× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cdae6cd712d032a3c1174471f32cb3480e12b18d9b6e3eed03e3ec2da23573fc
File name: libtag.dll
Detection ratio: 14 / 41
Analysis date: 2009-10-30 01:29:07 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Xema.variant 20091029
Comodo TrojWare.Win32.Agent.avef 20091030
Fortinet W32/Agent.AVEF!tr 20091029
Ikarus Trojan.Win32.Agent 20091029
Jiangmin Trojan/Agent.btin 20091029
K7AntiVirus Trojan.Win32.Agent.avef 20091029
Norman W32/Agent.JZWK 20091029
Panda Trj/Downloader.MDW 20091029
Symantec Trojan Horse 20091030
TrendMicro TROJ_AGENT.ATCY 20091029
VBA32 Trojan.Win32.Agent.avef 20091029
a-squared Trojan.Win32.Agent!IK 20091029
eSafe Win32.Agent.avef 20091029
nProtect Trojan/W32.Agent.723456.S 20091029
AVG 20091029
AntiVir 20091029
Antiy-AVL 20091027
Authentium 20091029
Avast 20091029
BitDefender 20091030
CAT-QuickHeal 20091029
ClamAV 20091030
DrWeb 20091029
F-Prot 20091029
F-Secure 20091027
GData 20091029
Kaspersky 20091030
McAfee 20091029
McAfee+Artemis 20091029
McAfee-GW-Edition 20091029
Microsoft 20091029
NOD32 20091029
PCTools 20091019
Prevx 20091030
Rising 20091029
Sophos 20091030
Sunbelt 20091029
TheHacker 20091028
ViRobot 20091029
VirusBuster 20091029
eTrust-Vet 20091029
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-23 15:58:16
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
GetLastError
GetAtomNameA
ReleaseSemaphore
CreateSemaphoreA
TlsGetValue
TlsFree
AddAtomA
WaitForSingleObject
FindAtomA
InterlockedDecrement
Sleep
TlsAlloc
TlsSetValue
SetLastError
InterlockedIncrement
malloc
fseek
_access
setlocale
fread
fclose
__dllonexit
abort
fprintf
_assert
fflush
fopen
strlen
clearerr
_fdopen
_errno
strtod
fwrite
fgetpos
fsetpos
wcslen
strftime
ftell
_strdup
putc
_ctype
strxfrm
memset
_isctype
_pctype
free
ungetc
_fstati64
_wfopen
_write
strcoll
div
_lseeki64
_vsnprintf
memmove
_read
localeconv
memcpy
strcmp
_filelengthi64
strcpy
setvbuf
__mb_cur_max
_strnicmp
_chsize
getc
memchr
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:02:23 07:58:16-08:00

FileType
Win32 DLL

PEType
PE32

CodeSize
626688

LinkerVersion
2.56

EntryPoint
0x1000

InitializedDataSize
722432

SubsystemVersion
4.0

ImageVersion
1.5

OSVersion
4.0

UninitializedDataSize
21504

File identification
MD5 ff03760bf9717aad1c233a4d6c46ec27
SHA1 8f16c5164ff435148897f27f869b32f9abbfbd74
SHA256 cdae6cd712d032a3c1174471f32cb3480e12b18d9b6e3eed03e3ec2da23573fc
ssdeep
12288:t0oL9e4Iyas4QHLo5UqrLlfhBIpMKKJdHorTdW3NzYcno39jYPiAIy+LLlVOSs0M:t0oL9e4Iyas/s9LlfhBIpMKWNWLLlVO8

File size 706.5 KB ( 723456 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2008-12-20 18:47:58 UTC ( 5 years, 4 months ago )
Last submission 2012-08-30 14:54:33 UTC ( 1 year, 7 months ago )
File names FF03760BF9717AAD1C233A4D6C46EC27
ff03760bf9717aad1c233a4d6c46ec27
libtag.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!