× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
File name: test_gaga.dll
Detection ratio: 43 / 57
Analysis date: 2016-04-04 11:57:06 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.KDZ.2981 20160404
AVG Crypt.BFMF 20160404
AVware Trojan.Win32.Generic!BT 20160404
Ad-Aware Trojan.Generic.KDZ.2981 20160404
AegisLab Troj.Dropper.W32.Agent.hguo!c 20160404
AhnLab-V3 Dropper/Win32.Agent 20160404
Antiy-AVL Trojan[Dropper]/Win32.Agent 20160404
Arcabit Trojan.Generic.KDZ.DBA5 20160404
Avast Win32:Agent-AQTH [Trj] 20160404
Avira (no cloud) TR/Shyape.A 20160403
Baidu Win32.Trojan.WisdomEyes.151026.9950.9972 20160404
Baidu-International Trojan.Win32.Dropper.hguo 20160404
BitDefender Trojan.Generic.KDZ.2981 20160404
Comodo UnclassifiedMalware 20160404
DrWeb Trojan.MulDrop4.20942 20160404
ESET-NOD32 a variant of Win32/Shyape.A 20160404
Emsisoft Trojan.Generic.KDZ.2981 (B) 20160404
F-Secure Trojan.Generic.KDZ.2981 20160404
Fortinet W32/Shyape.AAA!tr 20160404
GData Trojan.Generic.KDZ.2981 20160404
Ikarus Trojan.Crypt 20160404
Jiangmin TrojanDropper.Agent.bmex 20160404
K7AntiVirus Trojan ( 0001140e1 ) 20160404
K7GW Trojan ( 0001140e1 ) 20160404
Kaspersky Trojan-Dropper.Win32.Agent.hguo 20160404
McAfee BackDoor-FKE 20160404
McAfee-GW-Edition BackDoor-FKE 20160404
eScan Trojan.Generic.KDZ.2981 20160404
NANO-Antivirus Trojan.Win32.Genome.btwooe 20160404
Panda Generic Suspicious 20160403
Qihoo-360 Win32/Trojan.Dropper.5bd 20160404
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160404
Sophos Troj/Agent-ZMC 20160404
Symantec Backdoor.Trojan 20160331
Tencent Win32.Trojan-dropper.Agent.Ejfd 20160404
TheHacker Trojan/Shyape.a 20160403
TrendMicro TROJ_SPNR.35CC13 20160404
TrendMicro-HouseCall TROJ_SPNR.35CC13 20160404
VBA32 TrojanDropper.Agent 20160404
VIPRE Trojan.Win32.Generic!BT 20160404
Yandex Trojan.DR.Agent!gCZhPnkfGyo 20160316
Zillya Dropper.Agent.Win32.121570 20160403
nProtect Trojan.Generic.KDZ.2981 20160404
Alibaba 20160401
Bkav 20160404
CAT-QuickHeal 20160404
CMC 20160401
ClamAV 20160402
Cyren 20160404
F-Prot 20160404
Kingsoft 20160404
Malwarebytes 20160404
Microsoft 20160404
SUPERAntiSpyware 20160404
TotalDefense 20160404
ViRobot 20160404
Zoner 20160404
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TODO: (C) <???>????????

Product TODO: <???>
Original name test_gaga.dll
Internal name test_gaga.dll
File version 1.0.0.1
Description TODO: <????>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-12 11:06:04
Entry Point 0x0000E2A4
Number of sections 5
PE sections
Overlays
MD5 68b329da9893e34099c7d8ad5cb9c940
File type ASCII text
Offset 509440
Size 1
Entropy 0.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
DrawTextA
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 49
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
385536

EntryPoint
0xe2a4

OriginalFileName
test_gaga.dll

MIMEType
application/octet-stream

LegalCopyright
TODO: (C) < >

FileVersion
1.0.0.1

TimeStamp
2012:12:12 12:06:04+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
test_gaga.dll

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
122880

ProductName
TODO: < >

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 fef9a8fa614bd9a9d675b76c00e34ce4
SHA1 a98ad343e096e47cdacf0e9586c5014af6f223af
SHA256 af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
ssdeep
6144:GAy2oM0fIYXzkZtP2SDIwKQE4jffPi2oWz8hwNwmoJ:G7FzlkIiygz8hwNwB

authentihash 8ca9f05213ca95b0585d18a29404fdc9c29f5dee5256e92b96c75ed748b58bd6
imphash a42e4d11329f4e568a99955645e8e908
File size 497.5 KB ( 509441 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (50.1%)
Win64 Executable (generic) (32.2%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
Tags
pedll overlay

VirusTotal metadata
First submission 2012-12-26 21:35:15 UTC ( 3 years, 5 months ago )
Last submission 2014-06-09 09:17:47 UTC ( 1 year, 11 months ago )
File names dll.dl
file-4972136_dll
base.exe
vti-rescan
base
test_gaga.dll
fef9a8fa614bd9a9d675b76c00e34ce4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!