× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e020506da135769e6adb51c29b3e0965193afae344d709fb1a31bc386f43b1f0
File name: 2.dll
Detection ratio: 6 / 57
Analysis date: 2015-02-19 12:01:32 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.D1C1 20150213
Kaspersky UDS:DangerousObject.Multi.Generic 20150219
McAfee Artemis!D1AFAAA5D40F 20150219
McAfee-GW-Edition BehavesLike.Win32.Expiro.fc 20150219
Norman Kryptik.CCLG 20150219
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150219
Ad-Aware 20150219
AegisLab 20150219
Yandex 20150218
AhnLab-V3 20150219
Alibaba 20150219
ALYac 20150219
Antiy-AVL 20150219
Avast 20150219
AVG 20150219
Avira (no cloud) 20150219
AVware 20150219
Baidu-International 20150219
BitDefender 20150219
ByteHero 20150219
CAT-QuickHeal 20150219
ClamAV 20150219
CMC 20150214
Comodo 20150219
Cyren 20150219
DrWeb 20150219
Emsisoft 20150219
ESET-NOD32 20150219
F-Prot 20150219
F-Secure 20150219
Fortinet 20150219
GData 20150219
Ikarus 20150219
Jiangmin 20150216
K7AntiVirus 20150219
K7GW 20150219
Kingsoft 20150219
Malwarebytes 20150219
Microsoft 20150219
eScan 20150219
NANO-Antivirus 20150219
nProtect 20150218
Panda 20150219
Rising 20150218
Sophos AV 20150219
SUPERAntiSpyware 20150219
Symantec 20150219
Tencent 20150219
TheHacker 20150218
TotalDefense 20150219
TrendMicro 20150219
TrendMicro-HouseCall 20150219
VBA32 20150219
VIPRE 20150219
ViRobot 20150219
Zillya 20150218
Zoner 20150218
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name ADs
Internal name ADs
File version 5.1.3700.5512 (xpsp.080413-2113)
Description ?????????? DLL ?????? ?????????????? AD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-07-26 04:31:58
Entry Point 0x00006230
Number of sections 5
PE sections
PE imports
GetLastError
GetVersionExW
FreeLibrary
CopyFileA
SetFileApisToANSI
LoadLibraryA
GlobalSize
SetDefaultCommConfigW
LocalAlloc
SetFileShortNameA
GetAtomNameW
GetLogicalDrives
GetProcAddress
InterlockedCompareExchange
CommConfigDialogA
RaiseException
GetModuleHandleA
ZombifyActCtx
SetNamedPipeHandleState
InterlockedExchange
CreateFileMappingA
FindFirstFileExW
SetThreadExecutionState
GlobalAddAtomA
LocalFree
GetTimeZoneInformation
FindFirstVolumeA
SetConsoleMode
TlsSetValue
SetComputerNameExW
FindFirstVolumeW
OpenJobObjectA
MprConfigInterfaceTransportAdd
MprInfoBlockAdd
iswctype
memset
free
wcscspn
is_wctype
memcpy
PdhCloseQuery
Number of PE resources by type
RT_STRING 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3700.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
271360

OriginalFilename
ADs

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.3700.5512 (xpsp.080413-2113)

TimeStamp
1992:07:26 05:31:58+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ADs

ProductVersion
5.1.3700.5512

FileDescription
DLL AD

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
57856

ProductName
Microsoft Windows

ProductVersionNumber
5.1.3700.5512

EntryPoint
0x6230

ObjectFileType
Dynamic link library

File identification
MD5 d1afaaa5d40f2d908677b1b447f005b5
SHA1 79517b00995c5efcfaf87d91d46a17574bd732a9
SHA256 e020506da135769e6adb51c29b3e0965193afae344d709fb1a31bc386f43b1f0
ssdeep
6144:b/GUZNOpZjPSiFMvTPaJi/yp7O08GGcAzxFakxp+2iJIf2oZ5sc:TYVrFMvTPaIypDpqrakxp+x6OoZ+

authentihash 2cf5e57e16e279d34f4bc26f213336bc28e52b9b62e157f75380b85c6ead2554
imphash e6e41220be3c60cfec79474956932e18
File size 311.5 KB ( 318976 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-02-19 10:46:02 UTC ( 2 years, 10 months ago )
Last submission 2015-03-11 22:42:10 UTC ( 2 years, 9 months ago )
File names 8.tmp
26.tmp
bot_x32_d1afaaa5d40f2d908677b1b447f005b5.dll.bin
ADs
2.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!