× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
File name: 02.tmp
Detection ratio: 26 / 57
Analysis date: 2015-02-17 23:20:42 UTC ( 1 month, 1 week ago )
Antivirus Result Update
ALYac Worm.Conficker 20150217
AhnLab-V3 Win32/Conficker.worm.4096 20150216
Antiy-AVL Worm[Net]/Win32.Kido 20150216
Baidu-International Trojan.Win32.Agent.40 20150216
BitDefender Win32.Worm.Conficker.A 20150217
Bkav W32.ConfickerIOC.Worm 20150213
ClamAV Trojan.Rootkit-1503 20150217
Cyren W32/Conficker.UCIE-3981 20150217
Emsisoft Win32.Worm.Conficker.A (B) 20150217
Fortinet W32/Conficker.IJ!tr.rkit 20150216
K7AntiVirus Trojan ( 0001140e1 ) 20150217
K7GW Trojan ( 0001140e1 ) 20150217
Kingsoft Worm.Kido.ij.(kcloud) 20150218
Malwarebytes Worm.Conficker 20150217
MicroWorld-eScan Win32.Worm.Conficker.A 20150217
Microsoft Trojan:WinNT/Conficker.B 20150217
Panda Rootkit/Conficker.C 20150216
Qihoo-360 Win32/Trojan.75d 20150218
SUPERAntiSpyware Trojan.Unknown Origin 20150215
Sophos W32/Confick-D 20150217
Tencent Trojan.Win32.Conficker.dd 20150218
TheHacker Trojan/Conficker.dam 20150217
TotalDefense Win32/Conficker.B 20150216
VBA32 Net-Worm.Kido 20150216
ViRobot Worm.Win32.Conficker.4096[h] 20150216
nProtect Worm/W32.Kido.4096 20150216
AVG 20150217
AVware 20150217
Ad-Aware 20150217
AegisLab 20150217
Agnitum 20150216
Alibaba 20150217
Avast 20150217
Avira 20150217
ByteHero 20150218
CAT-QuickHeal 20150217
CMC 20150214
Comodo 20150217
DrWeb 20150217
ESET-NOD32 20150217
F-Prot 20150217
F-Secure 20150217
GData 20150217
Ikarus 20150217
Jiangmin 20150216
Kaspersky 20150217
McAfee 20150217
McAfee-GW-Edition 20150216
NANO-Antivirus 20150216
Norman 20150216
Rising 20150216
Symantec 20150217
TrendMicro 20150217
TrendMicro-HouseCall 20150217
VIPRE 20150217
Zillya 20150216
Zoner 20150216
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Native subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-05-05 13:27:28
Link date 2:27 PM 5/5/1999
Entry Point 0x000010B0
Number of sections 5
PE sections
PE imports
_except_handler3
RtlInitUnicodeString
IoAllocateMdl
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ZwQuerySystemInformation
IoCreateDevice
MmProbeAndLockPages
MmUnmapLockedPages
IoDeleteDevice
MmMapLockedPagesSpecifyCache
ObfDereferenceObject
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:05:05 14:27:28+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1536

LinkerVersion
7.0

EntryPoint
0x10b0

InitializedDataSize
1536

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3291e1603715c47a23b60a8bf2ca73db
SHA1 41531fa6b5086e9150b57256efbcd47d7c05cd53
SHA256 aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615
ssdeep
48:qZs7U1X+r/34o0dVYDP9O6sbo6GYDpwQRr3EYJlLu48:2K8A0doP9VsxGYtN1fJlLr8

authentihash c4971a5412ee420b844e547807911345c9bcfe3a9b1ee0ae21d93b45e1b821a8
imphash 4ab64aebae0dd65a5d0dda9f9befd033
File size 4.0 KB ( 4096 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll native

VirusTotal metadata
First submission 2009-01-02 16:21:52 UTC ( 6 years, 2 months ago )
Last submission 2015-02-17 23:20:42 UTC ( 1 month, 1 week ago )
File names smona131831195101454686231
Net-Worm.Win32.Kido.jq.exe
smona131831195112461260022
02.tmp
TcpIp_Perf.sys
vti-rescan
vt-upload-e_sxh
avz00002.dta
05237.tmp
03.tmp
08.tmp
smona132022018315578557305
3291e1603715c47a23b60a8bf2ca73db
avz00001.dta
viru.txt
08DDD.tmp
3291e1603715c47a23b60a8bf2ca73db
01.tmp
file-3014212_000
01tmp
123
01.tmp.000
0D92F.tmp
41531fa6b5086e9150b57256efbcd47d7c05cd53.bin
05.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!