× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90910a49226f6488de42d27ac1b347c68a0d5a9c1b070bf5dfdaea8ac368cfc9
File name: xpsp4ress.dll
Detection ratio: 0 / 37
Analysis date: 2012-06-20 21:24:08 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
AntiVir 20120620
Antiy-AVL 20120619
Avast 20120620
AVG 20120620
BitDefender 20120620
CAT-QuickHeal 20120620
ClamAV 20120620
Commtouch 20120620
Comodo 20120620
DrWeb 20120620
Emsisoft 20120620
F-Prot 20120620
F-Secure 20120620
Fortinet 20120620
GData 20120620
Ikarus 20120620
Jiangmin 20120620
K7AntiVirus 20120620
Kaspersky 20120620
McAfee 20120620
McAfee-GW-Edition 20120620
NOD32 20120620
Norman 20120620
nProtect 20120620
Panda 20120620
PCTools 20120620
Rising 20120620
Sophos AV 20120620
SUPERAntiSpyware 20120620
Symantec 20120619
TheHacker 20120620
TotalDefense 20120620
TrendMicro 20120620
TrendMicro-HouseCall 20120620
VIPRE 20120620
ViRobot 20120620
VirusBuster 20120620
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-24 10:01:37
Entry Point 0x00011181
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegEnumValueW
RegCreateKeyExA
LookupPrivilegeValueA
CloseServiceHandle
RegQueryInfoKeyW
GetSecurityDescriptorControl
RegFlushKey
RegOpenKeyExW
RegDeleteKeyA
LockServiceDatabase
RegOpenKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegQueryValueExW
ChangeServiceConfig2A
GetSystemTime
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
SetHandleCount
LoadLibraryW
SetEvent
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetOEMCP
GetHandleInformation
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetShortPathNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetEnvironmentStrings
GetCurrentDirectoryW
LocalAlloc
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
TlsFree
FatalAppExitA
CreateFileMappingW
SetFilePointer
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
GetCurrentThreadId
InterlockedExchange
CreateFileA
WriteFile
GetStartupInfoA
ResetEvent
SetStdHandle
CreateFileMappingA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetPriorityClass
FreeLibrary
LocalFree
GetFileType
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
SetLastError
GlobalHandle
VirtualFree
GetEnvironmentStringsW
TlsGetValue
IsBadReadPtr
SetEndOfFile
TlsSetValue
CloseHandle
HeapAlloc
GetVersion
GetCurrentThread
VirtualAlloc
SetCurrentDirectoryA
WriteConsoleW
LeaveCriticalSection
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:24 11:01:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
86016

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
77824

SubsystemVersion
4.0

EntryPoint
0x11181

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ee4e11342f6c94d31e212bdc8b003395
SHA1 febf4b3e866c1dc535ec8bdc15bc48cebc03d976
SHA256 90910a49226f6488de42d27ac1b347c68a0d5a9c1b070bf5dfdaea8ac368cfc9
ssdeep
3072:D7SN3jioFcKUD9QuOe0HCxSwE5oQPCVkrPQ0BDLQu:D7G3GowD9cSR0BDX

authentihash 7d4ff1639439d7428fe10e82fb1bac3229148fb1dae57966b01a7af916354ee4
imphash 0de4d9d1b09792608a8123bfecd0d564
File size 160.0 KB ( 163840 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2012-06-20 21:24:08 UTC ( 6 years, 11 months ago )
Last submission 2015-06-12 09:00:09 UTC ( 3 years, 11 months ago )
File names 004049543
xpsp4ress.dll.ViR
1.exe.dll
aa
lF9jZ_4.rtf
xpsp4ress.dll
(1).ViR
1.exe
ee4e11342f6c94d31e212bdc8b003395
1340465524.(1).ViR
ee4e11342f6c94d31e212bdc8b003395
file-4137542_ViR
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!