× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ade3cf2fd2382cf7195f450a17a76f3383b0bc918cffa3edbfb7100af224e305
File name: 532.gif
Detection ratio: 3 / 57
Analysis date: 2015-04-10 08:50:20 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Tepfer 20150409
Norman Kryptik.CEGB 20150409
Tencent Trojan.Win32.YY.Gen.6 20150410
Ad-Aware 20150410
AegisLab 20150410
Yandex 20150409
Alibaba 20150410
ALYac 20150410
Antiy-AVL 20150410
Avast 20150410
AVG 20150410
Avira (no cloud) 20150410
AVware 20150410
Baidu-International 20150409
BitDefender 20150410
Bkav 20150409
ByteHero 20150410
CAT-QuickHeal 20150410
ClamAV 20150410
CMC 20150410
Comodo 20150410
Cyren 20150410
DrWeb 20150410
Emsisoft 20150410
ESET-NOD32 20150410
F-Prot 20150410
F-Secure 20150410
Fortinet 20150410
GData 20150410
Ikarus 20150410
Jiangmin 20150409
K7AntiVirus 20150410
K7GW 20150410
Kaspersky 20150410
Kingsoft 20150410
Malwarebytes 20150410
McAfee 20150410
McAfee-GW-Edition 20150409
Microsoft 20150410
eScan 20150410
NANO-Antivirus 20150410
nProtect 20150410
Panda 20150409
Qihoo-360 20150410
Rising 20150409
Sophos AV 20150410
SUPERAntiSpyware 20150410
Symantec 20150410
TheHacker 20150408
TotalDefense 20150409
TrendMicro 20150410
TrendMicro-HouseCall 20150410
VBA32 20150409
VIPRE 20150410
ViRobot 20150410
Zillya 20150409
Zoner 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name twext.dll
Internal name twext
File version 6.00.5200.5512 (xpsp.080413-2105)
Description ????????: ?????????? ??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-10 23:13:00
Entry Point 0x00008620
Number of sections 9
PE sections
PE imports
GetVolumePathNameW
CreateTimerQueueTimer
GetPrivateProfileStructA
DeleteFiber
GetDriveTypeA
EnumUILanguagesW
SetThreadPriorityBoost
ScrollConsoleScreenBufferW
GetTapeParameters
GetLocaleInfoA
GetConsoleCursorInfo
GetConsoleProcessList
GetThreadContext
CommConfigDialogA
GetConsoleSelectionInfo
GetCommModemStatus
WideCharToMultiByte
SetTimerQueueTimer
SwitchToFiber
WritePrivateProfileStructW
GetFullPathNameA
AddVectoredExceptionHandler
LoadResource
FatalExit
GetLogicalDriveStringsW
SetFileAttributesW
FindFirstVolumeMountPointA
GetEnvironmentVariableW
DisableThreadLibraryCalls
WriteProcessMemory
GetLargestConsoleWindowSize
DeleteTimerQueueEx
RemoveVectoredExceptionHandler
FindNextVolumeW
VerSetConditionMask
HeapSetInformation
FatalAppExitW
GetPriorityClass
CreateDirectoryExW
GetProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetProfileSectionA
GetPrivateProfileStringW
CreateSemaphoreA
DeleteVolumeMountPointW
SetMessageWaitingIndicator
GlobalAddAtomA
GetSystemDirectoryA
SetCurrentDirectoryW
GetCommState
ReadConsoleW
GetCurrentThreadId
AddRefActCtx
GetModuleHandleExA
SetCurrentDirectoryA
SetCalendarInfoA
GetNativeSystemInfo
GlobalGetAtomNameW
IsBadWritePtr
GlobalUnfix
EndUpdateResourceA
ExitThread
GetFileSize
AddAtomA
GetNamedPipeHandleStateA
CreateDirectoryA
GetWindowsDirectoryA
SetCommMask
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
AssignProcessToJobObject
GlobalWire
GetFileSizeEx
ResetEvent
FreeConsole
Thread32Next
SetVolumeMountPointA
GlobalLock
GetBinaryTypeA
OpenJobObjectW
EncodeSystemPointer
SetFileApisToOEM
GetPrivateProfileSectionA
GetCurrencyFormatW
BuildCommDCBA
GetLastError
LCMapStringW
GlobalAlloc
CreateFiber
GetQueuedCompletionStatus
Module32FirstW
SizeofResource
CompareFileTime
WaitNamedPipeW
ContinueDebugEvent
GetCPInfoExA
EnumTimeFormatsA
QueryActCtxW
EnumSystemCodePagesW
GetSystemDefaultLangID
Heap32ListNext
HeapUnlock
SetProcessWorkingSetSize
lstrcpynA
PeekConsoleInputA
SetLocalTime
GetModuleHandleW
FreeResource
IsBadHugeWritePtr
GetProcessHandleCount
DnsHostnameToComputerNameW
ResetWriteWatch
OpenSemaphoreA
PostQueuedCompletionStatus
Sleep
IsBadReadPtr
MprAdminMIBBufferFree
MprAdminConnectionClearStats
VarUI1FromCy
VarUI2FromBool
ExtractIconA
SHInvokePrinterCommandW
SHInvokePrinterCommandA
ExtractIconExA
DragQueryPoint
IsWindowEnabled
LoadStringW
ShowOwnedPopups
GetWindowTextW
InvalidateRect
setlocale
wcstoul
__dllonexit
isdigit
isprint
wcstok
swscanf
fgets
_onexit
wcstod
fputc
strtod
strlen
_lock
memcpy
_unlock
wcsncat
isspace
strcspn
wcscoll
iswcntrl
labs
iswupper
fgetwc
wcscpy
freopen
isupper
vsprintf
setvbuf
URLDownloadToCacheFileW
CreateURLMoniker
Number of PE resources by type
REGINST 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.0.5200.5512

UninitializedDataSize
4608

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x8620

OriginalFileName
twext.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.5200.5512 (xpsp.080413-2105)

TimeStamp
2018:06:11 00:13:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
twext

ProductVersion
6.00.5200.5512

FileDescription
:

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
83456

ProductName
Microsoft Windows

ProductVersionNumber
6.0.5200.5512

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 bf8c1a221be596b8094cbee185bc5962
SHA1 f682aab7c188ed92fd82575a8b841da7903d5301
SHA256 ade3cf2fd2382cf7195f450a17a76f3383b0bc918cffa3edbfb7100af224e305
ssdeep
1536:GcxcEzwVt4rl0RMF16YgRw4RoCh6PrxawVVU8U5uSaBMlwN:9QOl02b0Rw4RobDxaw/U2SNlG

authentihash 369195645b724a0e0e33ab5aaa0066d74b7287189d00c9d3cbae6913908f0156
imphash 0992e0f86ccaa723b83af2829744f04d
File size 97.5 KB ( 99840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-10 08:50:20 UTC ( 4 years, 1 month ago )
Last submission 2015-04-10 08:50:20 UTC ( 4 years, 1 month ago )
File names 532.gif
twext
twext.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections