× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c33f2fdd945d053991e178fa12ab9ffea18f751313a8888c74004cbd680bbd75
File name: vnc32.dump
Detection ratio: 0 / 56
Analysis date: 2014-12-14 15:22:56 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20141214
AegisLab 20141214
Yandex 20141213
AhnLab-V3 20141214
ALYac 20141214
Antiy-AVL 20141214
Avast 20141214
AVG 20141214
Avira (no cloud) 20141214
AVware 20141214
Baidu-International 20141214
BitDefender 20141214
Bkav 20141212
ByteHero 20141214
CAT-QuickHeal 20141213
ClamAV 20141214
CMC 20141212
Comodo 20141214
Cyren 20141214
DrWeb 20141214
Emsisoft 20141214
ESET-NOD32 20141214
F-Prot 20141214
F-Secure 20141214
Fortinet 20141213
GData 20141214
Ikarus 20141214
Jiangmin 20141213
K7AntiVirus 20141212
K7GW 20141213
Kaspersky 20141214
Kingsoft 20141214
Malwarebytes 20141214
McAfee 20141214
McAfee-GW-Edition 20141214
Microsoft 20141214
eScan 20141214
NANO-Antivirus 20141214
Norman 20141214
nProtect 20141212
Panda 20141214
Qihoo-360 20141214
Rising 20141213
Sophos AV 20141214
SUPERAntiSpyware 20141214
Symantec 20141214
Tencent 20141214
TheHacker 20141212
TotalDefense 20141214
TrendMicro 20141214
TrendMicro-HouseCall 20141214
VBA32 20141212
VIPRE 20141214
ViRobot 20141214
Zillya 20141212
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-11 17:42:49
Entry Point 0x0002452C
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
OffsetRgn
CreateFontIndirectA
GetObjectA
DeleteDC
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetDeviceCaps
CreateBitmap
CreateFontA
GetStockObject
GetDIBits
GdiFlush
SelectClipRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetTcpTable
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
GetHandleInformation
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
GetFileInformationByHandle
lstrcatW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
MoveFileA
ResumeThread
GetLogicalDriveStringsA
GetEnvironmentVariableA
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
OutputDebugStringA
SetLastError
VerLanguageNameA
OpenThread
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
RemoveDirectoryA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
SetFilePointer
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
GlobalMemoryStatus
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
OpenProcess
TerminateThread
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
Process32Next
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
lstrcpyW
FreeEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
ResetEvent
GetComputerNameA
FindFirstFileW
TerminateProcess
GlobalLock
GetModuleFileNameA
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetModuleFileNameExA
GetProcessImageFileNameA
EnumProcesses
SHGetSpecialFolderPathA
ExtractIconExA
Shell_NotifyIconA
PathMatchSpecW
PathCombineW
StrStrIA
RedrawWindow
GetForegroundWindow
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
CreateDesktopA
WindowFromPoint
GetDC
DestroyCursor
GetAsyncKeyState
DrawTextA
IsClipboardFormatAvailable
SendMessageA
GetClientRect
GetThreadDesktop
GetWindowTextLengthA
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
SystemParametersInfoA
VkKeyScanExA
EnumWindows
GetUserObjectInformationA
ShowWindow
SetClassLongA
PrintWindow
SetClipboardViewer
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
GetIconInfo
SetClipboardData
MapVirtualKeyExA
GetKeyboardLayoutList
IsIconic
RegisterClassA
OpenDesktopA
GetWindowLongA
SetTimer
UnhookWinEvent
GetKeyboardLayout
FillRect
RealChildWindowFromPoint
DialogBoxIndirectParamA
ReleaseDC
GetCursorPos
GetWindowInfo
PtInRect
MapWindowPoints
VkKeyScanExW
MapVirtualKeyA
OpenInputDesktop
SetFocus
keybd_event
RegisterWindowMessageA
CheckMenuRadioItem
GetClipboardData
ToUnicodeEx
GetSystemMetrics
GetWindowRect
PostMessageA
DrawIcon
EnumChildWindows
SetWindowLongA
CreatePopupMenu
CheckMenuItem
GetLastActivePopup
CreateWindowExA
GetDlgItem
BringWindowToTop
ScreenToClient
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemInfoA
AttachThreadInput
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetScrollBarInfo
ChildWindowFromPointEx
EndDialog
CreateIconIndirect
GetShellWindow
SetWinEventHook
SetWindowTextA
GetWindowThreadProcessId
AppendMenuA
MoveWindow
ChangeClipboardChain
mouse_event
GetKeyState
GetWindowRgn
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetGUIThreadInfo
FrameRect
InvalidateRect
wsprintfA
SendMessageTimeoutA
CloseDesktop
IsRectEmpty
GetClassNameA
CloseClipboard
GetAncestor
__WSAFDIsSet
htonl
connect
setsockopt
bind
WSAStartup
send
inet_addr
accept
recvfrom
gethostbyname
socket
select
closesocket
inet_ntoa
htons
recv
getpeername
WSAGetLastError
listen
strchr
sscanf
memmove
strncpy
RtlUnwind
NtQueryVirtualMemory
CoUninitialize
CoCreateInstance
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:11 18:42:49+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
190464

LinkerVersion
12.0

FileAccessDate
2014:12:31 22:07:04+01:00

EntryPoint
0x2452c

InitializedDataSize
73728

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

FileCreateDate
2014:12:31 22:07:04+01:00

UninitializedDataSize
0

File identification
MD5 94eefdce643a084f95dd4c91289c3cf0
SHA1 0bbd15c31782a23b1252544221c564866975ea7e
SHA256 c33f2fdd945d053991e178fa12ab9ffea18f751313a8888c74004cbd680bbd75
ssdeep
6144:zYXzlcdiFZxlNh394uvRIjnXs7KTBPkMR:UXxzF74+GDXs7KTv

authentihash 477f543f462e4eedcfa66c5497be9ec9b1a508cd6966ed99a75f3b435d9e638f
imphash d6028dd373d856d9a9b869fe2cdf2c64
File size 248.0 KB ( 253952 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2014-12-13 18:28:03 UTC ( 2 years, 8 months ago )
Last submission 2014-12-31 21:06:46 UTC ( 2 years, 7 months ago )
File names vnc.bin
vnc32.dump
vti-rescan
vn32.dmp
vn32.dmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!