× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a037fca196740ccfc4c0380eb507a9f5d2d453e5bc036fbad90be1ed4bac807
File name: mnddghinfk.dll
Detection ratio: 4 / 45
Analysis date: 2013-08-05 08:16:39 UTC ( 4 years, 4 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.Gen 20130805
Kaspersky HEUR:Trojan.Win32.Generic 20130805
Norman Malware 20130804
VBA32 suspected of Trojan.Downloader.gen.h 20130802
Yandex 20130804
AhnLab-V3 20130804
Antiy-AVL 20130802
Avast 20130805
AVG 20130804
BitDefender 20130805
ByteHero 20130804
CAT-QuickHeal 20130805
ClamAV 20130805
Commtouch 20130805
Comodo 20130805
DrWeb 20130805
Emsisoft 20130805
ESET-NOD32 20130804
F-Prot 20130805
F-Secure 20130805
Fortinet 20130805
GData 20130805
Ikarus 20130805
Jiangmin 20130805
K7AntiVirus 20130802
K7GW 20130802
Kingsoft 20130723
Malwarebytes 20130805
McAfee 20130805
McAfee-GW-Edition 20130804
Microsoft 20130805
eScan 20130805
NANO-Antivirus 20130805
nProtect 20130805
Panda 20130804
PCTools 20130804
Rising 20130805
Sophos AV 20130805
SUPERAntiSpyware 20130804
Symantec 20130805
TheHacker 20130805
TotalDefense 20130804
TrendMicro 20130805
TrendMicro-HouseCall 20130805
VIPRE 20130805
ViRobot 20130805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-04 23:03:14
Entry Point 0x00009C10
Number of sections 4
PE sections
PE imports
RegCreateKeyExA
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
BitBlt
GetAdaptersInfo
GetLastError
EnterCriticalSection
lstrlenA
GetFileAttributesA
GetExitCodeProcess
GetTickCount
DeleteFileA
GetFileSize
CreateDirectoryA
GetCommandLineW
CreateThread
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
TerminateProcess
InitializeCriticalSection
VirtualFree
Sleep
CreateFileA
ExitProcess
VirtualAlloc
SetLastError
LeaveCriticalSection
GetModuleFileNameExA
CommandLineToArgvW
StrCmpIW
ReleaseDC
IsCharAlphaNumericA
GetSystemMetrics
GetDC
wsprintfA
__WSAFDIsSet
inet_addr
ioctlsocket
gethostbyname
select
WSAGetLastError
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:05 00:03:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
10.0

EntryPoint
0x9c10

InitializedDataSize
1146368

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d758fd8cfb80a458a43770037ec82aac
SHA1 fc3bb5086396c607e719666dd29678a053a076f2
SHA256 9a037fca196740ccfc4c0380eb507a9f5d2d453e5bc036fbad90be1ed4bac807
ssdeep
6144:GDLPszoRq0gV5IrKLSaQQQSTPQtQQQQBQ+rPP+LwrCY8mrbZU:P5XSaQQQSTPQtQQQQBQ+DPKwrC2rbZU

authentihash efc57c9c756af907aa8bc14248067fe2c2805090e7a76faf6a272f90d8a2c712
imphash e4962fd1ed9b1d3ceba213db50223893
File size 320.0 KB ( 327680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-05 08:14:22 UTC ( 4 years, 4 months ago )
Last submission 2013-09-18 13:48:23 UTC ( 4 years, 3 months ago )
File names jkthngrcjmoqopuqyyu.bfg
vti-rescan
winserviced.exe
9a037fca196740ccfc4c0380eb507a9f5d2d453e5bc036fbad90be1ed4bac807
mnddghinfk.dll
lemfngohpk.dl
d758fd8cfb80a458a43770037ec82aac.exe
file-5985551_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!