompareExchange
DragQueryFileA
GetLastActivePopup
malloc
memset
memcpy
fabs
Number of PE resources by type
TYPELIB 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.5721.5145

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
236544

EntryPoint
0x45a0

OriginalFileName
PortableDeviceApi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.5721.5145 (WMP_11.061018-2006)

TimeStamp
2015:03:06 09:11:36+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
5.2.5721.5145

FileDescription
Windows Portable Device API Components

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
83456

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.5721.5145

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 e3c149bf58dbdc11c3e21413a0e1a2ef
SHA1 8b9b7e3f6c5d579e3e0355e40d58343f2e2877a7
SHA256 84ccc4b9d6b67c56dc48a022d207f5490f49ea81661d5d655fce705c0274f3aa
ssdeep
6144:UrK1EGPw0nfskDVAuBX7jC9QnSnPke39b2c8Ymn3IF6o7nHri:UrK1rw0Jh5BLjCoIco9n846o6

authentihash 926ea7e4b397da9be9da4d8ea4227145bd8eaef2ac88a015b656e0fc487c7759
imphash c1d01c82903aa49b6d695966ec66b3f9
File size 360.0 KB ( 368640 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-03-06 08:39:20 UTC ( 4 years, 2 months ago )
Last submission 2015-03-12 08:00:36 UTC ( 4 years, 2 months ago )
File names 2.dll
PortableDeviceApi.dll
bot_x32_E3C149BF58DBDC11C3E21413A0E1A2EF.dll.bin
bot_x32_e3c149bf58dbdc11c3e21413a0e1a2ef.dll.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!