× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b56547ec2ee8185f772f1cdf034573883df442e4e9fde458fcf526a97563d53b
File name: 1.dll
Detection ratio: 2 / 56
Analysis date: 2015-01-08 09:31:28 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.47C0 20150107
Qihoo-360 Malware.QVM40.Gen 20150108
Ad-Aware 20150108
AegisLab 20150108
Yandex 20150107
AhnLab-V3 20150108
ALYac 20150108
Antiy-AVL 20150108
Avast 20150108
AVG 20150108
Avira (no cloud) 20150108
AVware 20150108
Baidu-International 20150108
BitDefender 20150108
ByteHero 20150108
CAT-QuickHeal 20150108
ClamAV 20150108
CMC 20150107
Comodo 20150108
Cyren 20150108
DrWeb 20150108
Emsisoft 20150108
ESET-NOD32 20150108
F-Prot 20150108
F-Secure 20150108
Fortinet 20150108
GData 20150108
Ikarus 20150108
Jiangmin 20150108
K7AntiVirus 20150108
K7GW 20150107
Kaspersky 20150108
Kingsoft 20150108
Malwarebytes 20150108
McAfee 20150108
McAfee-GW-Edition 20150107
Microsoft 20150108
eScan 20150108
NANO-Antivirus 20150108
Norman 20150108
nProtect 20150107
Panda 20150107
Rising 20150108
Sophos AV 20150108
SUPERAntiSpyware 20150108
Symantec 20150108
Tencent 20150108
TheHacker 20150106
TotalDefense 20150108
TrendMicro 20150108
TrendMicro-HouseCall 20150108
VBA32 20150108
VIPRE 20150108
ViRobot 20150108
Zillya 20150108
Zoner 20150107
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name LODCTR.DLL
Internal name LODCTR.DLL
File version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description ???????? ? ???????? ????????? ??????????????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-08 07:59:09
Entry Point 0x0000B430
Number of sections 10
PE sections
PE imports
GetClusterInformation
ExpandEnvironmentStringsA
GetLastError
IsValidCodePage
HeapFree
GetUserDefaultLangID
FatalAppExitW
TerminateThread
lstrlenA
LoadLibraryW
TryEnterCriticalSection
FreeLibrary
EnumSystemLanguageGroupsW
GetDateFormatA
ReplaceFileW
GetHandleInformation
BuildCommDCBW
GenerateConsoleCtrlEvent
IsDBCSLeadByte
SetConsoleOutputCP
QueueUserAPC
GetShortPathNameA
UpdateResourceA
GetStartupInfoA
GetVolumeInformationA
EnumSystemLocalesA
GetCurrentProcessId
CreateSemaphoreA
lstrcatA
ActivateActCtx
GetModuleHandleW
Process32Next
SetCalendarInfoW
GetAtomNameW
FoldStringW
GetThreadIOPendingFlag
SetSystemPowerState
DeleteTimerQueueTimer
CopyFileExW
QueryMemoryResourceNotification
InterlockedCompareExchange
WriteFileGather
QueryDepthSList
RegisterWaitForSingleObjectEx
SetEndOfFile
GetNumberOfConsoleMouseButtons
EraseTape
FillConsoleOutputCharacterA
GetModuleHandleA
DebugSetProcessKillOnExit
GetFullPathNameW
Module32NextW
CreateDirectoryExA
lstrcpyA
GetThreadSelectorEntry
SetConsoleTextAttribute
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
SetThreadAffinityMask
FindNextFileA
PeekConsoleInputA
Module32FirstW
TransactNamedPipe
IsValidLanguageGroup
OpenEventA
FindCloseChangeNotification
CreateProcessA
EnumResourceTypesW
ReadDirectoryChangesW
BeginUpdateResourceW
OutputDebugStringW
GetAtomNameA
GlobalHandle
LocalFileTimeToFileTime
GetFileAttributesW
LocalHandle
EnumDateFormatsA
GetCurrentThreadId
PrepareTape
SetLocaleInfoW
VirtualAlloc
InterlockedPushEntrySList
DnsHostnameToComputerNameA
ReadConsoleInputW
MprAdminConnectionClearStats
MprConfigInterfaceTransportAdd
MprConfigTransportGetInfo
MprAdminServerGetInfo
VarUI2FromR4
VarCyFromUI2
VarR4FromDec
SHIsFileAvailableOffline
Ord(179)
DrawEdge
OpenInputDesktop
CreateMDIWindowW
InSendMessageEx
EnableWindow
GetLastActivePopup
MessageBeep
rename
fopen
isleadbyte
wcstok
strcoll
iswcntrl
srand
swscanf
iswascii
strftime
abort
memset
setvbuf
asctime
ispunct
strlen
memcpy
fgetws
PdhReadRawLogRecord
PdhCloseQuery
PdhOpenQueryA
PdhAddCounterA
PdhGetFormattedCounterArrayW
CoInternetParseUrl
Number of PE resources by type
RT_STRING 8
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 10
PE resources
ExifTool file metadata
UninitializedDataSize
3005210588

LinkerVersion
9.159

ImageVersion
0.233

FileSubtype
0

FileVersionNumber
5.1.2600.2180

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
107008

EntryPoint
0xb430

OriginalFileName
LODCTR.DLL

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2015:01:08 08:59:09+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
LODCTR.DLL

ProductVersion
5.1.2600.2180

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
164352

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.2180

Warning
Possibly corrupt Version resource

FileTypeExtension
dll

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 db99570570609a3b723a3bd447ff120c
SHA1 1a6ffe9d67cd78edf52d266aa52e623aadbd7a75
SHA256 b56547ec2ee8185f772f1cdf034573883df442e4e9fde458fcf526a97563d53b
ssdeep
6144:5E/foWKvKTdBtfXqtzn1o4ExiZYqkdkkTDOqe50JRtQQWC3BZ0ILJ8P1:a/fJKTl1ohk+LdrTCqeuJXWC3UI9Q1

authentihash a34c5e9c1af898dfa3c0fab4fedf6269c5b4be5a51a8abbe614a6df6fffd5fa4
imphash 2984cdba59c66cdc9038719ab9a9e056
File size 274.0 KB ( 280576 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
pedll

VirusTotal metadata
First submission 2015-01-08 09:31:28 UTC ( 2 years, 10 months ago )
Last submission 2016-01-27 07:55:32 UTC ( 1 year, 9 months ago )
File names db99570570609a3b723a3bd447ff120c.dll
DB99570570609A3B723A3BD447FF120C
LODCTR.DLL
5DA9.dll
1.dll
5DA9.tmp
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R06AE03GM15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!