× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cc83358ac8b7f1e6b80082cd4041e2291f8cdbd233754f26213e069480274bb
File name: 2.dll
Detection ratio: 4 / 57
Analysis date: 2015-02-25 09:56:39 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Yakes 20150225
Bkav HW32.Packed.A057 20150225
McAfee-GW-Edition BehavesLike.Win32.Packed.fc 20150225
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150225
Ad-Aware 20150225
AegisLab 20150225
Yandex 20150224
Alibaba 20150225
ALYac 20150225
Antiy-AVL 20150225
Avast 20150225
AVG 20150225
Avira (no cloud) 20150225
AVware 20150225
Baidu-International 20150225
BitDefender 20150225
ByteHero 20150225
CAT-QuickHeal 20150225
ClamAV 20150225
CMC 20150223
Comodo 20150225
Cyren 20150225
DrWeb 20150225
Emsisoft 20150225
ESET-NOD32 20150225
F-Prot 20150225
F-Secure 20150225
Fortinet 20150225
GData 20150225
Ikarus 20150225
Jiangmin 20150224
K7AntiVirus 20150225
K7GW 20150225
Kaspersky 20150225
Kingsoft 20150225
Malwarebytes 20150225
McAfee 20150225
Microsoft 20150225
eScan 20150225
NANO-Antivirus 20150225
Norman 20150225
nProtect 20150225
Panda 20150224
Rising 20150224
Sophos AV 20150225
SUPERAntiSpyware 20150225
Symantec 20150225
Tencent 20150225
TheHacker 20150225
TotalDefense 20150224
TrendMicro 20150225
TrendMicro-HouseCall 20150225
VBA32 20150225
VIPRE 20150225
ViRobot 20150225
Zillya 20150224
Zoner 20150223
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-07-26 04:31:58
Entry Point 0x00006200
Number of sections 5
PE sections
PE imports
ClusterNetworkCloseEnum
GetLastError
EnumUILanguagesA
EnterCriticalSection
FreeLibrary
GetVolumePathNameA
CreateTimerQueue
LoadLibraryA
HeapSetInformation
CompareFileTime
LocalAlloc
FindClose
CreateActCtxA
GetLogicalDrives
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetPrivateProfileStringW
EnumResourceTypesA
RaiseException
GetModuleHandleA
GetExitCodeThread
InterlockedExchange
GetTempPathW
ClearCommError
SetThreadContext
LocalFree
FindAtomW
GetTimeZoneInformation
GetProcessShutdownParameters
GetConsoleWindow
FindAtomA
CancelIo
SetFileAttributesW
MprAdminMIBEntrySet
MprConfigTransportGetInfo
ExtractAssociatedIconExW
ftell
ungetwc
malloc
memset
_chkstk
memcpy
fabs
CoInternetCompareUrl
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

FileVersionNumber
5.1.3700.5512

TimeStamp
1992:07:26 05:31:58+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
58880

LinkerVersion
5.2

FileSubtype
0

ProductVersionNumber
5.1.3700.5512

EntryPoint
0x6200

InitializedDataSize
270848

UninitializedDataSize
0

ImageVersion
0.0

OSVersion
4.0

SubsystemVersion
4.0

FileOS
Windows NT 32-bit

ObjectFileType
Dynamic link library

File identification
MD5 d629ad704cddb8603415195309616767
SHA1 fe41760e2d76b55fde4dd6a3a51f12b65aa2aaad
SHA256 9cc83358ac8b7f1e6b80082cd4041e2291f8cdbd233754f26213e069480274bb
ssdeep
6144:DKS2A/0uoUUVB9aQX6E9tIvDwIbwY9FpO7VDKlxSG:DbLsk49NdwvDDTFpOOx

authentihash 7c2b8240c9af6c9c599ce7a5c9ea357ec907222c7fec0cfba8db4b4460f8983c
imphash 8bf2f3263fb4bf017001dd0b5cc2c87d
File size 312.5 KB ( 320000 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2015-02-25 08:41:10 UTC ( 2 years, 7 months ago )
Last submission 2015-03-12 07:42:31 UTC ( 2 years, 7 months ago )
File names 2.dll
bot_x32_d629ad704cddb8603415195309616767.dll.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!