× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c6b817eaf0e02dfde17afab941f96a4db71f6455cf86934706b7b0c235852d4
File name: C.tmp
Detection ratio: 33 / 40
Analysis date: 2012-04-25 17:45:45 UTC ( 6 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cidox 20120423
AntiVir TR/Dldr.Vundo.hynrd 20120424
Avast Win32:MalOb-JZ [Cryp] 20120423
AVG Downloader.Generic12.BCBX 20120423
BitDefender Trojan.Generic.7232268 20120424
CAT-QuickHeal Trojan.Cidox.gm 20120423
Commtouch W32/Virtumonde.CW.gen!Eldorado 20120424
Comodo TrojWare.Win32.Cidox.ANG 20120424
DrWeb Trojan.Mayachok.1 20120424
Emsisoft Trojan-Downloader.Win32.Vundo!IK 20120424
eTrust-Vet Win32/Vundo.I!generic 20120423
F-Prot W32/Virtumonde.CW.gen!Eldorado 20120423
F-Secure Trojan.Generic.7232268 20120424
Fortinet W32/Kryptik.CIK!tr 20120424
GData Trojan.Generic.7232268 20120424
Ikarus Trojan-Downloader.Win32.Vundo 20120424
Jiangmin Trojan/Cidox.hvg 20120423
K7AntiVirus Trojan 20120420
Kaspersky Trojan.Win32.Cidox.gm 20120424
Microsoft TrojanDownloader:Win32/Vundo.HIY 20120424
NOD32 Win32/Agent.SFM 20120424
Norman W32/Vundo.BCGJ 20120423
nProtect Trojan.Generic.7232268 20120424
Panda Generic Trojan 20120423
Sophos AV Troj/Virtum-Gen 20120424
SUPERAntiSpyware Trojan.Agent/Gen-Monder 20120402
Symantec Downloader 20120424
TheHacker Trojan/Cidox.gm 20120422
TrendMicro TROJ_GEN.R47C7C1 20120423
TrendMicro-HouseCall TROJ_GEN.R47C7C1 20120424
VBA32 Trojan.Cidox.22215 20120422
VIPRE Trojan.Win32.Vundo.pb (v) 20120424
VirusBuster Trojan.Cidox!nnHk5dhVVJU 20120423
Antiy-AVL 20120423
ByteHero 20120424
ClamAV 20120424
eSafe 20120423
PCTools 20120423
Rising 20120423
ViRobot 20120424
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-17 19:35:38
Entry Point 0x00005F4F
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
GetStdHandle, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetVersion, VirtualFree, lstrcmpiA, LoadLibraryA, GetTickCount, VirtualAlloc, GetProcAddress, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetOEMCP, GetACP, GetLastError, CloseHandle, GetCPInfo, HeapReAlloc, HeapAlloc, WriteFile, GetCommandLineA, ExitProcess, TerminateProcess, GetCurrentProcess, HeapDestroy, HeapCreate, HeapFree, SetHandleCount, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind
StrStrA
GetDC, GetForegroundWindow, MessageBoxA, GetSystemMetrics
CoTaskMemAlloc, CoTaskMemFree, CoInitialize, CoUninitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:17 20:35:38+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

EntryPoint
0x5f4f

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6cf8d1ec0e6c8b31b9b9d9077a663c30
SHA1 a716465e1e512b5a40fa429bd307001b1ee77891
SHA256 8c6b817eaf0e02dfde17afab941f96a4db71f6455cf86934706b7b0c235852d4
ssdeep
768:xpWX9eOWB86TKtBt5ZqmZMYYQ7fV3FwivayKX/SWVXo9Dg6:Q5WAtBt5n7fxFPtwLBou6

File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
armadillo

VirusTotal metadata
First submission 2012-02-18 00:36:43 UTC ( 6 years, 8 months ago )
Last submission 2012-04-25 17:45:45 UTC ( 6 years, 5 months ago )
File names tvqyguh.dll
C.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!