× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca14051c98b41fcd5e026a50b64ff7bf0fbdc47d586e459ee3d9d58de9fafec4
File name: eee64031e7fa1776b2654b0d2ba752bd
Detection ratio: 36 / 41
Analysis date: 2011-04-06 12:46:07 UTC ( 3 years ago ) View latest
Antivirus Result Update
AVG Downloader.Generic10.AYVY 20110406
AhnLab-V3 Win-Trojan/Fakeav.397824 20110406
AntiVir TR/Crypt.ZPACK.Gen 20110406
Antiy-AVL Packed/Win32.Krap.gen 20110406
Avast Win32:FakeSysdef-E 20110406
Avast5 Win32:FakeSysdef-E 20110401
BitDefender Gen:Variant.Kazy.5437 20110406
CAT-QuickHeal Trojan.FakeAV 20110406
Commtouch W32/MalwareF.RATG 20110406
Comodo UnclassifiedMalware 20110406
DrWeb Trojan.Fakealert.19779 20110406
F-Prot W32/MalwareF.RATG 20110406
Fortinet W32/Krapt.AOB!tr 20110406
GData Gen:Variant.Kazy.5437 20110406
Ikarus Packed.Win32.Krap 20110406
Jiangmin Packed.Krap.dvra 20110405
K7AntiVirus Trojan 20110406
Kaspersky Packed.Win32.Krap.ao 20110406
McAfee FakeAlert-HDD 20110406
McAfee-GW-Edition FakeAlert-HDD 20110406
Microsoft Trojan:Win32/FakeSysdef 20110406
NOD32 Win32/TrojanDownloader.Prodatect.AZ 20110406
Norman W32/Suspicious_Gen2.IBQTL 20110406
PCTools HeurEngine.MaliciousPacker 20110404
Panda Trj/Genetic.gen 20110406
Prevx Medium Risk Malware 20110406
Rising Trojan.Win32.Generic.125EDE96 20110406
SUPERAntiSpyware Trojan.Agent/Gen-FakeFrag 20110403
Sophos Mal/FakeAV-EA 20110406
Symantec Packed.Generic.313 20110406
TheHacker Trojan/Downloader.Prodatect.az 20110406
TrendMicro TROJ_GEN.R47C2L8 20110406
TrendMicro-HouseCall TROJ_GEN.R47C2L8 20110406
VIPRE FraudTool.Win32.FakeAV.hdd (v) 20110406
VirusBuster Trojan.DL.Prodatect!sXQ2oqiCxLs 20110406
eTrust-Vet Win32/Renos.G!generic 20110406
ClamAV 20110406
F-Secure 20110406
VBA32 20110406
ViRobot 20110406
eSafe 20110404
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© ASR Software Corporation. All rights reserved.

Publisher ASR Corporation
Product ASR
Version 01.1216
Original name asrsoft
Internal name asrsoft
File version 10.01.12
Description ASR Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-12-11 13:32:55
Link date 2:32 PM 12/11/2007
Entry Point 0x000010C9
Number of sections 5
PE sections
PE imports
RegEnumValueW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueW
InitCommonControlsEx
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW
FlatSB_GetScrollPos
PropertySheetW
DnsReplaceRecordSetW
GetTextCharsetInfo
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
CreatePen
CreateICW
CreateRectRgnIndirect
GetTextCharset
GetTextMetricsW
Rectangle
GetDeviceCaps
ExcludeClipRect
TranslateCharsetInfo
LineTo
DeleteDC
GetMapMode
CreateDiscardableBitmap
GetObjectW
BitBlt
RealizePalette
SetTextColor
GetTextExtentPointW
MoveToEx
ExtTextOutW
GetNearestColor
CreateDCW
GetStockObject
CreateDIBitmap
EnumFontFamiliesExW
SelectPalette
SetBkColor
SelectClipRgn
CreateCompatibleDC
CreateFontW
SelectObject
GetCharWidth32W
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
SetBkMode
GetViewportExtEx
DeleteObject
CreateCompatibleBitmap
GetDriveTypeW
WaitForSingleObject
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
GetLocaleInfoW
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
SetEvent
LocalFree
FormatMessageW
FreeLibraryAndExitThread
CreateEventW
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetModuleFileNameW
lstrcmpiW
DelayLoadFailureHook
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
CreateThread
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
GetVersionExA
LoadLibraryA
LeaveCriticalSection
DeleteFileW
GetUserDefaultLCID
GetTempFileNameW
GetProfileStringW
lstrcpyW
GlobalReAlloc
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
ResetEvent
FindFirstFileW
lstrcmpW
GlobalLock
LocalSize
CreateFileW
TlsSetValue
InterlockedIncrement
GetLastError
LocalReAlloc
GetShortPathNameW
lstrlenA
GlobalFree
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
InterlockedCompareExchange
lstrcpynW
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FindResourceW
GetProcessVersion
FindResourceA
GetAcceptExSockaddrs
AcceptEx
RtlIsNameLegalDOS8Dot3
_wcsicmp
_chkstk
memmove
RtlUnicodeStringToAnsiString
wcslen
RtlAnsiStringToUnicodeString
NtAllocateVirtualMemory
RtlInitUnicodeStringEx
RtlUnwind
_vsnwprintf
NtQueryVirtualMemory
RpcBindingFree
NdrClientCall2
RpcStringFreeW
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcStringBindingComposeW
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
RUSSIAN 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.1.12.0

UninitializedDataSize
892928

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
1226240

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
ASR Software Corporation. All rights reserved.

FileVersion
10.01.12

TimeStamp
2007:12:11 14:32:55+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
asrsoft

FileAccessDate
2013:05:18 07:51:58+01:00

ProductVersion
01.1216

FileDescription
ASR Software

OSVersion
4.0

FileCreateDate
2013:05:18 07:51:58+01:00

OriginalFilename
asrsoft

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASR Corporation

CodeSize
51712

ProductName
ASR

ProductVersionNumber
1.1216.0.0

EntryPoint
0x10c9

ObjectFileType
Dynamic link library

File identification
MD5 eee64031e7fa1776b2654b0d2ba752bd
SHA1 dcda8c6abd904097f4bcd07dcb2cde35e358cf83
SHA256 ca14051c98b41fcd5e026a50b64ff7bf0fbdc47d586e459ee3d9d58de9fafec4
ssdeep
12288:W9xXGaTo4bG11p88kfy3Yy0NITImy6NQObbycd2w:MZhBTll6nd2w

File size 388.5 KB ( 397824 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (12.9%)
Win16/32 Executable Delphi generic (4.1%)
Generic Win/DOS Executable (3.9%)
Tags
pedll

VirusTotal metadata
First submission 2010-12-06 22:28:16 UTC ( 3 years, 4 months ago )
Last submission 2013-05-18 06:49:19 UTC ( 11 months, 1 week ago )
File names asrsoft
eee64031e7fa1776b2654b0d2ba752bd
MoBj4peI
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!