× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c0e827279c5aeb0409b2d5d1e90c19fae193fe19d9d56c98b2c50c8d8f500be0
File name: c0e827279c5aeb0409b2d5d1e90c19fae193fe19d9d56c98b2c50c8d8f500be0.exe
Detection ratio: 26 / 62
Analysis date: 2019-02-19 09:45:27 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Adware.BHO.Bprotector.1 20190219
Arcabit Trojan.Adware.BHO.Bprotector.1 20190219
Avast Win32:SProtector-U [Adw] 20190219
AVG Win32:SProtector-U [Adw] 20190219
BitDefender Gen:Variant.Adware.BHO.Bprotector.1 20190219
Cylance Unsafe 20190219
DrWeb Adware.BGuard.11 20190219
Emsisoft Gen:Variant.Adware.BHO.Bprotector.1 (B) 20190219
ESET-NOD32 a variant of Win32/SProtector.A potentially unwanted 20190219
GData Gen:Variant.Adware.BHO.Bprotector.1 20190219
Jiangmin AdWare/Esprot.akh 20190219
K7AntiVirus Trojan ( 0048c2e91 ) 20190219
K7GW Trojan ( 0048c2e91 ) 20190219
Kaspersky not-a-virus:HEUR:AdWare.Win32.Esprot.heur 20190219
Kingsoft Win32.Troj.Generic.a.(kcloud) 20190219
Malwarebytes Spyware.PasswordStealer 20190219
eScan Gen:Variant.Adware.BHO.Bprotector.1 20190219
NANO-Antivirus Riskware.Win32.BGuard.dfmehy 20190219
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Bprotect-G 20190219
SUPERAntiSpyware Adware.BProtector/Variant 20190213
Symantec Adware.GoonSquad 20190219
VBA32 BScope.Adware.Esprot 20190219
Webroot W32.Malware.Gen 20190219
Yandex Riskware.Agent! 20190219
ZoneAlarm by Check Point not-a-virus:HEUR:AdWare.Win32.Esprot.heur 20190219
Acronis 20190213
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
ALYac 20190219
Antiy-AVL 20190219
Avast-Mobile 20190219
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190218
ClamAV 20190218
CMC 20190219
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190219
eGambit 20190219
Endgame 20190215
F-Secure 20190219
Fortinet 20190219
Sophos ML 20181128
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
Microsoft 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190218
Qihoo-360 20190219
Rising 20190219
Symantec Mobile Insight 20190207
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190219
Trapmine 20190123
Trustlook 20190219
ViRobot 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-15 16:47:50
Entry Point 0x000B35B8
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
IsValidSid
FreeSid
ConvertSidToStringSidW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
HeapReAlloc
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
SetHandleCount
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
InterlockedExchangeAdd
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
MoveFileW
SetFilePointer
LockFileEx
CreateThread
CreateSemaphoreW
GetCurrentProcess
CreateMutexW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
UnlockFile
GetEnvironmentStrings
GetFileSize
Process32First
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
FreeEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
HeapValidate
CompareStringA
GetTempFileNameA
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
LockFile
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
GetLongPathNameA
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
PE exports
Number of PE resources by type
RT_HTML 4
RT_ICON 2
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:01:15 17:47:50+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
843264

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0xb35b8

InitializedDataSize
279552

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 413e76d3534b8bd2256d9816f8d1f5fb
SHA1 077d0e3636e566afc25a9c1bdb9fbaa9e9305c59
SHA256 c0e827279c5aeb0409b2d5d1e90c19fae193fe19d9d56c98b2c50c8d8f500be0
ssdeep
24576:FssbfxQpa6K0R+gpdSTkC17SDC9xPuZBv2LvfUB9iU:9Ea04qdckkWm95Sv2Lvy9iU

authentihash 5ba1cd62c48cfcf33243745addff168d3ae3f1c2e64b8a135ada297a08720b34
imphash cc08c84e5ec235056d524fd8a3ac39cf
File size 1006.0 KB ( 1030144 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (49.0%)
Win64 Executable (generic) (31.4%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
OS/2 Executable (generic) (2.3%)
Tags
pedll

VirusTotal metadata
First submission 2013-01-17 19:43:12 UTC ( 6 years, 3 months ago )
Last submission 2018-04-04 13:47:04 UTC ( 1 year ago )
File names SPROTE~1.DLL.Muestra EliStartPage v28.77
SPROTE~1.DLL
c0e827279c5aeb0409b2d5d1e90c19fae193fe19d9d56c98b2c50c8d8f500be0
SPROTECTOR.DLL
vt-upload-IYvP8
c0e827279c5aeb0409b2d5d1e90c19fae193fe19d9d56c98b2c50c8d8f500be0.exe
sprotector.dll
413e76d3534b8bd2256d9816f8d1f5fb
sprote~1.dll.ftf
vt-upload-DKI5m
vt-upload-bliNA
vti-rescan
file-5422166_dll
vt-upload-A_9Jv
vt-upload-M3mkQ
sprotector.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!