× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df24aa152e8b5123d62bfad250512e437c4a15ed40e90e6f0c6a2170611d3559
File name: 54bad4eab842cfb991aaf1686c00ea5b
Detection ratio: 0 / 46
Analysis date: 2014-03-08 00:37:43 UTC ( 5 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20140307
Yandex 20140307
AhnLab-V3 20140307
AntiVir 20140307
Antiy-AVL 20140308
Avast 20140308
AVG 20140307
Baidu-International 20140307
BitDefender 20140308
Bkav 20140306
ByteHero 20140227
CAT-QuickHeal 20140307
ClamAV 20140308
CMC 20140307
Commtouch 20140308
Comodo 20140308
DrWeb 20140308
Emsisoft 20140308
ESET-NOD32 20140308
F-Prot 20140307
F-Secure 20140308
Fortinet 20140308
GData 20140308
Ikarus 20140307
Jiangmin 20140307
K7AntiVirus 20140307
K7GW 20140307
Kaspersky 20140308
Kingsoft 20140308
Malwarebytes 20140308
McAfee 20140308
McAfee-GW-Edition 20140308
Microsoft 20140308
eScan 20140307
NANO-Antivirus 20140308
Norman 20140307
nProtect 20140307
Panda 20140307
Qihoo-360 20140308
Rising 20140307
Sophos AV 20140308
SUPERAntiSpyware 20140307
Symantec 20140308
TheHacker 20140305
TotalDefense 20140307
TrendMicro 20140307
TrendMicro-HouseCall 20140308
VBA32 20140307
VIPRE 20140307
ViRobot 20140307
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-28 15:42:13
Entry Point 0x00009281
Number of sections 5
PE sections
PE imports
CreateFontIndirectW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
CompareStringW
GetTickCount
DisableThreadLibraryCalls
GetCurrentProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
GetPrivateProfileIntA
DeleteFileA
GetDateFormatW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
InterlockedCompareExchange
WritePrivateProfileStringW
GetTempFileNameW
GetTimeFormatW
UnhandledExceptionFilter
WideCharToMultiByte
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
CreateEventW
IsDebuggerPresent
Sleep
GetCurrentThreadId
_malloc_crt
_purecall
malloc
??_U@YAPAXI@Z
__dllonexit
_CxxThrowException
memset
_vsnwprintf
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
_wcsdup
_encode_pointer
??_V@YAXPAX@Z
_itow
_initterm_e
_adjust_fdiv
_wcsicmp
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
_itoa
free
__CxxFrameHandler3
_except_handler4_common
memcpy
_vsnprintf
memmove
_decode_pointer
_encoded_null
__CppXcptFilter
_initterm
_ltow
_wtoi
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
SysFreeString
SafeArrayCreateVector
PathAppendA
PathFindFileNameW
PathCombineA
PathAppendW
PathCombineW
StrFormatByteSizeW
MapWindowPoints
RedrawWindow
RegisterWindowMessageW
GetPropW
EndDialog
KillTimer
ShowWindow
SetPropW
SetWindowLongW
MessageBoxW
GetWindowRect
InsertMenuItemW
SetDlgItemTextA
GetDlgItemTextA
SetWindowPos
SendDlgItemMessageW
GetAsyncKeyState
GetWindow
PostMessageW
CheckDlgButton
GetCursorPos
SendMessageW
GetWindowLongW
SendMessageA
GetClientRect
GetDlgItem
GetDlgItemTextW
CallWindowProcW
ScreenToClient
DeleteMenu
InvalidateRect
SetTimer
LoadImageW
IsDlgButtonChecked
SetDlgItemTextW
LoadCursorW
EnableWindow
PtInRect
SetCursor
CoCreateInstance
OleRun
PE exports
Number of PE resources by type
RT_STRING 5
RT_DIALOG 4
RT_BITMAP 1
Number of PE resources by language
ENGLISH UK 6
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:28 16:42:13+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
35840

LinkerVersion
9.0

FileAccessDate
2014:03:08 01:39:05+01:00

EntryPoint
0x9281

InitializedDataSize
64000

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:03:08 01:39:05+01:00

UninitializedDataSize
0

File identification
MD5 54bad4eab842cfb991aaf1686c00ea5b
SHA1 cc7f7128eb6d49fa3776c2df08319d634f64f145
SHA256 df24aa152e8b5123d62bfad250512e437c4a15ed40e90e6f0c6a2170611d3559
ssdeep
1536:v3jopVLN8waf575L0gjVPTOtQn5OiwtnkPK:v6owc75L0gjxOtO5lwtnkPK

imphash c0a058bdb0c07f8ac560b6efb5b83cd1
File size 81.5 KB ( 83456 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-08 00:37:43 UTC ( 5 years, 1 month ago )
Last submission 2014-03-08 00:37:43 UTC ( 5 years, 1 month ago )
File names 54bad4eab842cfb991aaf1686c00ea5b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!