× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aed88e41eacaa64eebb290beadefab67989153b94988887c196b7c36e4551b18
File name: vt-upload-zh4HzU
Detection ratio: 0 / 51
Analysis date: 2014-03-30 09:29:53 UTC ( 4 years, 12 months ago )
Antivirus Result Update
Ad-Aware 20140330
AegisLab 20140330
Yandex 20140329
AhnLab-V3 20140329
AntiVir 20140330
Antiy-AVL 20140330
Avast 20140330
AVG 20140330
Baidu-International 20140330
BitDefender 20140330
Bkav 20140329
ByteHero 20140330
CAT-QuickHeal 20140329
ClamAV 20140330
CMC 20140328
Commtouch 20140330
Comodo 20140330
DrWeb 20140329
Emsisoft 20140330
ESET-NOD32 20140329
F-Prot 20140330
F-Secure 20140330
Fortinet 20140330
GData 20140330
Ikarus 20140330
Jiangmin 20140330
K7AntiVirus 20140328
K7GW 20140328
Kaspersky 20140330
Kingsoft 20140330
Malwarebytes 20140330
McAfee 20140330
McAfee-GW-Edition 20140329
Microsoft 20140330
eScan 20140330
NANO-Antivirus 20140330
Norman 20140329
nProtect 20140330
Panda 20140329
Qihoo-360 20140330
Rising 20140329
Sophos AV 20140330
SUPERAntiSpyware 20140329
Symantec 20140330
TheHacker 20140329
TotalDefense 20140329
TrendMicro 20140330
TrendMicro-HouseCall 20140330
VBA32 20140328
VIPRE 20140330
ViRobot 20140330
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name deskadp.dll
Internal name deskadp.dll
File version 6.00.2600.0000 (xpclient.010817-1148)
Description ?????????????? ???????? ???????????? ????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-19 20:03:27
Entry Point 0x00001B82
Number of sections 4
PE sections
PE imports
LocalFree
GetWindowsDirectoryW
GetModuleFileNameW
LocalAlloc
LoadLibraryW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GlobalUnlock
GlobalLock
GetProcAddress
GetVersion
StrCatW
SetWindowLongW
MessageBoxW
GetParent
SendMessageW
wsprintfW
EnableWindow
EndDialog
SendDlgItemMessageW
WinHelpW
LoadStringW
GetDlgItem
DialogBoxParamW
GetWindowLongW
RegisterClipboardFormatW
_except_handler3
ReleaseStgMedium
PE exports
Number of PE resources by type
RT_ICON 6
RT_STRING 4
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
6.0.2600.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
31744

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.2600.0000 (xpclient.010817-1148)

TimeStamp
2001:10:19 21:03:27+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
deskadp.dll

FileAccessDate
2014:03:30 10:31:48+01:00

ProductVersion
6.00.2600.0000

SubsystemVersion
4.1

OSVersion
5.1

FileCreateDate
2014:03:30 10:31:48+01:00

OriginalFilename
deskadp.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
6144

ProductName
Microsoft Windows

ProductVersionNumber
6.0.2600.0

Warning
Possibly corrupt Version resource

EntryPoint
0x1b82

ObjectFileType
Dynamic link library

File identification
MD5 6ec35b3cb509e0f369abccf7ab053bc8
SHA1 cd726bb66f70eebf57d6d7c0cfc1106d13651598
SHA256 aed88e41eacaa64eebb290beadefab67989153b94988887c196b7c36e4551b18
ssdeep
768:Az+if7220NorjgkyBgopR23pxnA+GH2P:AzF7HqRu

imphash bdc8604771bc66b99a0d1365ed92ee6d
File size 38.0 KB ( 38912 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-30 09:29:53 UTC ( 4 years, 12 months ago )
Last submission 2014-03-30 09:29:53 UTC ( 4 years, 12 months ago )
File names deskadp.dll
vt-upload-zh4HzU
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!