× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4e3e4ff389802a768f101ddaed35357fc614b81c53243c7199057f5c891d9fd
File name: csgoESP.dll
Detection ratio: 0 / 55
Analysis date: 2015-06-27 16:27:58 UTC ( 1 year, 6 months ago )
Antivirus Result Update
ALYac 20150627
AVG 20150627
AVware 20150627
Ad-Aware 20150627
AegisLab 20150626
Yandex 20150626
AhnLab-V3 20150627
Alibaba 20150626
Antiy-AVL 20150627
Arcabit 20150627
Avast 20150627
Avira (no cloud) 20150627
Baidu-International 20150627
BitDefender 20150627
Bkav 20150627
ByteHero 20150627
CAT-QuickHeal 20150627
ClamAV 20150626
Comodo 20150627
Cyren 20150627
DrWeb 20150627
ESET-NOD32 20150627
Emsisoft 20150627
F-Prot 20150627
F-Secure 20150627
Fortinet 20150627
GData 20150627
Ikarus 20150627
Jiangmin 20150626
K7AntiVirus 20150627
K7GW 20150627
Kaspersky 20150627
Kingsoft 20150627
Malwarebytes 20150627
McAfee 20150627
McAfee-GW-Edition 20150627
eScan 20150627
Microsoft 20150627
NANO-Antivirus 20150627
Panda 20150627
Qihoo-360 20150627
Rising 20150627
SUPERAntiSpyware 20150627
Sophos 20150627
Symantec 20150627
Tencent 20150627
TheHacker 20150626
TrendMicro 20150627
TrendMicro-HouseCall 20150627
VBA32 20150626
VIPRE 20150627
ViRobot 20150627
Zillya 20150627
Zoner 20150627
nProtect 20150626
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 05:46:11
Entry Point 0x00006E43
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SwapBuffers
DeleteDC
CreateRectRgn
DescribePixelFormat
CreateSolidBrush
ChoosePixelFormat
SetPixelFormat
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
Process32NextW
GetCurrentProcess
Module32FirstW
GetCurrentProcessId
OpenProcess
ReadProcessMemory
Process32FirstW
GetProcessId
CreateThread
Module32NextW
CloseHandle
IsProcessorFeaturePresent
ExitThread
DecodePointer
GetModuleHandleW
Sleep
GetCurrentThreadId
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bid@locale@std@@QAEIXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Syserror_map@std@@YAPBDH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Winerror_map@std@@YAPBDH@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
_malloc_crt
_purecall
??0bad_cast@std@@QAE@ABV01@@Z
fgetpos
fputc
fgetc
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
fclose
__dllonexit
_wcsicmp
fflush
fsetpos
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
memcpy_s
??2@YAPAXI@Z
fwrite
_lock
_onexit
_initterm_e
strtol
_CxxThrowException
_libm_sse2_sqrt_precise
??1bad_cast@std@@UAE@XZ
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
_fseeki64
memcpy
??0exception@std@@QAE@ABV01@@Z
__crtUnhandledException
??0bad_cast@std@@QAE@PBD@Z
memmove
_libm_sse2_pow_precise
_lock_file
_calloc_crt
setvbuf
__CppXcptFilter
ungetc
_initterm
_unlock_file
memchr
wglDeleteContext
glVertex2f
glMatrixMode
wglMakeCurrent
wglCreateContext
glViewport
glClear
glEnd
glOrtho
glLineWidth
glBegin
glColor4f
glClearColor
SetLayeredWindowAttributes
BeginPaint
DefWindowProcW
FindWindowW
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
MessageBoxW
GetWindowRect
EndPaint
TranslateMessage
DispatchMessageW
GetAsyncKeyState
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
GetDC
InvalidateRect
CreateWindowExW
RegisterClassExW
DestroyWindow
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:04:02 06:46:11+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
26624

LinkerVersion
12.0

EntryPoint
0x6e43

InitializedDataSize
46592

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 17d89eebbcf649a0af5b32adb129466a
SHA1 66a5e2f6554c784b0a4aebf860867f1dfbb6cd16
SHA256 c4e3e4ff389802a768f101ddaed35357fc614b81c53243c7199057f5c891d9fd
ssdeep
768:Gbnvk/rKvhvtDxGfulQHtOZa9HXyBelVj8N0Lavam:GbvUmvhvtDxGf/D93dC0mvv

authentihash 797f50061b1557e9c1a12215493eb440ec7cdaf206c0397c48c6b3c5235ec631
imphash c2cf73a6f3d7b2d5965696d04ec6085e
File size 40.5 KB ( 41472 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-02 08:23:48 UTC ( 1 year, 9 months ago )
Last submission 2015-06-27 16:27:58 UTC ( 1 year, 6 months ago )
File names ESP3_[www.unknowncheats.me]_.dll
[www.OldSchoolHack.de]_ESP3.dll
csgoESP.dll
ESP3.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!