× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 959ee92fc21145ff9d8dfec8bf9e975ad0cba7622b28d0b31247e8c0f685e1ab
File name: 1B4F01E6A54406E571C4BD5CB08B208B
Detection ratio: 0 / 43
Analysis date: 2012-01-30 09:41:22 UTC ( 6 years, 12 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120129
AntiVir 20120130
Antiy-AVL 20120130
Avast 20120130
AVG 20120129
BitDefender 20120130
ByteHero 20120126
CAT-QuickHeal 20120130
ClamAV 20120130
Commtouch 20120130
Comodo 20120128
DrWeb 20120130
Emsisoft 20120130
eSafe 20120126
eTrust-Vet 20120127
F-Prot 20120129
F-Secure 20120130
Fortinet 20120130
GData 20120130
Ikarus 20120130
Jiangmin 20120129
K7AntiVirus 20120127
Kaspersky 20120130
McAfee 20120130
McAfee-GW-Edition 20120130
Microsoft 20120130
NOD32 20120130
Norman 20120129
nProtect 20120130
Panda 20120129
PCTools 20120130
Prevx 20120130
Rising 20120118
Sophos AV 20120130
SUPERAntiSpyware 20120128
Symantec 20120130
TheHacker 20120130
TrendMicro 20120130
TrendMicro-HouseCall 20120130
VBA32 20120130
VIPRE 20120130
ViRobot 20120130
VirusBuster 20120129
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name osk.exe
Internal name osk
File version 5.1.2600.5512 (xpsp.080413-2105)
Description Экранная клавиатура
Packers identified
Command UPX_LZMA
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-07 12:05:53
Entry Point 0x0005F0E0
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
ClientToScreen
PE exports
Number of PE resources by type
RT_STRING 26
RT_VERSION 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
UninitializedDataSize
188416

LinkerVersion
6.0

ImageVersion
9.3

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x5f0e0

OriginalFileName
osk.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-2105)

TimeStamp
2011:05:07 05:05:53-07:00

FileType
Win32 DLL

PEType
PE32

InternalName
osk

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
8.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
200704

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 1b4f01e6a54406e571c4bd5cb08b208b
SHA1 8b25eb0759ebb351e2dc56ce3f2a67a5352e2dbb
SHA256 959ee92fc21145ff9d8dfec8bf9e975ad0cba7622b28d0b31247e8c0f685e1ab
ssdeep
6144:1eD8Fw0S6hfZ2fJ6MmhZbsFglr7OZJ8oS:1FFw0S6mehZbVr7e8oS

authentihash 0f135230ea90d9e6902c4a9ded27da58ec73762cfa228ac52eac038f47ca9b43
imphash d5d01dedd7e01a6bb32fe40d5cd86a14
File size 199.0 KB ( 203776 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.5%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
OS/2 Executable (generic) (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2012-01-30 09:41:22 UTC ( 6 years, 12 months ago )
Last submission 2019-01-07 12:54:03 UTC ( 2 weeks, 2 days ago )
File names 0.07782347136511714.exe
sygjkn1W.xlsm
output.1193803.txt
1193803
VirusShare_1b4f01e6a54406e571c4bd5cb08b208b
23
osk.exe
8b25eb0759ebb351e2dc56ce3f2a67a5352e2dbb.bin
myfile.exe
1B4F01E6A54406E571C4BD5CB08B208B
erSa_yt8.jpg
osk
1b4f01e6a54406e571c4bd5cb08b208b
1AdtOPS.msi
htwfT2hvz.wbs
23-VPOlwH
aa
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F28EZB8.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!