× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fa2f7448e181bd809bafd4ad1f05aece3cb7a653c7456dd5d0e6f14bde49484
File name: POBRApi.dll
Detection ratio: 11 / 54
Analysis date: 2014-10-30 16:31:37 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20141030
Avira (no cloud) TR/Crypt.TPM.Gen 20141030
Baidu-International Trojan.Win32.Themida.gen 20141027
Bkav HW32.Packed.F7D7 20141027
CAT-QuickHeal (Suspicious) - DNAScan 20141030
Comodo TrojWare.Win32.Agent.COC 20141030
ESET-NOD32 a variant of Win32/Packed.Themida 20141030
Ikarus Trojan.Crypt 20141030
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141030
Sophos AV Generic PUA HC 20141030
Symantec WS.Reputation.1 20141030
Ad-Aware 20141030
AegisLab 20141030
Yandex 20141028
AhnLab-V3 20141030
Antiy-AVL 20141030
AVG 20141030
AVware 20141030
BitDefender 20141030
ByteHero 20141030
ClamAV 20141030
CMC 20141029
Cyren 20141030
DrWeb 20141030
Emsisoft 20141030
F-Prot 20141030
F-Secure 20141030
Fortinet 20141030
GData 20141030
Jiangmin 20141029
K7AntiVirus 20141030
K7GW 20141030
Kaspersky 20141030
Malwarebytes 20141030
McAfee 20141030
McAfee-GW-Edition 20141030
Microsoft 20141030
eScan 20141029
NANO-Antivirus 20141030
Norman 20141030
nProtect 20141030
Qihoo-360 20141030
Rising 20141030
SUPERAntiSpyware 20141030
Tencent 20141030
TheHacker 20141028
TotalDefense 20141030
TrendMicro 20141030
TrendMicro-HouseCall 20141030
VBA32 20141030
VIPRE 20141030
ViRobot 20141030
Zillya 20141029
Zoner 20141030
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-30 16:50:10
Entry Point 0x00278000
Number of sections 6
PE sections
PE imports
InitCommonControls
PE exports
Number of PE resources by type
RT_STRING 10
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:30 17:50:10+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
423936

LinkerVersion
2.25

FileAccessDate
2014:10:30 17:31:31+01:00

EntryPoint
0x278000

InitializedDataSize
66048

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:30 17:31:31+01:00

UninitializedDataSize
0

File identification
MD5 840dfa46eb12a402e45206e933114ce6
SHA1 729b98ff9cd09a2bcd351ba569e7fb0d2ce66a63
SHA256 9fa2f7448e181bd809bafd4ad1f05aece3cb7a653c7456dd5d0e6f14bde49484
ssdeep
24576:eJJdx3c8q/MYt3OwAchPTWhhsWZTkb62RKbj:eJG8q/xt02TxiTkbRI

authentihash 4247c295afc75c040444c9ef33c9ad820b91db0c5e4374d93af935473271e55b
imphash baa93d47220682c04d92f7797d9224ce
File size 990.0 KB ( 1013760 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-10-27 22:45:53 UTC ( 4 years, 2 months ago )
Last submission 2014-10-30 16:31:37 UTC ( 3 years, 2 months ago )
File names POBRApi.dll
open.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!