× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cbe5d25f27deb7317aebb3f64d18a1d9d72383bc956a1433ae207e68bea08f09
File name: pDVmtPNn0EAd7EI.dll
Detection ratio: 8 / 57
Analysis date: 2016-11-21 18:24:22 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9861 20161121
Bkav HW32.Packed.68D6 20161121
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML virus.win32.sality.at 20161018
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20161121
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161121
Symantec Heur.AdvML.B 20161121
Tencent Win32.Trojan.Raasj.Auto 20161121
Ad-Aware 20161121
AegisLab 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161121
Antiy-AVL 20161121
Arcabit 20161121
Avast 20161121
AVG 20161121
Avira (no cloud) 20161121
AVware 20161121
BitDefender 20161121
CAT-QuickHeal 20161121
ClamAV 20161121
CMC 20161121
Comodo 20161121
Cyren 20161121
DrWeb 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
Fortinet 20161121
GData 20161121
Ikarus 20161121
Jiangmin 20161121
K7AntiVirus 20161121
K7GW 20161121
Kaspersky 20161121
Kingsoft 20161121
Malwarebytes 20161121
McAfee 20161121
Microsoft 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161121
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
TheHacker 20161117
TotalDefense 20161121
TrendMicro 20161121
TrendMicro-HouseCall 20161121
Trustlook 20161121
VBA32 20161121
VIPRE 20161121
ViRobot 20161121
Yandex 20161121
Zillya 20161121
Zoner 20161121
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008-2015 Auslogics Labs Pty Ltd

Product Shared Library
Original name ActionCenterForms.dll
Internal name action-center-forms-library
File version 2.0.0.9
Description Action Center Forms Library
Comments Part of Auslogics Programs
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-21 15:47:29
Entry Point 0x000045CF
Number of sections 8
PE sections
PE imports
RegCreateKeyExW
DuplicateTokenEx
RegDeleteValueW
RegCloseKey
RegRestoreKeyW
OpenProcessToken
RegSetValueExW
RegUnLoadKeyW
RegQueryInfoKeyW
RegConnectRegistryW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegSaveKeyW
RegReplaceKeyW
RegLoadKeyW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
CreateProcessAsUserW
SetThreadLocale
GetStdHandle
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
OpenFileMappingA
ExitProcess
GetLocaleInfoW
GetCPInfo
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
SetEvent
LocalFree
FormatMessageW
GetEnvironmentVariableA
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
GlobalFindAtomW
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetPrivateProfileStringW
InterlockedExchangeAdd
GetSystemDefaultUILanguage
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetFileSize
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcessHeap
CompareStringW
GetModuleFileNameW
ResetEvent
CreateFileMappingA
FindFirstFileW
IsValidLocale
CreateEventW
CreateFileW
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
UnmapViewOfFile
GetSystemInfo
GetThreadLocale
lstrlenW
VirtualFree
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetCPInfoExW
GetLongPathNameW
TlsGetValue
HeapCreate
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHGetSpecialFolderPathW
SHGetFolderPathA
UrlUnescapeW
AssocQueryStringW
UrlEscapeW
CharLowerBuffW
GetSystemMetrics
CharNextW
LoadImageW
DestroyIcon
CharUpperW
SendMessageA
LoadStringW
MessageBoxA
CharUpperBuffW
MessageBoxW
CharUpperA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
InternetCanonicalizeUrlW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW
InternetOpenW
DeleteUrlCacheEntryW
HttpOpenRequestW
Ord(161)
malloc
exit
free
CoUninitialize
CoInitialize
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Copyright 2008-2015 Auslogics Labs Pty Ltd

SubsystemVersion
5.0

Comments
Part of Auslogics Programs

LinkerVersion
8.0

ImageVersion
8.0

FileSubtype
0

FileVersionNumber
2.0.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Action Center Forms Library

CharacterSet
Windows, Latin1

InitializedDataSize
163840

EntryPoint
0x45cf

OriginalFileName
ActionCenterForms.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2015 Auslogics Labs Pty Ltd

FileVersion
2.0.0.9

TimeStamp
2016:11:21 16:47:29+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
action-center-forms-library

ProductVersion
2.x

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Auslogics

CodeSize
27648

ProductName
Shared Library

ProductVersionNumber
2.0.0.9

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 aedd28f89c015466c80c956461d486dd
SHA1 03cc2d43253526ee5f731abaab13bea2b3f487d7
SHA256 cbe5d25f27deb7317aebb3f64d18a1d9d72383bc956a1433ae207e68bea08f09
ssdeep
3072:EULeoJ0FS2n9WtB8nrYi6SVbx3loUz1B7VJq+ECs3g:JL76hWzq8Yl3oiDECA

authentihash 4778cf2c6b5cd87627b5500208227eea2609bdbb040b375329aea010eb46678f
imphash 1129dbbd5ced189f16c4d7d4be74edad
File size 116.0 KB ( 118784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-21 18:24:22 UTC ( 2 years, 5 months ago )
Last submission 2016-11-28 14:12:05 UTC ( 2 years, 4 months ago )
File names pDVmtPNn0EAd7EI.dll
pDVmtPNn0EAd7EI.dll
ActionCenterForms.dll
action-center-forms-library
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!