× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97d53bbcf96e42d9fba1e82c55a8a55cb3026cb7ade847630b608e6f0ee72772
File name: 7.dll
Detection ratio: 22 / 56
Analysis date: 2015-05-13 13:38:30 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2399553 20150513
Avast Win32:Malware-gen 20150513
AVG Crypt4.AEYR 20150513
Avira (no cloud) TR/Crypt.ZPACK.154169 20150513
Baidu-International Worm.Win32.Cridex.xq 20150512
BitDefender Trojan.GenericKD.2399553 20150513
Cyren W32/Dridex.TZYR-6839 20150513
Emsisoft Trojan.GenericKD.2399553 (B) 20150513
ESET-NOD32 Win32/Dridex.M 20150513
F-Secure Trojan:W32/Dridex.D 20150513
GData Trojan.GenericKD.2399553 20150513
Kaspersky Worm.Win32.Cridex.xq 20150513
Malwarebytes Trojan.Agent.TNB 20150513
McAfee Packed-EN!9AFECFAA484C 20150513
McAfee-GW-Edition BehavesLike.Win32.BadFile.gc 20150513
eScan Trojan.GenericKD.2399553 20150513
Panda Trj/Genetic.gen 20150512
Qihoo-360 Win32/Trojan.901 20150513
Sophos AV Troj/Agent-ANBH 20150513
Symantec Trojan.Cridex 20150513
Tencent Trojan.Win32.Qudamah.Gen.10 20150513
TrendMicro-HouseCall Suspicious_GEN.F47V0512 20150513
AegisLab 20150513
Yandex 20150512
AhnLab-V3 20150512
Alibaba 20150513
ALYac 20150513
Antiy-AVL 20150513
AVware 20150513
Bkav 20150513
ByteHero 20150513
CAT-QuickHeal 20150513
ClamAV 20150513
CMC 20150513
Comodo 20150513
DrWeb 20150513
F-Prot 20150513
Fortinet 20150513
Ikarus 20150513
K7AntiVirus 20150513
K7GW 20150513
Kingsoft 20150513
Microsoft 20150513
NANO-Antivirus 20150513
Norman 20150513
nProtect 20150513
Rising 20150513
SUPERAntiSpyware 20150512
TheHacker 20150511
TotalDefense 20150513
TrendMicro 20150513
VBA32 20150513
VIPRE 20150513
ViRobot 20150513
Zillya 20150513
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ?????????? ? Executive Software Int'l, Inc., 2001.

Publisher ?????????? ?????????? ? Executive Software International, Inc.
Product ????????? ?????????????? ?????? Windows
Original name DFRGRES.DLL
Internal name DFRGRES.DLL
File version 5.1.2600.0 (xpclient.010817-1148)
Description ?????? ???????? ??????????????? ??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-12 07:30:26
Entry Point 0x0001F0F0
Number of sections 8
PE sections
PE imports
RemoveClusterResourceNode
ClusterRegSetKeySecurity
OfflineClusterResource
SaveDC
LocalCompact
GetPrivateProfileSectionNamesA
GetTempFileNameA
DeactivateActCtx
WaitForSingleObject
SetConsoleCursorPosition
SetInformationJobObject
GetPrivateProfileStructW
Toolhelp32ReadProcessMemory
GetProcessId
GetCurrentProcess
SetSystemTime
GetCurrentDirectoryA
Heap32Next
LocalAlloc
SetTimeZoneInformation
GetConsoleCursorInfo
GetFileTime
GetLogicalDrives
GetTapePosition
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCommModemStatus
IsDBCSLeadByteEx
FindResourceExA
FoldStringW
FindActCtxSectionStringA
EnumCalendarInfoExW
WriteConsoleOutputA
IsSystemResumeAutomatic
EndUpdateResourceW
GlobalReAlloc
FindNextVolumeMountPointW
GetSystemTimeAsFileTime
GetThreadTimes
SetComputerNameA
GetSystemWindowsDirectoryA
LocalFree
TransmitCommChar
GetEnvironmentVariableA
SetLocaleInfoA
GetStringTypeExW
FormatMessageA
GetEnvironmentVariableW
SetLastError
OpenThread
CopyFileW
RemoveDirectoryW
RegisterWaitForSingleObjectEx
GetNumberOfConsoleInputEvents
CopyFileA
GetConsoleWindow
UpdateResourceA
CreateActCtxA
UnhandledExceptionFilter
SetFileShortNameA
GlobalFindAtomA
VerifyVersionInfoW
SetFilePointerEx
MoveFileW
CreateMutexA
GetFirmwareEnvironmentVariableA
SetUnhandledExceptionFilter
MulDiv
SetHandleInformation
GlobalMemoryStatus
FindAtomW
GetNumberFormatA
FindAtomA
BackupSeek
GetCurrentThreadId
GetModuleHandleExA
SetCurrentDirectoryA
CreateToolhelp32Snapshot
AreFileApisANSI
HeapFree
GetThreadPriorityBoost
lstrcmpiA
GetLastError
GetVersionExW
FreeLibrary
SetFileApisToANSI
CreateMailslotA
LoadLibraryA
Process32Next
CreateRemoteThread
GetWindowsDirectoryW
MoveFileExA
GetWindowsDirectoryA
GetSystemRegistryQuota
GenerateConsoleCtrlEvent
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
EnumResourceNamesW
lstrcpyW
WaitNamedPipeW
GetBinaryTypeW
ExpandEnvironmentStringsW
FindFirstFileExA
FindFirstFileA
WTSGetActiveConsoleSessionId
lstrcpyA
CreateMemoryResourceNotification
CompareStringA
CreateTimerQueueTimer
CreateFileMappingA
Thread32Next
TerminateProcess
FindFirstFileExW
GlobalLock
GetCurrencyFormatA
VirtualProtectEx
SetConsoleActiveScreenBuffer
GetPrivateProfileSectionA
CreateFileA
GetCurrencyFormatW
FindFirstVolumeW
DefineDosDeviceW
AttachConsole
FindFirstChangeNotificationA
GetSystemInfo
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetUserGeoID
CreateNamedPipeA
lstrlenW
GetShortPathNameA
GetQueuedCompletionStatus
GetCommTimeouts
GetCPInfoExW
BuildCommDCBAndTimeoutsA
WritePrivateProfileStringA
BuildCommDCBAndTimeoutsW
SetFirmwareEnvironmentVariableW
RaiseException
MapViewOfFile
PeekConsoleInputW
WriteFileEx
GlobalFlags
SetFirmwareEnvironmentVariableA
GetACP
GetGeoInfoW
InterlockedExchange
ResetWriteWatch
GetDefaultCommConfigW
SleepEx
VirtualFree
WriteConsoleOutputCharacterA
IsBadReadPtr
SetMailslotInfo
MprInfoBlockSet
MprInfoBlockAdd
MprAdminServerConnect
MprAdminTransportSetInfo
GetErrorInfo
VarUI2FromBool
BSTR_UserFree
VarBstrFromR8
DrawFocusRect
GetLastActivePopup
LoadCursorW
MessageBeep
GetThreadDesktop
SetPropW
_lock
sscanf
wprintf
memset
__dllonexit
isprint
abort
fprintf
_onexit
_except_handler3
wcscmp
fseek
fsetpos
fputs
isalpha
towlower
putc
vprintf
_unlock
iswascii
iswxdigit
calloc
fgetpos
memcpy
fputws
wcstombs
freopen
iswspace
ZwMapViewOfSection
PdhParseCounterPathW
PdhEnumMachinesA
PdhExpandWildCardPathW
PdhGetCounterTimeBase
PdhUpdateLogA
URLDownloadToFileA
CoInternetCombineUrl
GetComponentIDFromCLSSPEC
SetSoftwareUpdateAdvertisementState
Number of PE resources by type
RT_STRING 20
RT_BITMAP 11
RT_ICON 9
RT_DIALOG 3
RT_GROUP_ICON 2
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 48
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1f0f0

OriginalFileName
DFRGRES.DLL

MIMEType
application/octet-stream

LegalCopyright
Executive Software Int'l, Inc., 2001.

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2015:05:12 08:30:26+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DFRGRES.DLL

ProductVersion
5.1.2600.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Executive Software International, Inc.

CodeSize
147456

ProductName
Windows

ProductVersionNumber
5.1.2600.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 9afecfaa484c66f2dd11f2d7e9dc4816
SHA1 ef3987999cd91451ef07bbde58b85c5a6fe51480
SHA256 97d53bbcf96e42d9fba1e82c55a8a55cb3026cb7ade847630b608e6f0ee72772
ssdeep
12288:fELu/qfqeJCTqpbKP1/p1KCIhemNNaFD2:cLu/qfqeJCTqpba1/2hh6Y

authentihash af3a7d043050102826d2aa18b4cee62de7412efc903e93b41cd8d9e73773f51f
imphash 9fec0e7f777e019d1ffeb33bbc47323f
File size 457.0 KB ( 467968 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (52.0%)
Win32 Executable MS Visual C++ (generic) (37.6%)
Win32 Executable (generic) (5.4%)
Generic Win/DOS Executable (2.4%)
DOS Executable Generic (2.4%)
Tags
pedll

VirusTotal metadata
First submission 2015-05-12 10:44:27 UTC ( 2 years, 5 months ago )
Last submission 2015-05-13 14:39:29 UTC ( 2 years, 5 months ago )
File names 7.dll
47.tmp
DFRGRES.DLL
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!