× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0eda7cb0eb2618450e67f7254f234bbc4336c89a25d97e6b3bb1253f4be70a5
File name: 4e.dll
Detection ratio: 3 / 57
Analysis date: 2015-06-09 11:11:08 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Fortinet W32/Dridex.M!tr 20150609
Malwarebytes Trojan.Agent.EDG 20150609
Tencent Trojan.Win32.Qudamah.Gen.12 20150609
Ad-Aware 20150609
AegisLab 20150609
Yandex 20150608
AhnLab-V3 20150608
Alibaba 20150609
ALYac 20150609
Antiy-AVL 20150609
Arcabit 20150609
Avast 20150609
AVG 20150609
Avira (no cloud) 20150609
AVware 20150609
Baidu-International 20150609
BitDefender 20150609
Bkav 20150609
ByteHero 20150609
CAT-QuickHeal 20150609
ClamAV 20150609
CMC 20150604
Comodo 20150609
Cyren 20150609
DrWeb 20150609
Emsisoft 20150609
ESET-NOD32 20150609
F-Prot 20150609
F-Secure 20150609
GData 20150609
Ikarus 20150609
Jiangmin 20150608
K7AntiVirus 20150609
K7GW 20150609
Kaspersky 20150609
Kingsoft 20150609
McAfee 20150609
McAfee-GW-Edition 20150609
Microsoft 20150609
eScan 20150609
NANO-Antivirus 20150609
nProtect 20150609
Panda 20150608
Qihoo-360 20150609
Rising 20150609
Sophos AV 20150609
SUPERAntiSpyware 20150609
Symantec 20150609
TheHacker 20150607
TotalDefense 20150609
TrendMicro 20150609
TrendMicro-HouseCall 20150609
VBA32 20150608
VIPRE 20150609
ViRobot 20150609
Zillya 20150609
Zoner 20150608
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name dhcpcsvc.dll
Internal name dhcpcsvc.dll
File version 5.1.2601.5512 (xpsp.080413-0852)
Description ?????? DHCP-???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-08 18:53:12
Entry Point 0x0001F1F0
Number of sections 6
PE sections
PE imports
WTSGetActiveConsoleSessionId
BuildCommDCBA
FindAtomW
OpenWaitableTimerA
ReleaseSemaphore
SetLastError
FreeConsole
GetVolumeInformationW
DeleteTimerQueue
FoldStringW
EnumResourceLanguagesA
BackupWrite
GetDiskFreeSpaceExA
CreateFileMappingW
GetStdHandle
VarUI2FromR4
AnimateWindow
PostMessageW
SetCursor
iscntrl
isdigit
isgraph
memset
memcpy
NtMapViewOfSection
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1f1f0

OriginalFileName
dhcpcsvc.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2601.5512 (xpsp.080413-0852)

TimeStamp
2015:06:08 19:53:12+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
dhcpcsvc.dll

ProductVersion
5.1.2601.5512

FileDescription
DHCP-

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
140288

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 1994c977a4e6e6386e0ba17c0cffe5c9
SHA1 f654613c6872468faa58e094fa511f683c1d21f3
SHA256 e0eda7cb0eb2618450e67f7254f234bbc4336c89a25d97e6b3bb1253f4be70a5
ssdeep
12288:BmO/jU7qBRl5EHyQgwEZ+OQU9ftOqU89Q:BmO/jLBOSQMkEgqU89

authentihash e1414620ff8f0ef035d0499981596115b9cc8e9f21c9250577e4e57985351704
imphash 94ab497da296e1762e0fa18b1f73f615
File size 506.0 KB ( 518144 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-09 11:11:08 UTC ( 3 years, 11 months ago )
Last submission 2015-06-10 14:38:15 UTC ( 3 years, 11 months ago )
File names dhcpcsvc.dll
4e.dll
5.tmp
1B5D.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!