× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 0390.tmp
Detection ratio: 52 / 55
Analysis date: 2016-06-27 14:05:30 UTC ( 2 months ago )
Antivirus Result Update
ALYac Worm.Conficker 20160627
AVG I-Worm/Generic.COB 20160627
AVware Trojan.WinNT.Conficker.b (v) 20160627
Ad-Aware Win32.Worm.Conficker.A 20160627
AegisLab W32.W.Kido.ij!c 20160627
AhnLab-V3 Worm/Win32.Conficker.N8017406 20160627
Antiy-AVL Worm[Net]/Win32.Kido 20160627
Arcabit Win32.Worm.Conficker.A 20160627
Avast Win32:ConfiDrv-B [Rtk] 20160627
Avira (no cloud) RKIT/Conficker.A 20160627
Baidu Win32.Worm.Conficker.m 20160627
Baidu-International Trojan.Win32.Agent.40 20160614
BitDefender Win32.Worm.Conficker.A 20160627
CAT-QuickHeal Trojan.Yoddos.rw5 20160627
CMC Generic.Win32.3291e16037!CMCRadar 20160627
ClamAV Win.Trojan.Rootkit-58 20160627
Comodo TrojWare.Win32.Rootkit.Agent.~a 20160627
Cyren W32/Conficker.UCIE-3981 20160627
DrWeb Win32.HLLW.Autoruner.5555 20160627
ESET-NOD32 Win32/Conficker.AA 20160627
Emsisoft Win32.Worm.Conficker.A (B) 20160627
F-Prot W32/Conficker.G 20160627
F-Secure Trojan:W32/Downadup.AL 20160627
Fortinet W32/Conficker.IJ!tr.rkit 20160627
GData Win32.Worm.Conficker.A 20160627
Ikarus Net-Worm.Win32.Kido 20160627
Jiangmin Worm/Kido.hw 20160627
K7AntiVirus NetWorm ( 0008b8851 ) 20160627
K7GW NetWorm ( 0008b8851 ) 20160627
Kaspersky Net-Worm.Win32.Kido.jq 20160627
Malwarebytes Worm.Conficker 20160627
McAfee W32/Conficker.sys 20160627
McAfee-GW-Edition W32/Conficker.sys 20160627
eScan Win32.Worm.Conficker.A 20160627
Microsoft Trojan:WinNT/Conficker.B 20160627
NANO-Antivirus Trojan.Win32.Kido.ghbd 20160627
Panda Rootkit/Conficker.C 20160626
Qihoo-360 QVM00.1.Malware.Gen 20160627
SUPERAntiSpyware Trojan.Unknown Origin 20160627
Sophos W32/Confick-D 20160627
Symantec W32.Downadup 20160627
Tencent Trojan.Win32.Conficker.dd 20160627
TheHacker Trojan/Conficker.dam 20160625
TotalDefense Win32/Conficker.B 20160627
TrendMicro TROJ_DOWNAD.E 20160627
TrendMicro-HouseCall TROJ_DOWNAD.E 20160627
VBA32 Net-Worm.Kido 20160625
VIPRE Trojan.WinNT.Conficker.b (v) 20160627
ViRobot Worm.Win32.Conficker.4096[h] 20160627
Yandex Worm.Conficker!L/CdK4RT60g 20160626
Zillya Worm.Conficker.Win32.405 20160625
nProtect Worm/W32.Kido.4096 20160627
Alibaba 20160627
Kingsoft 20160627
Zoner 20160627
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

FileTypeExtension
dll

InitializedDataSize
1536

SubsystemVersion
4.0

EntryPoint
0x10b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

authentihash c4971a5412ee420b844e547807911345c9bcfe3a9b1ee0ae21d93b45e1b821a8
imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 7 years, 8 months ago )
Last submission 2016-05-09 02:04:17 UTC ( 3 months, 3 weeks ago )
File names 03A6D.tmp
smona131831195101454686231
Net-Worm.Win32.Kido.jq.exe
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
01d.tmp
vti-rescan
vt-upload-e_sxh
avz00002.dta
05237.tmp
03.tmp
06EC0.tmp
08.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
08DDD.tmp
011.tmp
04.tmp
3291e1603715c47a23b60a8bf2ca73db
01.tmp
file-3014212_000
01tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!