× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 0D92F.tmp
Detection ratio: 47 / 49
Analysis date: 2014-04-18 09:00:12 UTC ( 5 days, 14 hours ago )
Antivirus Result Update
AVG I-Worm/Generic.COB 20140417
Ad-Aware Win32.Worm.Conficker.A 20140418
Agnitum Worm.Conficker!L/CdK4RT60g 20140417
AhnLab-V3 Win32/Conficker.worm.4096 20140417
AntiVir RKIT/Conficker.A 20140418
Antiy-AVL Worm[Net]/Win32.Kido 20140418
Avast Win32:ConfiDrv-B [Rtk] 20140418
Baidu-International Trojan.Win32.Agent.40 20140417
BitDefender Win32.Worm.Conficker.A 20140418
Bkav W32.ConfickerIOC.Worm 20140418
CAT-QuickHeal I-Worm.Kido.ij.n5 20140418
CMC Generic.Win32.3291e16037!CMCRadar 20140417
Commtouch W32/Conficker.UCIE-3981 20140418
Comodo TrojWare.Win32.Rootkit.Agent.~a 20140418
DrWeb Win32.HLLW.Autoruner.5555 20140418
ESET-NOD32 Win32/Conficker.AA 20140418
Emsisoft Win32.Worm.Conficker.A (B) 20140418
F-Prot W32/Conficker.G 20140418
F-Secure Trojan:W32/Downadup.AL 20140418
Fortinet W32/Conficker.IJ!tr.rkit 20140418
GData Win32.Worm.Conficker.A 20140418
Ikarus Net-Worm.Win32.Kido 20140418
Jiangmin Worm/Kido.hh 20140418
K7AntiVirus Trojan ( 0001140e1 ) 20140418
K7GW Trojan ( 0001140e1 ) 20140418
Kaspersky Net-Worm.Win32.Kido.jq 20140418
Kingsoft Worm.Kido.ij.(kcloud) 20140418
Malwarebytes Worm.Conficker 20140418
McAfee W32/Conficker.sys 20140418
McAfee-GW-Edition W32/Conficker.sys 20140418
MicroWorld-eScan Win32.Worm.Conficker.A 20140418
Microsoft Trojan:WinNT/Conficker.B 20140418
NANO-Antivirus Trojan.Win32.Kido.ghbd 20140418
Norman Conficker.GN 20140418
Panda Rootkit/Conficker.C 20140417
Qihoo-360 Win32/Trojan.75d 20140418
Rising PE:Trojan.Win32.Generic.1251DE6C!307355244 20140418
SUPERAntiSpyware Trojan.Unknown Origin 20140418
Sophos W32/Confick-D 20140418
Symantec W32.Downadup 20140418
TheHacker Trojan/Conficker.dam 20140417
TotalDefense Win32/Conficker.B 20140417
TrendMicro TROJ_DOWNAD.E 20140418
TrendMicro-HouseCall TROJ_DOWNAD.E 20140418
VBA32 Net-Worm.Kido 20140418
ViRobot Worm.Win32.Conficker.4096 20140418
nProtect Worm/W32.Kido.4096 20140417
AegisLab 20140418
ByteHero 20140418
ClamAV 20140418
VIPRE 20140418
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Link date 2:27 PM 5/5/1999
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

FileAccessDate
2014:04:18 10:00:22+01:00

EntryPoint
0x10b0

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:18 10:00:22+01:00

UninitializedDataSize
0

File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 5 years, 3 months ago )
Last submission 2014-04-18 09:00:12 UTC ( 5 days, 14 hours ago )
File names smona131831195101454686231
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
vt-upload-e_sxh
avz00002.dta
08.tmp
03.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
01.tmp
file-3014212_000
01tmp
123
01.tmp.000
0D92F.tmp
41531fa6b5086e9150b57256efbcd47d7c05cd53.bin
05.tmp
smona131831195070212518062
0C.tmp.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!