× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db1981c98dd547d3d8be7908676d16b99becce357988e0eae82f2192fdff72ea
File name: MainBond
Detection ratio: 36 / 67
Analysis date: 2018-07-12 14:50:55 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware Adware.Generic.108658 20180712
AegisLab AdWare.W32.BHO.lgc!c 20180712
ALYac Hijacker.Shop-Point 20180712
Antiy-AVL GrayWare[AdWare]/Win32.BHO 20180712
Arcabit Adware.Generic.D1A872 20180712
AVG FileRepMetagen [Adw] 20180712
Avira (no cloud) ADWARE/Agent.108658 20180710
AVware Trojan.Win32.Generic!BT 20180712
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9836 20180712
BitDefender Adware.Generic.108658 20180712
ClamAV Win.Adware.BHO-7732 20180712
Comodo ApplicUnsaf.Win32.Dialer.Agent.~A 20180712
Cylance Unsafe 20180712
Cyren W32/GenPua.ED309776!Olympus 20180712
DrWeb Adware.Spoint 20180712
Emsisoft Adware.Generic.108658 (B) 20180712
ESET-NOD32 a variant of Win32/Adware.Kraddare.GA 20180712
F-Secure Adware.Generic.108658 20180712
Fortinet Adware/GCBack 20180712
GData Adware.Generic.108658 20180712
Jiangmin Adware/BHO.ddf 20180712
K7AntiVirus Unwanted-Program ( 005289cc1 ) 20180712
K7GW Unwanted-Program ( 005289cc1 ) 20180712
MAX malware (ai score=99) 20180712
McAfee Adware-GCBack 20180712
McAfee-GW-Edition Adware-GCBack 20180712
eScan Adware.Generic.108658 20180712
NANO-Antivirus Riskware.Win32.BHO.dsyei 20180712
Panda Trj/CI.A 20180712
Sophos AV Generic PUA HK (PUA) 20180712
Symantec ML.Attribute.HighConfidence 20180712
Tencent Win32.Risk.Agent.Alie 20180712
VIPRE Trojan.Win32.Generic!BT 20180712
ViRobot Adware.BHO.53248.HO 20180712
Webroot Adware.Bonus.Cash 20180712
Zillya Adware.BHO.Win32.2458 20180711
AhnLab-V3 20180712
Alibaba 20180712
Avast 20180712
Avast-Mobile 20180712
Babable 20180406
Bkav 20180712
CAT-QuickHeal 20180712
CMC 20180712
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
eGambit 20180712
Endgame 20180711
F-Prot 20180712
Ikarus 20180712
Sophos ML 20180601
Kaspersky 20180712
Kingsoft 20180712
Malwarebytes 20180712
Microsoft 20180712
Palo Alto Networks (Known Signatures) 20180712
Qihoo-360 20180712
Rising 20180712
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180712
TACHYON 20180712
TheHacker 20180712
TotalDefense 20180712
TrendMicro 20180712
TrendMicro-HouseCall 20180712
Trustlook 20180712
VBA32 20180712
Yandex 20180712
ZoneAlarm by Check Point 20180712
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2006

Product MainBond Module
Original name MainBond.DLL
Internal name MainBond
File version 1, 0, 0, 1
Description MainBond Module
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-27 08:39:41
Entry Point 0x0000645A
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
Ord(42)
Ord(57)
Ord(23)
Ord(58)
Ord(21)
Ord(30)
Ord(31)
Ord(16)
Ord(47)
Ord(15)
Ord(32)
Ord(18)
GetSystemTime
GetLastError
EnterCriticalSection
lstrlenA
FreeLibrary
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
LocalAlloc
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
CreateThread
GetExitCodeThread
CloseHandle
GetSystemDirectoryA
LocalFree
InitializeCriticalSection
InterlockedDecrement
Sleep
GetCurrentThreadId
InterlockedIncrement
LeaveCriticalSection
Ord(1131)
Ord(4080)
Ord(537)
Ord(1168)
Ord(939)
Ord(3136)
Ord(341)
Ord(826)
Ord(1253)
Ord(6143)
Ord(3259)
Ord(940)
Ord(815)
Ord(3922)
Ord(654)
Ord(6467)
Ord(5199)
Ord(5861)
Ord(941)
Ord(1243)
Ord(4465)
Ord(5300)
Ord(5858)
Ord(4202)
Ord(3738)
Ord(2982)
Ord(1575)
Ord(1182)
Ord(825)
Ord(600)
Ord(3081)
Ord(1176)
Ord(5307)
Ord(801)
Ord(1255)
Ord(4424)
Ord(540)
Ord(2554)
Ord(823)
Ord(5603)
Ord(2725)
Ord(539)
Ord(2764)
Ord(800)
Ord(2512)
Ord(541)
Ord(4274)
Ord(5683)
Ord(4079)
Ord(6663)
Ord(1197)
Ord(3147)
Ord(6375)
Ord(3953)
Ord(3262)
Ord(2614)
Ord(3346)
Ord(858)
Ord(2396)
Ord(6662)
Ord(3831)
Ord(3825)
Ord(1570)
Ord(2976)
Ord(342)
Ord(1089)
Ord(2985)
Ord(6140)
Ord(1577)
Ord(6877)
Ord(1116)
Ord(2818)
Ord(535)
Ord(3830)
Ord(4278)
Ord(3079)
Ord(1578)
Ord(4129)
Ord(5714)
Ord(5289)
Ord(861)
Ord(4277)
Ord(4622)
Ord(561)
Ord(924)
Ord(4486)
Ord(269)
Ord(4698)
Ord(926)
Ord(5302)
Ord(860)
Ord(5731)
_purecall
malloc
??1type_info@@UAE@XZ
memset
fclose
strcat
__dllonexit
div
fopen
strlen
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
_strlwr
memcmp
_filelength
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
_fileno
free
atoi
memcpy
strstr
_initterm
_EH_prolog
strcmp
LoadRegTypeLib
SysStringLen
SysAllocStringLen
SysStringByteLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
sqlite3_close
sqlite3_exec
sqlite3_open
wsprintfA
SendMessageTimeoutA
CreateWindowExA
IsWindow
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowLongA
FindWindowExA
SendMessageA
keybd_event
CallWindowProcA
MapVirtualKeyA
SetWindowLongA
RegisterWindowMessageA
DefWindowProcA
CallNextHookEx
GetClassNameA
HttpSendRequestA
InternetQueryDataAvailable
InternetSetCookieA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
PE exports
Number of PE resources by type
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
KOREAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
24576

ImageVersion
0.0

ProductName
MainBond Module

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MainBond Module

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
dll

OriginalFileName
MainBond.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2007:11:27 09:39:41+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MainBond

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2006

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x645a

ObjectFileType
Dynamic link library

File identification
MD5 ed309776c00ce93bbc92cd7bf8d2bb09
SHA1 7aca9063dac7930758c9273c8c00ba19187a9a06
SHA256 db1981c98dd547d3d8be7908676d16b99becce357988e0eae82f2192fdff72ea
ssdeep
768:1ss2xjmc39vL1xAyhbOsD80YzDxWASOVCMtRwrR:1YxjmevpJFA02UASODtkR

authentihash 1e648d0fbfa67e67bb7a1c28522dcfcad144ee480be1692dc92815b4af993bdf
imphash f67caca8d958db682f739bcbe4b471ab
File size 52.0 KB ( 53248 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.1%)
Windows ActiveX control (29.5%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2007-11-30 00:43:57 UTC ( 11 years, 5 months ago )
Last submission 2012-05-18 18:41:30 UTC ( 7 years ago )
File names db1981c98dd547d3d8be7908676d16b99becce357988e0eae82f2192fdff72ea
MainBond
aa
MainBond.DLL
1Q_Ls.dwg
1467649
spbho.dll
9WIRo.jar
output.1467649.txt
ED309776C00CE93BBC92CD7BF8D2BB09
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!