× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac8124d4692d42b6be0679415cc35387862921fc20ded8c5f01b10003fe3afa1
File name: module.1168.5badb78.10002000.dll
Detection ratio: 3 / 47
Analysis date: 2013-05-29 00:51:18 UTC ( 4 years, 3 months ago )
Antivirus Result Update
AVG Win32/Heri 20130529
Comodo TrojWare.Win32.Trojan.XPack.~gen1 20130529
Microsoft Trojan:Win32/Tracur.AV 20130529
Yandex 20130528
AhnLab-V3 20130528
AntiVir 20130529
Antiy-AVL 20130528
Avast 20130529
BitDefender 20130529
ByteHero 20130517
CAT-QuickHeal 20130528
ClamAV 20130523
Commtouch 20130528
DrWeb 20130529
Emsisoft 20130529
eSafe 20130527
ESET-NOD32 20130528
F-Prot 20130528
F-Secure 20130529
Fortinet 20130529
GData 20130529
Ikarus 20130529
Jiangmin 20130528
K7AntiVirus 20130528
K7GW 20130528
Kaspersky 20130528
Kingsoft 20130506
Malwarebytes 20130528
McAfee 20130529
McAfee-GW-Edition 20130529
eScan 20130529
NANO-Antivirus 20130528
Norman 20130528
nProtect 20130528
Panda 20130528
PCTools 20130521
Rising 20130528
Sophos AV 20130529
SUPERAntiSpyware 20130529
Symantec 20130529
TheHacker 20130528
TotalDefense 20130528
TrendMicro 20130529
TrendMicro-HouseCall 20130529
VBA32 20130528
VIPRE 20130529
ViRobot 20130528
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 16:53:02
Entry Point 0x0000CAB3
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetLastError
EnterCriticalSection
ReleaseMutex
lstrlenA
lstrcmpiA
CreateMutexA
WaitForSingleObject
GetExitCodeProcess
DisableThreadLibraryCalls
VirtualProtect
LoadLibraryA
lstrlenW
DeleteCriticalSection
GetVolumeInformationA
GetModuleFileNameA
GetFileSize
CreateSemaphoreA
OpenProcess
SetFileTime
DeleteFileA
CreateThread
GetFileAttributesA
MultiByteToWideChar
GetCommandLineA
GetProcAddress
ReadFile
GetFileTime
SetFilePointer
GetTempPathA
ReleaseSemaphore
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindFirstFileA
GetCurrentProcessId
CreateDirectoryA
WriteFile
CloseHandle
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
ExpandEnvironmentStringsA
CreateProcessA
InitializeCriticalSection
UnmapViewOfFile
VirtualFree
CreateFileMappingA
InterlockedDecrement
Sleep
CreateFileA
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
ObjectFromLresult
Ord(4)
Ord(6)
Ord(8)
Ord(2)
Ord(9)
GetModuleBaseNameA
EnumProcesses
EnumProcessModules
UuidToStringA
RpcStringFreeA
UuidCreate
SHGetSpecialFolderPathA
SendMessageTimeoutA
FindWindowExA
SetTimer
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetSystemMetrics
SendMessageA
KillTimer
GetClassNameA
RegisterWindowMessageA
CallNextHookEx
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetSetOptionA
rand
malloc
srand
strtok
??2@YAPAXI@Z
_adjust_fdiv
??_U@YAPAXI@Z
??3@YAXPAX@Z
_time64
free
_onexit
__dllonexit
??_V@YAXPAX@Z
_initterm
strncmp
strstr
tolower
memmove
_allmul
memset
isalpha
_snprintf
sprintf
toupper
isdigit
_chkstk
atoi
memcpy
strncpy
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
URLDownloadToCacheFileA
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:26 17:53:02+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
56320

LinkerVersion
9.0

FileAccessDate
2013:05:29 01:51:24+01:00

EntryPoint
0xcab3

InitializedDataSize
44544

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2013:05:29 01:51:24+01:00

UninitializedDataSize
0

File identification
MD5 bda7c02e242237efd36ecd8d02fcaabd
SHA1 5c73787eb24155e7c1fcd26622d7a319f19bb545
SHA256 ac8124d4692d42b6be0679415cc35387862921fc20ded8c5f01b10003fe3afa1
ssdeep
1536:RqWbqOleYz2HfWQuOTIAYDWZQHRnc/v0rDvhbf0vJNL6YugRUxw:RqkCa2/WQu2Qpfv1f0idxw

File size 99.5 KB ( 101888 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-05-29 00:51:18 UTC ( 4 years, 3 months ago )
Last submission 2013-05-29 00:51:18 UTC ( 4 years, 3 months ago )
File names module.1168.5badb78.10002000.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!