× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d046049559683b3bf6037319f19603e17982f1814eb21ac2b01cb6cdc6edfc18
File name: popguide_joy1004.dll
Detection ratio: 44 / 67
Analysis date: 2018-07-16 15:46:53 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3031695 20180716
AegisLab Troj.W32.BHO.adqm!c 20180716
Antiy-AVL Trojan/Win32.BHO 20180716
Arcabit Trojan.Generic.D2E428F 20180716
AVG FileRepMetagen [Malware] 20180716
Avira (no cloud) TR/Dldr.Agent.zmd 20180716
AVware Trojan.Win32.Generic!BT 20180716
BitDefender Trojan.Generic.3031695 20180716
ClamAV Win.Trojan.BHO-6835 20180716
Comodo Application.Win32.Adware.BHO.~Z 20180716
Cylance Unsafe 20180716
Cyren W32/Risk.RSTZ-0102 20180716
DrWeb Trojan.DownLoad1.40656 20180716
Emsisoft Trojan.Generic.3031695 (B) 20180716
ESET-NOD32 a variant of Win32/Adware.Kraddare 20180716
F-Prot W32/MalwareS.AGDC 20180716
F-Secure Trojan.Generic.3031695 20180716
Fortinet Malware_fam.A 20180716
GData Trojan.Generic.3031695 20180716
Ikarus Trojan.Win32.BHO 20180716
Jiangmin Trojan/BHO.jzj 20180716
K7AntiVirus Trojan ( 0001140e1 ) 20180716
K7GW Trojan ( 0001140e1 ) 20180716
Kaspersky UDS:DangerousObject.Multi.Generic 20180716
Kingsoft Win32.Troj.BHO.(kcloud) 20180716
MAX malware (ai score=99) 20180716
McAfee Artemis!069C403E021B 20180716
McAfee-GW-Edition Artemis!Trojan 20180716
Microsoft TrojanDownloader:Win32/Troxen!rts 20180716
eScan Trojan.Generic.3031695 20180716
NANO-Antivirus Trojan.Win32.BHO.bvpkh 20180716
Panda Adware/WebSearch 20180716
Qihoo-360 Win32/Trojan.d86 20180716
Rising Downloader.Troxen!8.7F1 (CLOUD) 20180716
Sophos AV Generic PUA BJ (PUA) 20180716
Symantec PUA.Gen.2 20180716
Tencent Win32.Trojan.Bho.cnc 20180716
TheHacker Trojan/BHO.adqm 20180716
VIPRE Trojan.Win32.Generic!BT 20180716
ViRobot Trojan.Win32.BHO.155648.E 20180716
Webroot W32.Malware.Downloader 20180716
Yandex Trojan.DL.Agent!DjCbDyyYjt8 20180716
Zillya Trojan.BHO.Win32.6781 20180713
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180716
AhnLab-V3 20180716
Alibaba 20180713
ALYac 20180716
Avast 20180716
Avast-Mobile 20180716
Babable 20180406
Baidu 20180716
Bkav 20180716
CAT-QuickHeal 20180714
CMC 20180714
CrowdStrike Falcon (ML) 20180530
Cybereason 20180308
eGambit 20180716
Endgame 20180711
Sophos ML 20180601
Malwarebytes 20180716
Palo Alto Networks (Known Signatures) 20180716
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180716
TACHYON 20180716
TotalDefense 20180716
TrendMicro 20180716
TrendMicro-HouseCall 20180716
Trustlook 20180716
VBA32 20180716
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TODO: (c) <회사 이름>. All rights reserved.

Product TODO: <제품 이름>
Original name popguide_joy1004.dll
Internal name popguide_joy1004.dll
File version 1.0.0.1
Description TODO: <파일 설명>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-19 04:22:05
Entry Point 0x0000E083
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
HeapDestroy
DebugBreak
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
LoadResource
TlsGetValue
OutputDebugStringA
SetLastError
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
GetProcessHeap
lstrcpyA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
SizeofResource
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetEnvironmentStrings
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VarUI4FromStr
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
LoadRegTypeLib
SysAllocString
LoadTypeLib
SysFreeString
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrDllGetClassObject
NdrOleFree
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
ShellExecuteA
SHGetSpecialFolderPathA
FindWindowA
UnregisterClassA
CharNextA
LoadStringA
InternetCloseHandle
InternetOpenUrlA
InternetQueryDataAvailable
InternetOpenA
InternetReadFile
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
PE exports
Number of PE resources by type
REGISTRY 2
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
KOREAN 5
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Korean

FileFlagsMask
0x003f

CharacterSet
Windows, Korea (Shift - KSC 5601)

InitializedDataSize
53248

EntryPoint
0xe083

OriginalFileName
popguide_joy1004.dll

MIMEType
application/octet-stream

LegalCopyright
TODO: (c) < >. All rights reserved.

FileVersion
1.0.0.1

TimeStamp
2008:06:19 05:22:05+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
popguide_joy1004.dll

ProductVersion
1.0.0.1

FileDescription
TODO: < >

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: < >

CodeSize
98304

ProductName
TODO: < >

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 069c403e021be5b8f212c58845852ee8
SHA1 19cbf3ced0a5b71166a80053c63540dd9e7360ca
SHA256 d046049559683b3bf6037319f19603e17982f1814eb21ac2b01cb6cdc6edfc18
ssdeep
1536:GPrt+cYEIug2vaLJSH2Y7Axla5FOnvW3jusrNG/QpeVXyJkO3OWhWlIQQ+O2Rzxk:irtZsug2w42Y7qAqvWIPWAlIQQnizxQ

authentihash 899118ed8fadc2db963aeab8bcfac37ac09258bc3f56d776a7277fcfd75076de
imphash dca97ce1335fc7c098ca2c99c8a5d770
File size 152.0 KB ( 155648 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.1%)
Windows ActiveX control (29.5%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
pedll

VirusTotal metadata
First submission 2009-12-08 03:05:04 UTC ( 9 years, 5 months ago )
Last submission 2014-01-15 02:13:43 UTC ( 5 years, 4 months ago )
File names d046049559683b3bf6037319f19603e17982f1814eb21ac2b01cb6cdc6edfc18
1466994
t5cs07gq2.reg
output.1466994.txt
beWE5.msc
popguide_joy1004.dll
069C403E021BE5B8F212C58845852EE8
069c403e021be5b8f212c58845852ee8.dll
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!