× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d625140392d14af18c1cd48435699f67861550dd1e530ad026b8d269c6db9ea0
File name: 2.dll
Detection ratio: 9 / 56
Analysis date: 2015-04-01 12:21:22 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.DridexKD.2265359 20150401
BitDefender Trojan.DridexKD.2265359 20150401
Bkav HW32.Packed.C238 20150401
Emsisoft Trojan.DridexKD.2265359 (B) 20150401
F-Secure Trojan:W32/Dridex.D 20150401
Kaspersky UDS:DangerousObject.Multi.Generic 20150401
McAfee Generic PWS.o 20150401
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150401
Tencent Trojan.Win32.Qudamah.Gen.23 20150401
AegisLab 20150401
Yandex 20150331
AhnLab-V3 20150331
Alibaba 20150401
ALYac 20150401
Antiy-AVL 20150401
Avast 20150401
AVG 20150401
Avira (no cloud) 20150401
AVware 20150401
Baidu-International 20150401
ByteHero 20150401
CAT-QuickHeal 20150401
ClamAV 20150401
CMC 20150401
Comodo 20150401
Cyren 20150401
DrWeb 20150401
ESET-NOD32 20150401
F-Prot 20150401
Fortinet 20150401
GData 20150401
Ikarus 20150401
Jiangmin 20150331
K7AntiVirus 20150401
K7GW 20150401
Kingsoft 20150401
Malwarebytes 20150401
McAfee-GW-Edition 20150331
Microsoft 20150401
eScan 20150401
NANO-Antivirus 20150401
Norman 20150401
nProtect 20150401
Panda 20150401
Rising 20150401
Sophos AV 20150331
SUPERAntiSpyware 20150401
Symantec 20150401
TheHacker 20150330
TotalDefense 20150401
TrendMicro 20150401
TrendMicro-HouseCall 20150401
VBA32 20150331
VIPRE 20150401
ViRobot 20150401
Zillya 20150401
Zoner 20150330
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PortableDeviceApi.dll
File version 5.2.5723.5145 (WMP_11.061018-2006)
Description Windows Portable Device API Components
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-31 19:38:29
Entry Point 0x00008A30
Number of sections 8
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
DisableThreadLibraryCalls
SetThreadPriority
MapUserPhysicalPages
EnumCalendarInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetNamedPipeHandleStateW
InterlockedCompareExchange
QueryPerformanceFrequency
SetFilePointer
InterlockedFlushSList
FindResourceExW
ResetEvent
GetProcessWorkingSetSize
GetSystemTimes
SetComputerNameA
EnumDateFormatsExW
GetSystemTimeAdjustment
FindAtomW
GlobalAlloc
SetMessageWaitingIndicator
MprAdminMIBBufferFree
MprAdminMIBEntryGet
SHAppBarMessage
GetLastActivePopup
rename
memset
memcpy
PdhGetRawCounterValue
PdhSetCounterScaleFactor
Number of PE resources by type
TYPELIB 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
212992

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.2.5723.5145

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
PortableDeviceApi.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.2.5723.5145 (WMP_11.061018-2006)

TimeStamp
2015:03:31 20:38:29+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
5.2.5723.5145

FileDescription
Windows Portable Device API Components

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
95232

FileSubtype
0

ProductVersionNumber
5.2.5723.5145

EntryPoint
0x8a30

ObjectFileType
Dynamic link library

File identification
MD5 564597fd05a31456350bac5e6c075fc9
SHA1 b65c250c0c920ba72ce16c89625e55f4b69ced42
SHA256 d625140392d14af18c1cd48435699f67861550dd1e530ad026b8d269c6db9ea0
ssdeep
6144:SLsCVHwm0DHGyOM0XsPLAwKhduwWgWri47LK1bkS85TYZ7whnHri:SLsLmVycXMSuw/Wz7LK1Uxw

authentihash b4b0ffba8eaf0f1b902eda31bb31ec870e429d4052ec12bedc55e507884753d4
imphash b7c2817a4986617c72e0f78627ac96d8
File size 320.5 KB ( 328192 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-01 11:20:00 UTC ( 2 years, 7 months ago )
Last submission 2017-04-07 08:47:17 UTC ( 7 months, 2 weeks ago )
File names 2.dll
PortableDeviceApi.dll
564597fd05a31456350bac5e6c075fc9.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!