× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85c89d791f69678c789878de5a3020b6a4e8cf3d975c2b77cdb35b81d6435d7d
File name: D.tmp
Detection ratio: 32 / 40
Analysis date: 2012-04-25 17:45:42 UTC ( 6 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120423
AntiVir TR/Dldr.Vundo.hynrd 20120424
Avast Win32:MalOb-JZ [Cryp] 20120423
AVG Agent3.BIBU 20120423
BitDefender Gen:Variant.Graftor.16131 20120424
CAT-QuickHeal Trojan.Cidox.is 20120423
Commtouch W32/Virtumonde.CW.gen!Eldorado 20120424
Comodo TrojWare.Win32.Cidox.ANG 20120424
DrWeb Trojan.Mayachok.1 20120424
Emsisoft Trojan-Downloader.Win32.Vundo!IK 20120424
eTrust-Vet Win32/Vundo.I!generic 20120423
F-Prot W32/Virtumonde.CW.gen!Eldorado 20120423
F-Secure Gen:Variant.Graftor.16131 20120424
Fortinet W32/Kryptik.CIK!tr 20120424
GData Gen:Variant.Graftor.16131 20120424
Ikarus Trojan-Downloader.Win32.Vundo 20120424
Jiangmin Trojan/Cidox.hvd 20120423
K7AntiVirus Trojan 20120420
Kaspersky Trojan.Win32.Cidox.is 20120424
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120424
NOD32 Win32/Agent.SFM 20120424
Norman W32/Vundo.BBAA 20120423
Panda Generic Trojan 20120423
Sophos AV Troj/Virtum-Gen 20120424
SUPERAntiSpyware Trojan.Agent/Gen-Monder 20120402
Symantec Downloader 20120424
TheHacker Trojan/Cidox.is 20120422
TrendMicro TROJ_GEN.R72CDBL 20120423
TrendMicro-HouseCall TROJ_GEN.R72CDBL 20120424
VBA32 Trojan.Cidox.is 20120422
VIPRE Trojan.Win32.Vundo.pb (v) 20120424
VirusBuster Trojan.Cidox!wfEZ38dUxuQ 20120423
Antiy-AVL 20120423
ByteHero 20120424
ClamAV 20120424
eSafe 20120423
nProtect 20120424
PCTools 20120423
Rising 20120423
ViRobot 20120424
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-19 13:19:19
Entry Point 0x00005F3D
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
GetSystemTimeAsFileTime, GetStdHandle, GetCurrentThreadId, GetCurrentProcessId, GetVersion, QueryPerformanceCounter, VirtualAlloc, VirtualFree, lstrcmpiA, GetTickCount, GetLastError, GetProcAddress, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetOEMCP, GetACP, LoadLibraryA, CloseHandle, GetCPInfo, HeapReAlloc, HeapAlloc, WriteFile, GetCommandLineA, ExitProcess, TerminateProcess, GetCurrentProcess, HeapDestroy, HeapCreate, HeapFree, SetHandleCount, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind
StrStrA
GetDC, GetForegroundWindow, MessageBoxA, GetSystemMetrics
CoTaskMemAlloc, CoTaskMemFree, CoInitialize, CoUninitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:19 14:19:19+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x5f3d

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7206554b5cefeff3c4f389b2f76f311f
SHA1 801da4022899cc7cd3ff4b03857056394e0beba1
SHA256 85c89d791f69678c789878de5a3020b6a4e8cf3d975c2b77cdb35b81d6435d7d
ssdeep
768:xcaR/2lYpNsLPYQvxEmZqoP8rONfaHmq41SVAyxyiFiVXo9Dup:fRulYELA8ajOMGrexyRBo8p

File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
armadillo

VirusTotal metadata
First submission 2012-02-20 08:53:13 UTC ( 6 years, 7 months ago )
Last submission 2012-04-25 17:45:42 UTC ( 6 years, 5 months ago )
File names swkxdjc.dll
hhwxuxl.dll
D.tmp
anjryqd.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!