× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
File name: test_gaga.dll
Detection ratio: 39 / 55
Analysis date: 2015-04-09 15:24:19 UTC ( 4 months, 4 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.KDZ.2981 20150409
AVG Crypt.BFMF 20150409
AVware Trojan.Win32.Generic!BT 20150409
Ad-Aware Trojan.Generic.KDZ.2981 20150409
Agnitum Trojan.DR.Agent!gCZhPnkfGyo 20150408
AhnLab-V3 Dropper/Win32.Agent 20150409
Antiy-AVL Trojan[Dropper]/Win32.Agent 20150409
Avast Win32:Agent-AQTH [Trj] 20150409
Baidu-International Trojan.Win32.Dropper.hguo 20150409
BitDefender Trojan.Generic.KDZ.2981 20150409
Comodo UnclassifiedMalware 20150409
DrWeb Trojan.MulDrop4.20942 20150409
ESET-NOD32 a variant of Win32/Shyape.A 20150409
Emsisoft Trojan.Generic.KDZ.2981 (B) 20150409
F-Secure Trojan.Generic.KDZ.2981 20150409
Fortinet W32/Shyape.AAA!tr 20150409
GData Trojan.Generic.KDZ.2981 20150409
Ikarus Trojan.Crypt 20150409
K7AntiVirus Trojan ( 0001140e1 ) 20150409
K7GW Trojan ( 0001140e1 ) 20150409
Kaspersky Trojan-Dropper.Win32.Agent.hguo 20150409
Malwarebytes Trojan.Dropper 20150409
McAfee BackDoor-FKE 20150409
McAfee-GW-Edition BackDoor-FKE 20150409
MicroWorld-eScan Trojan.Generic.KDZ.2981 20150409
NANO-Antivirus Trojan.Win32.Genome.btwooe 20150409
Norman Suspicious_Gen4.BWYUB 20150409
Panda Generic Suspicious 20150408
Qihoo-360 Win32/Trojan.Dropper.5bd 20150409
Sophos Troj/Agent-ZMC 20150409
Symantec Backdoor.Trojan 20150409
Tencent Win32.Trojan-Dropper.Agent.dson 20150409
TheHacker Trojan/Shyape.a 20150408
TrendMicro TROJ_SPNR.35CC13 20150409
TrendMicro-HouseCall TROJ_SPNR.35CC13 20150409
VBA32 TrojanDropper.Agent 20150408
VIPRE Trojan.Win32.Generic!BT 20150409
Zillya Dropper.Agent.Win32.121570 20150408
nProtect Trojan.Generic.KDZ.2981 20150409
AegisLab 20150409
Alibaba 20150409
Bkav 20150409
ByteHero 20150409
CAT-QuickHeal 20150409
CMC 20150408
ClamAV 20150409
Cyren 20150409
F-Prot 20150409
Kingsoft 20150409
Microsoft 20150409
Rising 20150409
SUPERAntiSpyware 20150409
TotalDefense 20150409
ViRobot 20150409
Zoner 20150409
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TODO: (C) <???>????????

Publisher TODO: <???>
Product TODO: <???>
Original name test_gaga.dll
Internal name test_gaga.dll
File version 1.0.0.1
Description TODO: <????>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-12 11:06:04
Link date 12:06 PM 12/12/2012
Entry Point 0x0000E2A4
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetDC
SetForegroundWindow
DrawTextA
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 49
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
385536

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
TODO: (C) < >

FileVersion
1.0.0.1

TimeStamp
2012:12:12 12:06:04+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
test_gaga.dll

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
5.0

OriginalFilename
test_gaga.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
122880

ProductName
TODO: < >

ProductVersionNumber
1.0.0.1

EntryPoint
0xe2a4

ObjectFileType
Dynamic link library

File identification
MD5 fef9a8fa614bd9a9d675b76c00e34ce4
SHA1 a98ad343e096e47cdacf0e9586c5014af6f223af
SHA256 af5775caa4b2e2fa0a40a425b1277a00067a762469fcb13e0ca6deaa740780b9
ssdeep
6144:GAy2oM0fIYXzkZtP2SDIwKQE4jffPi2oWz8hwNwmoJ:G7FzlkIiygz8hwNwB

authentihash 8ca9f05213ca95b0585d18a29404fdc9c29f5dee5256e92b96c75ed748b58bd6
imphash a42e4d11329f4e568a99955645e8e908
File size 497.5 KB ( 509441 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (74.0%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-26 21:35:15 UTC ( 2 years, 8 months ago )
Last submission 2014-06-09 09:17:47 UTC ( 1 year, 2 months ago )
File names dll.dl
file-4972136_dll
base.exe
vti-rescan
base
test_gaga.dll
fef9a8fa614bd9a9d675b76c00e34ce4
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!