× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96a8272cff61a61899ae2fe395bd1e05398fdd1b231c773bc2dc44d76d8e4eae
File name: eip.dll
Detection ratio: 4 / 51
Analysis date: 2014-04-25 11:33:09 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
Bkav HW32.CDB.12af 20140425
ESET-NOD32 a variant of Win32/Injector.BCOR 20140425
Malwarebytes Spyware.Zbot.ED 20140425
Qihoo-360 Malware.QVM20.Gen 20140425
Ad-Aware 20140425
AegisLab 20140425
Yandex 20140424
AhnLab-V3 20140425
AntiVir 20140425
Antiy-AVL 20140425
Avast 20140425
AVG 20140425
Baidu-International 20140425
BitDefender 20140425
ByteHero 20140425
CAT-QuickHeal 20140425
ClamAV 20140425
CMC 20140424
Commtouch 20140425
Comodo 20140425
DrWeb 20140425
Emsisoft 20140425
F-Prot 20140425
F-Secure 20140425
Fortinet 20140422
GData 20140425
Ikarus 20140425
Jiangmin 20140425
K7AntiVirus 20140424
K7GW 20140424
Kaspersky 20140425
Kingsoft 20140425
McAfee 20140425
McAfee-GW-Edition 20140424
Microsoft 20140425
eScan 20140425
NANO-Antivirus 20140425
Norman 20140425
nProtect 20140425
Panda 20140425
Rising 20140425
Sophos AV 20140425
SUPERAntiSpyware 20140425
Symantec 20140425
TheHacker 20140424
TotalDefense 20140425
TrendMicro 20140425
TrendMicro-HouseCall 20140425
VBA32 20140425
VIPRE 20140425
ViRobot 20140425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-10 17:17:47
Entry Point 0x00004DEC
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetFileSize
GetModuleHandleA
GlobalFree
ReadFile
GlobalAlloc
CloseHandle
CreateFileA
GlobalUnlock
GetModuleFileNameA
GlobalLock
Ord(2023)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(354)
Ord(2753)
Ord(3136)
Ord(665)
Ord(6375)
Ord(2515)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(5953)
Ord(5290)
Ord(2446)
Ord(5277)
Ord(795)
Ord(616)
Ord(815)
Ord(641)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(567)
Ord(1134)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(4398)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(3092)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(4224)
Ord(1727)
Ord(823)
Ord(2642)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5981)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3259)
Ord(3262)
Ord(1576)
Ord(2754)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(3499)
Ord(4376)
Ord(1776)
Ord(2450)
Ord(3582)
Ord(3072)
Ord(324)
Ord(2567)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(3909)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(355)
Ord(1640)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
Ord(3318)
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??1_Locinfo@std@@QAE@XZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?_Term@?$ctype@D@std@@KAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7facet@locale@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??1ctype_base@std@@UAE@XZ
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??1ios_base@std@@UAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$ctype@D@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Cltab@?$ctype@D@std@@0PBFB
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0ios_base@std@@IAE@XZ
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_7?$ctype@D@std@@6B@
??1_Lockit@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Iscloc@locale@std@@QBE_NXZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?do_toupper@?$ctype@D@std@@MBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
??0_Locinfo@std@@QAE@PBD@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
??0_Lockit@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Id_cnt@id@locale@std@@0HA
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??_7ctype_base@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
_Getctype
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_7bad_cast@std@@6B@
rand
??0exception@@QAE@ABV0@@Z
__p__fmode
_ftol
_wfopen
__dllonexit
_access
fopen
_except_handler3
??0exception@@QAE@ABQBD@Z
_onexit
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
_adjust_fdiv
_acmdln
_CxxThrowException
_exit
__p__commode
free
__getmainargs
_controlfp
_setmbcp
__CxxFrameHandler
memmove
_initterm
__set_app_type
Ord(251)
ReleaseDC
GetSystemMetrics
IsIconic
AppendMenuA
LoadIconA
EnableWindow
KillTimer
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
SetTimer
GetSysColor
GetDC
InvalidateRect
CreateStreamOnHGlobal
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:10 18:17:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
8.0

FileAccessDate
2014:06:18 01:35:26+01:00

EntryPoint
0x4dec

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:18 01:35:26+01:00

UninitializedDataSize
0

File identification
MD5 dcada4e3f12a0e95b675992e95c0bccb
SHA1 c6b7bf7b747cc1eae2c6a3e8d76f3af0a6acdf3d
SHA256 96a8272cff61a61899ae2fe395bd1e05398fdd1b231c773bc2dc44d76d8e4eae
ssdeep
6144:WDcAc9Vue+IcJLJF0ejoiklY35cSNY2VWXuQxRYF6:WDs9Ee+IcJ9F0lik23KSxVWeORYI

imphash 2bed15e254d514cabbe57cc31a94ad47
File size 228.9 KB ( 234344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-25 11:33:09 UTC ( 4 years, 11 months ago )
Last submission 2014-04-25 11:33:09 UTC ( 4 years, 11 months ago )
File names eip.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!