× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac8275e636cb5526768fc3abf027f6260fc7ce2c3b27b8d39ce3c092c6eccddc
File name: 2.dll
Detection ratio: 30 / 57
Analysis date: 2015-02-24 10:02:35 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2176589 20150224
Yandex Trojan.Yakes!0O8e4kOIlE8 20150223
ALYac Trojan.GenericKD.2176589 20150224
Avast Win32:Malware-gen 20150224
Avira (no cloud) TR/Crypt.ZPACK.105722 20150224
AVware Trojan.Win32.Generic!BT 20150224
Baidu-International Trojan.Win32.Yakes.jhhx 20150224
BitDefender Trojan.GenericKD.2176589 20150224
Bkav HW32.Packed.6BEB 20150213
CAT-QuickHeal BackdoorAPT.Drixed.r5 20150224
Cyren W32/Trojan.SFCA-8613 20150224
Emsisoft Trojan.GenericKD.2176589 (B) 20150224
ESET-NOD32 Win32/Dridex.H 20150224
F-Secure Trojan.GenericKD.2176589 20150224
Fortinet W32/Yakes.H!tr 20150224
GData Trojan.GenericKD.2176589 20150224
Ikarus Trojan.Win32.Dridex 20150224
Kaspersky Trojan.Win32.Yakes.jhhx 20150224
Malwarebytes Trojan.Ransom.UMS 20150224
McAfee Downloader-FAPN!2665B979F810 20150224
McAfee-GW-Edition BehavesLike.Win32.Expiro.fc 20150224
Microsoft Backdoor:Win32/Drixed.C 20150224
eScan Trojan.GenericKD.2176589 20150224
nProtect Trojan.GenericKD.2176589 20150223
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150224
Sophos AV Mal/Generic-S 20150224
Symantec Trojan.Gen.SMH 20150224
TrendMicro TROJ_SPNV.05BK15 20150224
TrendMicro-HouseCall TROJ_SPNV.05BK15 20150224
VIPRE Trojan.Win32.Generic!BT 20150224
AegisLab 20150224
AhnLab-V3 20150224
Alibaba 20150224
Antiy-AVL 20150224
AVG 20150224
ByteHero 20150224
ClamAV 20150224
CMC 20150223
Comodo 20150224
DrWeb 20150224
F-Prot 20150224
Jiangmin 20150223
K7AntiVirus 20150224
K7GW 20150224
Kingsoft 20150224
NANO-Antivirus 20150224
Norman 20150224
Panda 20150224
Rising 20150223
SUPERAntiSpyware 20150224
Tencent 20150224
TheHacker 20150222
TotalDefense 20150223
VBA32 20150220
ViRobot 20150224
Zillya 20150223
Zoner 20150223
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name ADs
Internal name ADs
File version 5.1.3700.5512 (xpsp.080413-2113)
Description ?????????? DLL ?????? ?????????????? AD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-07-26 04:31:58
Entry Point 0x00006140
Number of sections 5
PE sections
PE imports
ClusterNetworkCloseEnum
GetLastError
GetVolumePathNameW
EnterCriticalSection
FreeLibrary
EnumUILanguagesA
CreateTimerQueue
LoadLibraryA
HeapSetInformation
CompareFileTime
LocalAlloc
DeleteFileA
CreateActCtxA
GetLogicalDrives
GetProcAddress
InterlockedCompareExchange
GetPrivateProfileStringW
RaiseException
GetModuleHandleA
GetExitCodeThread
InterlockedExchange
GetTempPathW
EnumResourceTypesW
ClearCommError
SetThreadContext
LocalFree
FindAtomW
GetTimeZoneInformation
GetProcessShutdownParameters
GetConsoleWindow
FindClose
CancelIo
SetFileAttributesW
MprAdminMIBEntrySet
MprConfigTransportGetInfo
ExtractAssociatedIconExW
ungetwc
ftell
memset
memcpy
CoInternetCompareUrl
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3700.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
270336

OriginalFilename
ADs

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.3700.5512 (xpsp.080413-2113)

TimeStamp
1992:07:26 05:31:58+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ADs

ProductVersion
5.1.3700.5512

FileDescription
DLL AD

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
58368

ProductName
Microsoft Windows

ProductVersionNumber
5.1.3700.5512

EntryPoint
0x6140

ObjectFileType
Dynamic link library

File identification
MD5 2665b979f81053fbd26f2aef6e411c14
SHA1 933070931541cf04e291e9c1666021b149ad130a
SHA256 ac8275e636cb5526768fc3abf027f6260fc7ce2c3b27b8d39ce3c092c6eccddc
ssdeep
6144:FDls5fd03YOC+3FuFvkKQDa6N3bVBhxxYbFEuLgmdTy44VIbVW0Sy:FlsJWYfhMK2f3ibWqbdu49bVW0

authentihash 1adee7d14df137942eb267a2015dd7bb7df99ff5974c7e119c0d955cc6d8e8a8
imphash 874ed3881be0d13727f4b1cc39a9fd6b
File size 311.0 KB ( 318464 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-02-20 08:32:12 UTC ( 2 years, 7 months ago )
Last submission 2015-03-11 22:42:18 UTC ( 2 years, 6 months ago )
File names 1.dll1
2.dll
ADs
14.tmp
bot_x32_2665b979f81053fbd26f2aef6e411c14.dll.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!