× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d2ddd2c7d9d215071830f288c1f2dfa014368e7a67429e0d5aad077df720c109
File name: 41BC3B5200E194D716830BA6354AA3006EE12D8C.dll
Detection ratio: 0 / 66
Analysis date: 2018-08-15 07:49:13 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware 20180815
AegisLab 20180815
AhnLab-V3 20180814
Alibaba 20180713
ALYac 20180815
Antiy-AVL 20180815
Arcabit 20180815
Avast 20180815
Avast-Mobile 20180815
AVG 20180815
Avira (no cloud) 20180814
AVware 20180815
Baidu 20180815
BitDefender 20180815
Bkav 20180814
CAT-QuickHeal 20180814
ClamAV 20180815
CMC 20180812
Comodo 20180815
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180815
Cyren 20180815
DrWeb 20180815
eGambit 20180815
Emsisoft 20180815
Endgame 20180730
ESET-NOD32 20180815
F-Prot 20180815
F-Secure 20180815
Fortinet 20180815
GData 20180815
Ikarus 20180814
Sophos ML 20180717
Jiangmin 20180815
K7AntiVirus 20180815
K7GW 20180815
Kaspersky 20180815
Kingsoft 20180815
Malwarebytes 20180815
MAX 20180815
McAfee 20180815
McAfee-GW-Edition 20180815
Microsoft 20180815
eScan 20180815
NANO-Antivirus 20180815
Palo Alto Networks (Known Signatures) 20180815
Panda 20180814
Qihoo-360 20180815
Rising 20180815
SentinelOne (Static ML) 20180701
Sophos AV 20180815
SUPERAntiSpyware 20180815
Symantec 20180815
Symantec Mobile Insight 20180814
TACHYON 20180815
Tencent 20180815
TheHacker 20180815
TotalDefense 20180815
TrendMicro 20180815
TrendMicro-HouseCall 20180815
Trustlook 20180815
VBA32 20180814
VIPRE 20180815
ViRobot 20180815
Webroot 20180815
Yandex 20180814
Zillya 20180814
ZoneAlarm by Check Point 20180815
Zoner 20180814
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-29 13:58:48
Entry Point 0x00001060
Number of sections 7
PE sections
PE imports
_ZN15CGlobalFunction19WideCharToMultiByteEPKtPcii
_ZN15CGlobalFunction10VdfPcVoiceEv
_ZN15CGlobalFunction20GetUserDataDirectoryEPti
_ZN15CGlobalFunction18GetModuleDirectoryEPti
_ZN15CGlobalFunction10SetSettingEPKtS1_S1_
_ZN15CGlobalFunction19MultiByteToWideCharEPKcPtii
_ZN6JMutex4InitEv
_ZN15CGlobalFunction10GetSettingEPKtS1_Pti
_ZN6JMutexD1Ev
_ZN6JMutex6UnlockEv
_ZN7JThread13ThreadStartedEv
_ZN15CGlobalFunction7wchrcpyEPtmPKtm
_ZN7JThreadC2Ev
_ZN15CGlobalFunction14IsFlyModeOrNotEv
_ZN7JThread4KillEv
_ZN7JThread5StartEv
_ZN15CGlobalFunction6chrcpyEPcmPKcm
_ZN7JThreadD2Ev
_ZN15CGlobalFunction9GetOSTypeEv
_ZN6JMutex4LockEv
_ZN6JMutexC1Ev
_Z15AnalyseCMEErrormPm
_ZN7JThread9IsRunningEv
GetLastError
EnterCriticalSection
WaitForSingleObject
TlsAlloc
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
MultiByteToWideChar
GetProcAddress
IsDBCSLeadByteEx
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
CloseHandle
InitializeCriticalSection
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ATRecord
TraceSrv_Trace
_ZN7CXCodec9DecoderPBEmPKhiPti
_ZN7CXCodecD1Ev
_ZN7CXCodecC1Ev
_Unwind_SetIP
_Unwind_GetIPInfo
__emutls_get_address
__deregister_frame_info
__udivdi3
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_GetDataRelBase
_Unwind_Resume
__register_frame_info
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_SetGR
__umoddi3
_Unwind_DeleteException
_Unwind_Resume_or_Rethrow
__mingwthr_key_dtor
strncmp
malloc
strerror
sscanf
realloc
setlocale
_ui64toa
fread
fclose
wcsftime
__dllonexit
_stricmp
abort
fprintf
toupper
_fstat
fflush
fopen
strlen
towupper
strncpy
tolower
strchr
fputc
getwc
_fdopen
_errno
fwrite
fseek
strftime
wcslen
fputs
ftell
strcpy
sprintf
iswctype
pow
ungetwc
_filbuf
_atoi64
towlower
_gcvt
strxfrm
time
_isctype
wcscoll
_pctype
free
getenv
atoi
wcsxfrm
atol
__lc_codepage
_write
atof
strcoll
memmove
_read
localeconv
strcmp
_lseek
setvbuf
__mb_cur_max
ungetc
putwc
_flsbuf
difftime
memchr
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2011:12:29 14:58:48+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
551936

LinkerVersion
2.56

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, No debug, DLL

EntryPoint
0x1060

InitializedDataSize
725504

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
9216

File identification
MD5 9f476a4b5f118b482e7f7508306e4b63
SHA1 61decd7cea8eb9cb7a17aea1238492d1d21eac66
SHA256 d2ddd2c7d9d215071830f288c1f2dfa014368e7a67429e0d5aad077df720c109
ssdeep
12288:sj0w09NGzB7i4erObMaGVAkEe/+AZ/u7uPh0+/wwnQT7mQjYPuYOmOYmZIC0u:sj09GzB7i4e6bxGVAkEjMu7mQjY7OHML

authentihash 7ea5156145a5de1f57a8ffb96b40d88f02d6c0019fc49064cb1291d4e11f4276
imphash 8cea0bdb33f803db31899c1cac2b03c9
File size 709.5 KB ( 726528 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2012-07-14 03:13:41 UTC ( 6 years, 4 months ago )
Last submission 2012-07-14 03:13:41 UTC ( 6 years, 4 months ago )
File names 41BC3B5200E194D716830BA6354AA3006EE12D8C.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!