× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
File name: vti-rescan
Detection ratio: 37 / 52
Analysis date: 2014-06-09 09:17:47 UTC ( 9 months, 3 weeks ago )
Antivirus Result Update
AVG Crypt.BFMF 20140609
Ad-Aware Trojan.Generic.KDV.819062 20140609
Agnitum Trojan.DR.Agent!gCZhPnkfGyo 20140608
AhnLab-V3 Dropper/Win32.Agent 20140609
AntiVir TR/Shyape.A 20140609
Antiy-AVL Trojan[Dropper]/Win32.Agent 20140609
Avast Win32:Agent-AQTH [Trj] 20140609
BitDefender Trojan.Generic.KDV.819062 20140609
Bkav W32.Clod007.Trojan.e69b 20140606
Comodo UnclassifiedMalware 20140609
DrWeb Trojan.MulDrop4.20942 20140609
ESET-NOD32 a variant of Win32/Shyape.A 20140609
Emsisoft Trojan.Generic.KDV.819062 (B) 20140609
F-Secure Trojan.Generic.KDV.819062 20140608
Fortinet W32/Shyape.AAA!tr 20140608
GData Trojan.Generic.KDV.819062 20140609
Ikarus Trojan.Crypt 20140609
Jiangmin TrojanDropper.Agent.caou 20140609
K7AntiVirus Trojan ( 0001140e1 ) 20140606
K7GW Trojan ( 0001140e1 ) 20140606
Kaspersky Trojan-Dropper.Win32.Agent.hguo 20140609
Malwarebytes Trojan.Dropper 20140609
McAfee BackDoor-FKE 20140609
McAfee-GW-Edition BackDoor-FKE 20140609
MicroWorld-eScan Trojan.Generic.KDV.819062 20140609
NANO-Antivirus Trojan.Win32.Genome.btwooe 20140609
Norman Suspicious_Gen4.BWYUB 20140609
Sophos Troj/Agent-ZMC 20140609
Symantec Backdoor.Trojan 20140609
Tencent Win32.Trojan-Dropper.Agent.dson 20140609
TheHacker Trojan/Shyape.a 20140609
TrendMicro TROJ_SPNR.35CC13 20140609
TrendMicro-HouseCall TROJ_SPNR.35CC13 20140609
VBA32 TrojanDropper.Agent 20140609
VIPRE Trojan.Win32.Generic!BT 20140609
ViRobot Dropper.A.Agent.509441 20140609
nProtect Trojan.Generic.KDV.819062 20140609
AegisLab 20140609
Baidu-International 20140609
ByteHero 20140609
CAT-QuickHeal 20140609
CMC 20140609
ClamAV 20140609
Commtouch 20140609
F-Prot 20140609
Kingsoft 20140609
Microsoft 20140609
Panda 20140608
Qihoo-360 20140609
Rising 20140608
SUPERAntiSpyware 20140608
TotalDefense 20140608
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Developer metadata
Copyright
TODO: (C) <???>????????

Publisher TODO: <???>
Product TODO: <???>
Original name test_gaga.dll
Internal name test_gaga.dll
File version 1.0.0.1
Description TODO: <????>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-12 11:06:04
Link date 12:06 PM 12/12/2012
Entry Point 0x0000E2A4
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
DrawTextA
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 49
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
385536

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
TODO: (C) < >

FileVersion
1.0.0.1

TimeStamp
2012:12:12 12:06:04+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
test_gaga.dll

FileAccessDate
2014:06:09 10:17:56+01:00

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
5.0

FileCreateDate
2014:06:09 10:17:56+01:00

OriginalFilename
test_gaga.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
122880

ProductName
TODO: < >

ProductVersionNumber
1.0.0.1

EntryPoint
0xe2a4

ObjectFileType
Dynamic link library

File identification
MD5 fef9a8fa614bd9a9d675b76c00e34ce4
SHA1 a98ad343e096e47cdacf0e9586c5014af6f223af
SHA256 af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
ssdeep
6144:GAy2oM0fIYXzkZtP2SDIwKQE4jffPi2oWz8hwNwmoJ:G7FzlkIiygz8hwNwB

imphash a42e4d11329f4e568a99955645e8e908
File size 497.5 KB ( 509441 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (74.0%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-26 21:35:15 UTC ( 2 years, 3 months ago )
Last submission 2014-06-09 09:17:47 UTC ( 9 months, 3 weeks ago )
File names dll.dl
file-4972136_dll
base.exe
vti-rescan
base
test_gaga.dll
fef9a8fa614bd9a9d675b76c00e34ce4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!