× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9efdfb3c58c9a4087ca6aa76adbcb29955e352377eb66fa551b8d4d76660b52e
File name: unicode2.nls
Detection ratio: 33 / 46
Analysis date: 2012-12-28 07:23:54 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AVG Agent4.AQV 20121228
AhnLab-V3 Trojan/Win32.Agent 20121227
AntiVir BDS/Delf.MN.3 20121227
Avast Win32:Malware-gen 20121228
BitDefender Trojan.Generic.KDV.801437 20121228
CAT-QuickHeal Trojan.Agent.hwin 20121228
Comodo Backdoor.Win32.Singu.D 20121228
DrWeb Trojan.Inject1.14710 20121228
ESET-NOD32 Win32/Vitidrine.A 20121227
Emsisoft Trojan.Win32.Agent.hwin.AMN (A) 20121228
F-Secure Trojan.Generic.KDV.801437 20121228
Fortinet W32/Agent.HWIN!tr 20121228
GData Trojan.Generic.KDV.801437 20121228
Ikarus Backdoor.Win32.Vipdataend 20121228
Jiangmin Trojan/Agent.ikvd 20121221
K7AntiVirus Trojan 20121227
Kaspersky Trojan.Win32.Agent.hwin 20121227
Kingsoft Win32.Troj.Agent.hw.(kcloud) 20121225
McAfee Generic BackDoor!fn3 20121228
McAfee-GW-Edition Generic BackDoor!fn3 20121227
MicroWorld-eScan Trojan.Generic.KDV.801437 20121228
Microsoft Backdoor:Win32/Delf.MN 20121228
Norman W32/Suspicious_Gen4.BQIJD 20121227
Panda Trj/OCJ.B 20121227
Rising Backdoor.Delf!4D39 20121228
Sophos Troj/Delf-FMY 20121228
TheHacker Trojan/Agent.hwin 20121227
TrendMicro TROJ_AGENT.BDXQ 20121228
TrendMicro-HouseCall TROJ_AGENT.BDXQ 20121228
VBA32 BScope.Trojan-Spy.Zbot.1462 20121226
VIPRE Trojan.Win32.Generic!BT 20121228
ViRobot Trojan.Win32.A.Agent.166912.U 20121228
nProtect Trojan/W32.Agent.166912.ND 20121227
Agnitum 20121227
Antiy-AVL 20121227
ByteHero 20121226
ClamAV 20121228
Commtouch 20121228
F-Prot 20121228
Malwarebytes 20121228
NANO-Antivirus 20121228
PCTools 20121228
SUPERAntiSpyware 20121228
Symantec 20121228
TotalDefense 20121227
eSafe 20121226
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00023294
Number of sections 7
PE sections
PE imports
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
GetComputerNameA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
ReadFile
lstrlenA
lstrcmpiA
GetStringTypeExA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapAlloc
GetTickCount
GetThreadLocale
TlsAlloc
InterlockedExchange
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
GetACP
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
CreateThread
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
TlsFree
GetModuleHandleA
FindFirstFileA
GetDiskFreeSpaceA
WriteFile
EnumCalendarInfoA
ResetEvent
lstrcpynA
ExitThread
HeapReAlloc
GetCurrentThreadId
GetFullPathNameA
SetEvent
LocalFree
OpenEventA
ResumeThread
GetExitCodeThread
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
LoadStringA
CharNextA
CharUpperBuffA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
GetKeyboardType
CharToOemA
getsockopt
__WSAFDIsSet
bind
connect
socket
setsockopt
getsockname
recvfrom
send
ioctlsocket
WSAStartup
gethostbyname
accept
select
shutdown
sendto
closesocket
htons
recv
WSAGetLastError
listen
PE exports
Number of PE resources by type
RT_STRING 7
Number of PE resources by language
NEUTRAL 7
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
140288

LinkerVersion
2.25

EntryPoint
0x23294

InitializedDataSize
25600

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 96b034bdf6c6f6c8cc64b70552f7656c
SHA1 34deded1eb5f7ba8db0a9775d0693c9d2391e50c
SHA256 9efdfb3c58c9a4087ca6aa76adbcb29955e352377eb66fa551b8d4d76660b52e
ssdeep
3072:BriE42xG5ydp2AYP+6QSM4DCfZR97T9WGRAr/obncI+fY+VzY5T36kFVYen0QQ4X:IE4hq2Y6QPdBWGmocIEY+i5TKkf

File size 163.0 KB ( 166912 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2012-11-27 02:33:21 UTC ( 1 year, 4 months ago )
Last submission 2013-01-03 08:09:22 UTC ( 1 year, 3 months ago )
File names unicode2.nls
vti-rescan
file-4882426_nls
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!