× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b199e3d76a169b4a1f2346fb3df929d3ffe21178219ef755f55775970500f5d0
File name: dpnsvr_exe_4dfb1d5cbcf69c909e9b9103eb822wup
Detection ratio: 32 / 46
Analysis date: 2013-05-12 10:57:32 UTC ( 11 months, 1 week ago )
Antivirus Result Update
Agnitum Suspicious!SA 20130512
AhnLab-V3 Packed/Win32.Black 20130511
AntiVir TR/Crypt.FKM.Gen 20130512
BitDefender Trojan.Generic.8684252 20130512
CAT-QuickHeal (Suspicious) - DNAScan 20130510
Commtouch W32/Heuristic-210!Eldorado 20130512
Comodo TrojWare.Win32.Trojan.Inject.~II 20130512
Emsisoft VirTool.Win32.Obfuscator.AMN (A) 20130512
F-Prot W32/Heuristic-210!Eldorado 20130512
F-Secure Trojan.Generic.8684252 20130512
Fortinet Malware_fam.NB 20130512
GData Trojan.Generic.8684252 20130512
Ikarus Generic.PWS.Games.3 20130512
K7AntiVirus Trojan 20130510
K7GW Trojan 20130510
Kaspersky UDS:DangerousObject.Multi.Generic 20130512
McAfee Artemis!1AF3FD0A344F 20130512
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20130512
Microsoft VirTool:Win32/Obfuscator.C 20130512
NANO-Antivirus Trojan.Win32.FKM.boxplp 20130512
Norman Packed_Upack.H 20130512
PCTools Rootkit.Order 20130512
Panda Trj/CI.A 20130512
Sophos Mal/EncPk-BW 20130512
Symantec Suspicious.AD 20130512
TheHacker W32/Behav-Heuristic-060 20130509
TrendMicro Cryp_Upack 20130512
TrendMicro-HouseCall Cryp_Upack 20130512
VIPRE Packed.Win32.Upack (v) 20130512
ViRobot Packed.Win32.UPack 20130511
eSafe Win32.Looked.gen 20130509
nProtect Trojan.Generic.8684252 20130512
AVG 20130511
Antiy-AVL 20130511
Avast 20130512
ByteHero 20130510
ClamAV 20130512
DrWeb 20130512
ESET-NOD32 20130512
Jiangmin 20130512
Kingsoft 20130506
Malwarebytes 20130512
MicroWorld-eScan 20130512
SUPERAntiSpyware 20130512
TotalDefense 20130512
VBA32 20130510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPack
F-PROT UPack
PEiD WinUpack v0.39 final (relocated image base) -> By Dwing (c)2005 (h2)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x0000F752
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
0.57

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
5632

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
1970:01:01 01:08:16+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
dpnsvr.exe

FileAccessDate
2013:05:12 11:57:48+01:00

ProductVersion
6.1.7600.16385

FileDescription
Microsoft DirectPlay8 Server

OSVersion
4.0

FileCreateDate
2013:05:12 11:57:48+01:00

OriginalFilename
dpnsvr.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
27648

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

EntryPoint
0xf752

ObjectFileType
Executable application

File identification
MD5 1af3fd0a344fe45170ff807afedb7e6c
SHA1 72b1fda03a9dc07efdce19cf00d2d2e508b630dd
SHA256 b199e3d76a169b4a1f2346fb3df929d3ffe21178219ef755f55775970500f5d0
ssdeep
384:owWrYgQWH7NMUk/LcsFy1Ztkq5DZCqveJCxlBjQNoi//eJ:oNfMRAiUZtj5NCqjzxQS

File size 15.0 KB ( 15406 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
peexe upack

VirusTotal metadata
First submission 2013-02-07 04:43:37 UTC ( 1 year, 2 months ago )
Last submission 2013-05-12 10:57:32 UTC ( 11 months, 1 week ago )
File names 1af3fd0a344fe45170ff807afedb7e6c
dpnsvr_exe_4dfb1d5cbcf69c909e9b9103eb822wup
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!