× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 873c81e90d55874d3fdd285ddeafaa079851522e40fa95c72f3c581e55db92ae
File name: about.ex
Detection ratio: 4 / 43
Analysis date: 2012-01-27 12:23:24 UTC ( 7 years ago ) View latest
Antivirus Result Update
DrWeb BackDoor.MaosBoot.377 20120127
NOD32 a variant of Win32/TrojanDownloader.Mebload.AS 20120127
TrendMicro Cryp_Sinowal 20120127
TrendMicro-HouseCall Cryp_Sinowal 20120127
AhnLab-V3 20120126
AntiVir 20120127
Antiy-AVL 20120125
Avast 20120127
AVG 20120126
BitDefender 20120127
ByteHero 20120126
CAT-QuickHeal 20120127
ClamAV 20120126
Commtouch 20120127
Comodo 20120126
Emsisoft 20120127
eSafe 20120126
eTrust-Vet 20120127
F-Prot 20120126
F-Secure 20120127
Fortinet 20120127
GData 20120127
Ikarus 20120127
Jiangmin 20120125
K7AntiVirus 20120126
Kaspersky 20120127
McAfee 20120127
McAfee-GW-Edition 20120127
Microsoft 20120127
Norman 20120126
nProtect 20120127
Panda 20120126
PCTools 20120127
Prevx 20120127
Rising 20120118
Sophos AV 20120127
SUPERAntiSpyware 20120127
Symantec 20120127
TheHacker 20120126
VBA32 20120126
VIPRE 20120127
ViRobot 20120127
VirusBuster 20120126
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 1995-1998

Publisher Microsoft Corporation
Product Microsoft Distributed Transaction Coordinator
Internal name MSDTC.EXE
File version 2001.12.4414.700
Description MS DTC console program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-01 02:54:00
Entry Point 0x00004851
Number of sections 5
PE sections
PE imports
GetSidLengthRequired, FreeSid, GetSecurityDescriptorDacl, RegEnumValueA, SetFileSecurityA, SetSecurityDescriptorDacl, GetSidSubAuthority, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, RegOpenKeyExA, RegCloseKey, InitializeSid, RegQueryValueExA, AllocateAndInitializeSid
SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListA
MessageBoxA, wsprintfA, CharNextA, LoadStringA, CharPrevA, MessageBoxExA
VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
PE exports
ExifTool file metadata
CodeSize
90112

SubsystemVersion
4.0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
Microsoft Distributed Transaction Coordinator

FileVersionNumber
2001.12.4414.700

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
8.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2001.12.4414.700

TimeStamp
2005:05:01 04:54:00+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSDTC.EXE

ProductVersion
03.01.00.4414

FileDescription
MS DTC console program

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) Microsoft Corp. 1995-1998

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

FileSubtype
0

ProductVersionNumber
3.1.0.4414

EntryPoint
0x4851

ObjectFileType
Executable application

File identification
MD5 9132ab234ff80dc061876d11b8e8349e
SHA1 279dc1b81b512cb7c59408ad19fb7981d71bd7d8
SHA256 873c81e90d55874d3fdd285ddeafaa079851522e40fa95c72f3c581e55db92ae
ssdeep
3072:a25S7cD5yTVOKcSjTOHGiKi7w5k/PQUCkofw+Bl7:acSEa3hTWGCsK/DCkofB

File size 120.0 KB ( 122880 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2012-01-27 12:23:24 UTC ( 7 years ago )
Last submission 2012-06-01 11:02:05 UTC ( 6 years, 8 months ago )
File names about.ex
9132AB234FF80DC061876D11B8E8349E
file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!