× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b69fc08183dc7e042733b53b14d2350604c82c36ea7e3b66c1c1ecedd657dba2
File name: DEB2A13BDCD5939413840AF81CB91BFA
Detection ratio: 0 / 56
Analysis date: 2014-12-10 02:40:40 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20141210
AegisLab 20141210
Yandex 20141209
AhnLab-V3 20141209
ALYac 20141210
Antiy-AVL 20141209
Avast 20141210
AVG 20141210
Avira (no cloud) 20141209
AVware 20141209
Baidu-International 20141209
BitDefender 20141210
Bkav 20141209
ByteHero 20141210
CAT-QuickHeal 20141209
ClamAV 20141209
CMC 20141208
Comodo 20141209
Cyren 20141210
DrWeb 20141210
Emsisoft 20141210
ESET-NOD32 20141210
F-Prot 20141210
F-Secure 20141210
Fortinet 20141210
GData 20141210
Ikarus 20141210
Jiangmin 20141209
K7AntiVirus 20141209
K7GW 20141209
Kaspersky 20141210
Kingsoft 20141210
Malwarebytes 20141210
McAfee 20141210
McAfee-GW-Edition 20141208
Microsoft 20141210
eScan 20141210
NANO-Antivirus 20141210
Norman 20141209
nProtect 20141209
Panda 20141209
Qihoo-360 20141210
Rising 20141209
Sophos 20141210
SUPERAntiSpyware 20141210
Symantec 20141210
Tencent 20141210
TheHacker 20141208
TotalDefense 20141209
TrendMicro 20141210
TrendMicro-HouseCall 20141210
VBA32 20141209
VIPRE 20141210
ViRobot 20141208
Zillya 20141209
Zoner 20141208
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
File version 10.0.9896.0 (fbl_compat_auto.141202-1756)
Description Compatibility Appraiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-03 12:18:11
Entry Point 0x000952A0
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
EventWriteTransfer
EventWrite
OpenServiceW
ControlService
ControlTraceW
RegEnumKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
EventRegister
RegGetValueW
RegOpenKeyExW
RegLoadAppKeyW
RegOpenKeyW
RegQueryValueW
EnableTrace
CryptReleaseContext
StartTraceW
RegEnumKeyExW
CryptAcquireContextW
EventUnregister
CryptDestroyHash
RegDeleteValueW
StartServiceW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
RegDeleteKeyExW
DeleteDC
GetDIBits
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
FreeMibTable
GetIfTable2
GetVolumePathNameW
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
SubmitThreadpoolWork
WaitForSingleObject
LockResource
CreateJobObjectW
GetPrivateProfileSectionNamesW
GetFileAttributesW
SetInformationJobObject
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetFileTime
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
ReleaseActCtx
HeapReAlloc
SetEvent
LocalFree
IsWow64Process
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
CloseThreadpoolWork
FindClose
OutputDebugStringA
GetEnvironmentVariableW
GetSystemTime
DeviceIoControl
K32EnumProcessModules
CopyFileW
K32GetModuleFileNameExW
GetModuleFileNameW
TryEnterCriticalSection
HeapAlloc
VerSetConditionMask
LoadLibraryExA
CreateActCtxW
GetUserDefaultLCID
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetSystemPowerStatus
FlushInstructionCache
MoveFileExW
CreateThread
SetEnvironmentVariableW
K32EnumProcesses
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
GetVolumeNameForVolumeMountPointW
IsProcessorFeaturePresent
GetFileInformationByHandle
TerminateProcess
GetModuleHandleExW
VirtualQuery
CreateThreadpoolWork
SetWaitableTimer
AcquireSRWLockExclusive
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetComputerNameW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
CompareStringOrdinal
WaitForThreadpoolWorkCallbacks
GetFileSize
OpenProcess
GetModuleHandleW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
AssignProcessToJobObject
GetFileSizeEx
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
ReleaseSRWLockExclusive
WaitForMultipleObjects
GetPrivateProfileSectionW
GetProductInfo
GetTempPathW
CreateEventW
CreateFileW
GetCurrentThreadId
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
CreateWaitableTimerW
GetSystemInfo
CompareStringW
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GetQueuedCompletionStatus
SizeofResource
Wow64DisableWow64FsRedirection
GetCurrentProcessId
CreateIoCompletionPort
QueryActCtxW
SetThreadAffinityMask
GetCurrentThread
RaiseException
MapViewOfFile
ReadFile
Wow64RevertWow64FsRedirection
CloseHandle
GetVersion
GetFileAttributesExW
GetLongPathNameW
UnmapViewOfFile
FindResourceW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
NetUserEnum
NetApiBufferFree
SysStringByteLen
SysFreeString
VariantInit
SysAllocString
UuidCreate
UuidToStringW
RpcStringFreeW
SetupDiLoadClassIcon
SetupInstallFromInfSectionW
SetupOpenInfFileW
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
ExtractIconExW
SHGetFolderPathW
SHGetFileInfoW
SHCreateStreamOnFileEx
UrlGetPartW
PathUnquoteSpacesW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
AssocQueryStringW
SHCreateStreamOnFileW
PathIsUNCW
PathAppendW
PathFindExtensionW
StrCmpIW
PathRemoveBlanksW
PathFindSuffixArrayW
CharLowerBuffW
CharLowerA
GetIconInfo
PeekMessageW
DestroyIcon
LoadStringW
CharLowerW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ConstructPartialMsgVW
WdsSetupLogMessageA
WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVA
HttpQueryInfoW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
CreateXmlWriter
CreateXmlReader
CreateXmlWriterOutputWithEncodingName
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromHICON
GdipBitmapSetPixel
strncmp
_purecall
malloc
??0exception@@QAE@ABQBD@Z
swscanf_s
??0exception@@QAE@ABV0@@Z
??1type_info@@UAE@XZ
wcstoul
memset
wcschr
__dllonexit
strtok_s
_wcsicmp
toupper
wcscpy_s
_vsnwprintf
tolower
_amsg_exit
?terminate@@YAXXZ
strncpy_s
memcpy_s
_lock
qsort
_onexit
_XcptFilter
memcmp
iswalpha
wcsrchr
towlower
_CxxThrowException
rand_s
memmove_s
_unlock
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
free
__CxxFrameHandler3
_except_handler4_common
wcsncmp
sprintf_s
_callnewh
memcpy
wcsnlen
strnlen
wcscat_s
_vsnprintf
strstr
memmove
wcsspn
swscanf
_itow_s
_wcsnicmp
swprintf_s
_wcslwr_s
wcsstr
??0exception@@QAE@XZ
_wsplitpath_s
_initterm
_wtoi
ZwReadFile
RtlInitUnicodeString
ZwOpenKey
EtwTraceMessage
RtlUnicodeStringToInteger
RtlAppendUnicodeStringToString
ZwCreateFile
RtlTimeToTimeFields
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
NtClose
RtlCopyUnicodeString
NlsMbCodePageTag
RtlFormatCurrentUserKeyPath
RtlUpcaseUnicodeChar
RtlUnicodeStringToAnsiString
RtlImageDirectoryEntryToData
RtlDosPathNameToNtPathName_U_WithStatus
RtlAppendUnicodeToString
ZwMapViewOfSection
ZwQuerySystemInformation
ZwSetInformationProcess
RtlAllocateHeap
ZwQueryInformationFile
RtlGUIDFromString
ZwEnumerateValueKey
RtlSecondsSince1970ToTime
ZwQueryValueKey
RtlFreeHeap
RtlFreeUnicodeString
ZwQueryInformationProcess
LdrResSearchResource
RtlInitString
ZwUnmapViewOfSection
ZwSetInformationFile
RtlInitUnicodeStringEx
ZwQueryKey
ZwCreateSection
RtlxAnsiStringToUnicodeSize
RtlCompareMemory
RtlGetVersion
ZwClose
NtQueryValueKey
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
SfcIsFileProtected
WsGetFaultErrorProperty
WsFreeError
WsDateTimeToFileTime
WsCreateHeap
WsGetErrorProperty
WsOpenServiceProxy
WsResetHeap
WsFreeHeap
WsCall
WsFreeServiceProxy
WsResetError
WsCloseServiceProxy
WsGetErrorString
WsCreateError
WsCreateServiceProxyFromTemplate
PE exports
Number of PE resources by type
RT_RCDATA 2
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
94208

ImageVersion
10.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
10.0.9896.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.1

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
10.0.9896.0 (fbl_compat_auto.141202-1756)

TimeStamp
2014:12:03 13:18:11+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
10.0.9896.0

FileDescription
Compatibility Appraiser

OSVersion
10.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
632832

FileSubtype
0

ProductVersionNumber
10.0.9896.0

EntryPoint
0x952a0

ObjectFileType
Dynamic link library

File identification
MD5 deb2a13bdcd5939413840af81cb91bfa
SHA1 bb0620a224104b47d4a87b70dc0460953bf26a53
SHA256 b69fc08183dc7e042733b53b14d2350604c82c36ea7e3b66c1c1ecedd657dba2
ssdeep
6144:xISkRAYykWOd1ERVXNs6OX83QViTtxhBwA/4L0DHFB+YURzfG8DuYyz7l24JIh:xIQqd+fGuxhaA/4kHF0dRS8u7l240

authentihash 8f64cd897cb4ed3dd01122914c1a488895358d59ff6192d638e685883fac6944
imphash 78de9d17da8a7a9e83748ebbc266eb80
File size 711.5 KB ( 728576 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2014-12-10 02:40:40 UTC ( 2 years, 5 months ago )
Last submission 2017-02-01 08:01:55 UTC ( 3 months, 3 weeks ago )
File names 33043a7bcb391e499e4aa32dd250355c.tmp
0c5c34b97345c2418dd05d8a0ba5e18d.tmp
f0b3e35d876d9049aa9ee4ec458351a4.tmp
d3a040b0fb234f43b37893cd2380ba28.tmp
3a2043bed30d6a488a311a2e858adde3.tmp
f4110f0daa149848a655aa9f7ac1d1d0.tmp
8e9aba8b2f600846915969084b4219e0.tmp
ead81d5d14be1e4f902f6c8be0ca7c87.tmp
appraiser.dll
0809b19e89229f48aa5031d8997ee030.tmp
a15714a6b4fbd745aa26c413586ea3f7.tmp
311ee213f5135e4eaa9fb8c74cd19b7d.tmp
64c918d9f9228c48b572ea05c4b66863.tmp
3ea911b26746b744bcd64eccfacac745.tmp
a02e33d5cdf90c459cc96a632c96aa8b.tmp
e25cc66394589a4da9d64dc9632a6641.tmp
964de498ab3ff746b7445022569b36ee.tmp
95c402353b35a24ebdd4c0df36bbe8f6.tmp
422b5c2f4d5cb34a8c0234d4893afe2f.tmp
71917a9ffd45e54389be4820b549aed1.tmp
37df3d29dc4ff44186f5222fd2d3596e.tmp
3a0634e29ebb3d4ca4b84de8c8e21ae3.tmp
92944bd3990b054bac4ea6ab9027064e.tmp
16aad7ddde273c4d9223133fe0b78bc6.tmp
e0cdd9a05ed3124e9c77788fee32b19b.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!