× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1cfed946a07b33fe8ed937d299c88ba5cadbbdea763cc0186ab4e88676d5d52
File name: MiddleEarth.dll
Detection ratio: 0 / 42
Analysis date: 2012-06-02 21:38:38 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120602
AntiVir 20120602
Antiy-AVL 20120602
Avast 20120602
AVG 20120602
BitDefender 20120602
ByteHero 20120531
CAT-QuickHeal 20120602
ClamAV 20120602
Commtouch 20120602
Comodo 20120602
DrWeb 20120602
Emsisoft 20120602
eSafe 20120530
F-Prot 20120602
F-Secure 20120602
Fortinet 20120602
GData 20120602
Ikarus 20120602
Jiangmin 20120602
K7AntiVirus 20120601
Kaspersky 20120602
McAfee 20120602
McAfee-GW-Edition 20120602
Microsoft 20120602
NOD32 20120602
Norman 20120602
nProtect 20120602
Panda 20120602
PCTools 20120602
Rising 20120601
Sophos AV 20120602
SUPERAntiSpyware 20120602
Symantec 20120602
TheHacker 20120531
TotalDefense 20120601
TrendMicro 20120602
TrendMicro-HouseCall 20120602
VBA32 20120531
VIPRE 20120602
ViRobot 20120602
VirusBuster 20120602
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011 T-App Ltd. All rights reserved.

Publisher T-App Ltd.
Product Pick Me App
Version 0.5.14.9
Original name MiddleEarthModule.dll
Internal name MiddleEarthModule.dll
File version 0.5.14.9
Description PMA Business Module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-23 20:18:38
Entry Point 0x00040A1B
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
GetAdaptersInfo
SetThreadLocale
GetStdHandle
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
SetLastError
DeviceIoControl
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
CreateWaitableTimerW
GlobalAlloc
SetWaitableTimer
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
lstrcpyW
RemoveDirectoryW
FindNextFileW
GetCurrentThreadId
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
GetThreadLocale
GetEnvironmentStringsW
VirtualQuery
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
CopyFileExW
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Ord(161)
Ord(149)
Ord(313)
Ord(277)
Ord(6)
Ord(186)
Ord(150)
Ord(7)
Ord(4)
Ord(162)
Ord(314)
Ord(8)
Ord(163)
Ord(2)
Ord(9)
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
ShellExecuteW
PathAddBackslashW
ColorRGBToHLS
PathRemoveFileSpecW
ColorHLSToRGB
PathIsUNCW
PathStripToRootW
PathCombineW
PathRelativePathToW
PathRemoveBackslashW
GetMessageA
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageA
CharNextW
GetMessageW
IsWindowUnicode
TranslateMessage
CharUpperBuffW
GetSysColor
DispatchMessageW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
PE exports
Number of PE resources by type
REGISTRY 8
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
265728

ImageVersion
0.0

ProductName
Pick Me App

FileVersionNumber
0.5.14.9

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.5.14.9

TimeStamp
2012:04:23 21:18:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MiddleEarthModule.dll

ProductVersion
0.5.14.9

FileDescription
PMA Business Module

OSVersion
5.1

OriginalFilename
MiddleEarthModule.dll

LegalCopyright
Copyright (C) 2011 T-App Ltd. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
T-App Ltd.

CodeSize
327680

FileSubtype
0

ProductVersionNumber
0.5.14.9

EntryPoint
0x40a1b

ObjectFileType
Dynamic link library

File identification
MD5 3f5a832eb2950627fef45b4552ad4a34
SHA1 d9ffa7c1de45f1d9bd1e987f2b8d51efc11b202d
SHA256 a1cfed946a07b33fe8ed937d299c88ba5cadbbdea763cc0186ab4e88676d5d52
ssdeep
6144:VDlhCpOES1tM0A03+ehLmMygaFJpE2S+6g+Ac6E+KtVNByL5:VphsOznM0A7ehqWaFJW2SHg+AcdrAL5

File size 572.5 KB ( 586240 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (49.4%)
Windows ActiveX control (28.5%)
InstallShield setup (10.5%)
Win32 Executable MS Visual C++ (generic) (7.6%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
pedll

VirusTotal metadata
First submission 2012-05-03 08:00:15 UTC ( 5 years, 8 months ago )
Last submission 2012-06-03 10:41:23 UTC ( 5 years, 7 months ago )
File names MiddleEarth.dll
BE5F7DBF0007E624F2EE08517CB96300F7FD4216.dll
file-3888610_dll
MiddleEarthModule.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!