× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
File name: test_gaga.dll
Detection ratio: 36 / 46
Analysis date: 2013-04-30 22:05:44 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
AVG Crypt.BFMF 20130430
Agnitum Trojan.DR.Agent!gCZhPnkfGyo 20130430
AhnLab-V3 Dropper/Win32.Agent 20130430
AntiVir TR/Shyape.A 20130430
Avast Win32:Agent-AQTH [Trj] 20130501
BitDefender Trojan.Generic.KDV.819062 20130430
CAT-QuickHeal TrojanDropper.Agent.hguo 20130430
Commtouch W32/Backdoor.SWMW-6439 20130430
Comodo UnclassifiedMalware 20130430
DrWeb Trojan.MulDrop4.20942 20130430
ESET-NOD32 a variant of Win32/Shyape.A 20130430
Emsisoft Trojan.Generic.KDV.819062 (B) 20130430
F-Secure Trojan.Generic.KDV.819062 20130430
Fortinet W32/Shyape.AAA!tr 20130430
GData Trojan.Generic.KDV.819062 20130430
Ikarus Trojan.Crypt 20130430
Jiangmin TrojanDropper.Agent.caou 20130430
K7AntiVirus Trojan 20130430
K7GW Trojan 20130430
Kaspersky Trojan-Dropper.Win32.Agent.hguo 20130430
Malwarebytes Trojan.Dropper 20130430
McAfee BackDoor-FKE 20130430
McAfee-GW-Edition BackDoor-FKE 20130430
MicroWorld-eScan Trojan.Generic.KDV.819062 20130430
Norman Suspicious_Gen4.BWYUB 20130430
PCTools Backdoor.Trojan 20130430
Panda Suspicious file 20130430
Sophos Troj/Agent-ZMC 20130430
Symantec Backdoor.Trojan 20130430
TheHacker Trojan/Shyape.a 20130430
TrendMicro TROJ_GEN.RCBCEA4 20130430
TrendMicro-HouseCall TROJ_SPNR.35CC13 20130430
VBA32 TrojanDropper.Agent 20130430
VIPRE Trojan.Win32.Generic!BT 20130430
ViRobot Dropper.A.Agent.509441 20130430
nProtect Trojan.Generic.KDV.819062 20130430
Antiy-AVL 20130430
ByteHero 20130425
ClamAV 20130430
F-Prot 20130430
Kingsoft 20130422
Microsoft 20130501
NANO-Antivirus 20130430
SUPERAntiSpyware 20130430
TotalDefense 20130430
eSafe 20130423
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
TODO: (C) _____________

Publisher TODO: _____
Product TODO: _____
Original name test_gaga.dll
Internal name test_gaga.dll
File version 1.0.0.1
Description TODO: ______
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-12 11:06:04
Entry Point 0x0000E2A4
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
Ord(12)
Ord(8)
Ord(9)
PathFindFileNameA
PathFindExtensionA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
DrawTextA
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 49
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
385536

ImageVersion
0.0

ProductName
TODO: < >

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
9.0

OriginalFilename
test_gaga.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2012:12:12 12:06:04+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
test_gaga.dll

FileAccessDate
2013:04:30 23:06:02+01:00

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
5.0

FileCreateDate
2013:04:30 23:06:02+01:00

FileOS
Win32

LegalCopyright
TODO: (C) < >

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
122880

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xe2a4

ObjectFileType
Dynamic link library

File identification
MD5 fef9a8fa614bd9a9d675b76c00e34ce4
SHA1 a98ad343e096e47cdacf0e9586c5014af6f223af
SHA256 af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
ssdeep
6144:GAy2oM0fIYXzkZtP2SDIwKQE4jffPi2oWz8hwNwmoJ:G7FzlkIiygz8hwNwB

File size 497.5 KB ( 509441 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (80.3%)
Win32 Executable (generic) (12.1%)
Generic Win/DOS Executable (3.7%)
DOS Executable Generic (3.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-26 21:35:15 UTC ( 1 year, 3 months ago )
Last submission 2013-04-30 22:05:44 UTC ( 11 months, 3 weeks ago )
File names dll.dl
file-4972136_dll
base.exe
base
test_gaga.dll
fef9a8fa614bd9a9d675b76c00e34ce4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!