× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f6a17b2c3794de1576ec9ca9526e489cae35cfbdfa4f246c60da7fa9b32441c
File name: 2.dll
Detection ratio: 2 / 57
Analysis date: 2015-04-01 09:16:22 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.CB93 20150331
Tencent Trojan.Win32.Qudamah.Gen.23 20150401
Ad-Aware 20150401
AegisLab 20150401
Yandex 20150331
AhnLab-V3 20150331
Alibaba 20150401
ALYac 20150401
Antiy-AVL 20150401
Avast 20150401
AVG 20150401
Avira (no cloud) 20150401
AVware 20150401
Baidu-International 20150401
BitDefender 20150401
ByteHero 20150401
CAT-QuickHeal 20150401
ClamAV 20150401
CMC 20150401
Comodo 20150401
Cyren 20150401
DrWeb 20150401
Emsisoft 20150401
ESET-NOD32 20150401
F-Prot 20150401
F-Secure 20150401
Fortinet 20150401
GData 20150401
Ikarus 20150401
Jiangmin 20150331
K7AntiVirus 20150401
K7GW 20150401
Kaspersky 20150401
Kingsoft 20150401
Malwarebytes 20150401
McAfee 20150401
McAfee-GW-Edition 20150331
Microsoft 20150401
eScan 20150401
NANO-Antivirus 20150401
Norman 20150401
nProtect 20150401
Panda 20150331
Qihoo-360 20150401
Rising 20150331
Sophos AV 20150331
SUPERAntiSpyware 20150401
Symantec 20150401
TheHacker 20150330
TotalDefense 20150331
TrendMicro 20150401
TrendMicro-HouseCall 20150401
VBA32 20150331
VIPRE 20150401
ViRobot 20150401
Zillya 20150401
Zoner 20150330
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name PortableDeviceApi.dll
File version 5.2.5723.5145 (WMP_11.061018-2006)
Description Windows Portable Device API Components
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-01 07:00:03
Entry Point 0x00008940
Number of sections 8
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
DisableThreadLibraryCalls
SetThreadPriority
MapUserPhysicalPages
EnumCalendarInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetNamedPipeHandleStateW
InterlockedCompareExchange
QueryPerformanceFrequency
SetFilePointer
InterlockedFlushSList
FindResourceExW
ResetEvent
GetProcessWorkingSetSize
GetSystemTimes
SetComputerNameA
EnumDateFormatsExW
GetSystemTimeAdjustment
FindAtomW
GlobalAlloc
SetMessageWaitingIndicator
MprAdminMIBBufferFree
MprAdminMIBEntryGet
SHAppBarMessage
GetLastActivePopup
rename
memset
memcpy
PdhGetRawCounterValue
PdhSetCounterScaleFactor
Number of PE resources by type
TYPELIB 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.5723.5145

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
213504

FileOS
Windows NT 32-bit

EntryPoint
0x8940

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.2.5723.5145 (WMP_11.061018-2006)

TimeStamp
2015:04:01 08:00:03+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
5.2.5723.5145

FileDescription
Windows Portable Device API Components

OSVersion
4.0

OriginalFilename
PortableDeviceApi.dll

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
94720

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.2.5723.5145

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 a37c36b630e7e5b3f72e03a40091782e
SHA1 02b70b6b3f65d2144dee37286edbcc0a2b7b70e2
SHA256 9f6a17b2c3794de1576ec9ca9526e489cae35cfbdfa4f246c60da7fa9b32441c
ssdeep
6144:/CsLz1ttX9zCodexeQUB9qrEta8r/mmYMYQUgPPniJnHri:as11ldeJ8w8r/mmYMzxXz

authentihash e8e5545e9a17dcb5fe7c264bf30c4a97d2c397744ea935381806b0a92b19f032
imphash b7c2817a4986617c72e0f78627ac96d8
File size 320.5 KB ( 328192 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-01 09:16:22 UTC ( 2 years, 6 months ago )
Last submission 2015-04-03 01:19:57 UTC ( 2 years, 6 months ago )
File names 2.dll
PortableDeviceApi.dll
2.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!