× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f425a0ec6ff3d28685f8b618b01ef5442ff5310f4deaf8760408c1eea77d9ce
File name: 7.dll
Detection ratio: 2 / 57
Analysis date: 2015-04-14 08:23:32 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.D340 20150413
Tencent Trojan.Win32.Qudamah.Gen.15 20150414
Ad-Aware 20150414
AegisLab 20150414
Yandex 20150413
AhnLab-V3 20150414
Alibaba 20150414
ALYac 20150414
Antiy-AVL 20150414
Avast 20150414
AVG 20150414
Avira (no cloud) 20150414
AVware 20150414
Baidu-International 20150414
BitDefender 20150414
ByteHero 20150414
CAT-QuickHeal 20150414
ClamAV 20150414
CMC 20150413
Comodo 20150414
Cyren 20150414
DrWeb 20150414
Emsisoft 20150414
ESET-NOD32 20150413
F-Prot 20150414
F-Secure 20150414
Fortinet 20150414
GData 20150414
Ikarus 20150414
Jiangmin 20150413
K7AntiVirus 20150414
K7GW 20150414
Kaspersky 20150414
Kingsoft 20150414
Malwarebytes 20150414
McAfee 20150414
McAfee-GW-Edition 20150413
Microsoft 20150414
eScan 20150414
NANO-Antivirus 20150414
Norman 20150414
nProtect 20150413
Panda 20150413
Qihoo-360 20150414
Rising 20150413
Sophos AV 20150414
SUPERAntiSpyware 20150414
Symantec 20150414
TheHacker 20150414
TotalDefense 20150413
TrendMicro 20150414
TrendMicro-HouseCall 20150414
VBA32 20150412
VIPRE 20150414
ViRobot 20150414
Zillya 20150413
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-14 06:37:43
Entry Point 0x00006F90
Number of sections 4
PE sections
PE imports
SetDefaultCommConfigW
OpenFileMappingW
GetConsoleMode
LocalAlloc
GetLogicalDrives
GetTapePosition
SetCommTimeouts
TerminateJobObject
IsDBCSLeadByteEx
WaitForDebugEvent
InterlockedExchange
GetTempPathW
HeapReAlloc
AddVectoredExceptionHandler
GetExitCodeProcess
LocalFree
GetThreadPriority
GetEnvironmentVariableA
SetLocaleInfoA
FindClose
QueryDosDeviceW
EnumLanguageGroupLocalesA
QueueUserWorkItem
FindFirstVolumeMountPointA
LocalLock
GetUserDefaultLangID
FindNextVolumeA
FindNextVolumeW
UpdateResourceA
SetProcessWorkingSetSize
GetCalendarInfoW
OpenWaitableTimerW
EnumCalendarInfoW
FoldStringW
GetCalendarInfoA
GetPrivateProfileStringW
DeleteVolumeMountPointW
Module32Next
SetCalendarInfoW
GetConsoleDisplayMode
GetMailslotInfo
MoveFileExA
GetFirmwareEnvironmentVariableA
GetDiskFreeSpaceExA
FindCloseChangeNotification
GetNumberFormatA
GlobalAlloc
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FindVolumeClose
GetVersionExW
FreeLibrary
SetFileApisToANSI
VirtualProtect
LoadLibraryA
GetFileSize
GetPrivateProfileIntA
GetCommProperties
SetCommMask
GenerateConsoleCtrlEvent
SetVolumeMountPointW
GetProcAddress
GetConsoleScreenBufferInfo
GetTempFileNameW
CompareStringW
GlobalWire
GetBinaryTypeW
WTSGetActiveConsoleSessionId
lstrcpyA
CreateHardLinkW
TerminateProcess
ExpandEnvironmentStringsA
EnumDateFormatsExW
SetVolumeLabelW
ReadDirectoryChangesW
EncodeSystemPointer
CreateEventA
LocalUnlock
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
FlushConsoleInputBuffer
VirtualAllocEx
lstrlenA
LCMapStringA
GetDevicePowerState
SizeofResource
ProcessIdToSessionId
HeapQueryInformation
ClearCommBreak
GetCurrentActCtx
GetCommandLineA
InterlockedCompareExchange
RegisterWaitForSingleObjectEx
RaiseException
GetModuleHandleA
HeapUnlock
SetConsoleTitleA
OpenMutexW
BindIoCompletionCallback
GetSystemTimeAdjustment
GetEnvironmentStrings
DnsHostnameToComputerNameW
UnmapViewOfFile
GetDefaultCommConfigW
WriteConsoleOutputCharacterA
ReadFileEx
GetProcessVersion
SetMailslotInfo
ResetEvent
MprAdminMIBEntryCreate
MprConfigInterfaceCreate
MprAdminDeviceEnum
VarUI2FromStr
VarUI2FromR4
VarBstrFromR8
rename
wcsftime
setlocale
strxfrm
printf
fgets
getchar
clearerr
strtok
fwrite
wcslen
sprintf
memset
free
iswascii
isgraph
calloc
memcpy
iswprint
iswlower
atoi
strftime
PdhGetCounterInfoW
UrlMkSetSessionOption
FaultInIEFeature
GetClassURL
WriteHitLogging
PE exports
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:04:14 07:37:43+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
297984

LinkerVersion
8.0

EntryPoint
0x6f90

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1748fc9c5c0587373bf15a6bda380543
SHA1 e513d676d0775b4d80292fd41a2a034e8afadde8
SHA256 8f425a0ec6ff3d28685f8b618b01ef5442ff5310f4deaf8760408c1eea77d9ce
ssdeep
3072:3RsT3EEajxVL0KutzmwrHCDH+zVWCpC75RF/KbMK9pGDrtguO2TlNRgCNYyFfrfp:3+7EEa1oOe8IDpGPTvlNRFXvaE

authentihash 7b7187fe50cfc0712989da103429edfa83bd63c33c04c951c2fdb43544926b49
imphash 6c77fc7c1495258cfa92c7185981ad63
File size 303.5 KB ( 310784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-14 08:23:32 UTC ( 2 years, 6 months ago )
Last submission 2017-04-07 08:44:07 UTC ( 6 months, 2 weeks ago )
File names 1748fc9c5c0587373bf15a6bda380543.vir
E513D676D0775B4D80292FD41A2A034E8AFADDE8
7.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!