× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1988a1876263837ca18b58d69028c3678dc3df51baf1721535df3204481e6a1
File name: scan32.dump
Detection ratio: 1 / 56
Analysis date: 2014-12-14 15:21:03 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
CMC Packed.Win32.Obfuscated.10!O 20141212
Ad-Aware 20141214
AegisLab 20141214
Yandex 20141213
AhnLab-V3 20141214
ALYac 20141214
Antiy-AVL 20141214
Avast 20141221
AVG 20141214
Avira (no cloud) 20141214
AVware 20141214
Baidu-International 20141214
BitDefender 20141214
Bkav 20141212
ByteHero 20141214
CAT-QuickHeal 20141213
ClamAV 20141214
Comodo 20141214
Cyren 20141214
DrWeb 20141214
Emsisoft 20141214
ESET-NOD32 20141214
F-Prot 20141214
F-Secure 20141214
Fortinet 20141213
GData 20141214
Ikarus 20141214
Jiangmin 20141213
K7AntiVirus 20141212
K7GW 20141213
Kaspersky 20141214
Kingsoft 20141221
Malwarebytes 20141214
McAfee 20141214
McAfee-GW-Edition 20141214
Microsoft 20141214
eScan 20141214
NANO-Antivirus 20141214
Norman 20141214
nProtect 20141212
Panda 20141214
Qihoo-360 20141214
Rising 20141213
Sophos AV 20141221
SUPERAntiSpyware 20141214
Symantec 20141214
Tencent 20141214
TheHacker 20141212
TotalDefense 20141214
TrendMicro 20141214
TrendMicro-HouseCall 20141221
VBA32 20141212
VIPRE 20141214
ViRobot 20141214
Zillya 20141212
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 18:06:22
Entry Point 0x000070D4
Number of sections 7
PE sections
PE imports
NtQuerySystemInformation
NtFreeVirtualMemory
SetThreadLocale
GetLastError
GetStdHandle
GetSystemInfo
GetVersionExW
FreeLibrary
ExitProcess
OutputDebugStringA
TlsAlloc
LoadLibraryA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
OpenProcess
GetCommandLineW
UnhandledExceptionFilter
GetStartupInfoW
ReadProcessMemory
GetProcAddress
RaiseException
CreateThread
TlsFree
WriteFile
CloseHandle
GetACP
GetModuleHandleW
LocalFree
GetVersion
InitializeCriticalSection
VirtualQuery
VirtualFree
VirtualQueryEx
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
MessageBoxA
HttpSendRequestA
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2014:11:27 19:06:22+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
22016

LinkerVersion
2.25

EntryPoint
0x70d4

InitializedDataSize
9216

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 1fa781b2ece5dfa36d51704c81e61e19
SHA1 d379bf330153c1bf742f59013ea6636e02ff28b4
SHA256 e1988a1876263837ca18b58d69028c3678dc3df51baf1721535df3204481e6a1
ssdeep
384:Kuu72/oqu8Bji4PmRPpDo5Ne6fW9BEpdJPz2muqNSIQUfsw9wt2BY9d/LLIOIx+L:FETYjiimgrOInJVQUf/w6Y9dUq

authentihash 4d7ef8ed4a7b4f1a5aede4e6912a61def4c78065a6143fb932f77221fcad2cdc
imphash a73e84c497b3b438d035fb335982a5d7
File size 31.5 KB ( 32256 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2014-12-14 15:21:03 UTC ( 2 years, 10 months ago )
Last submission 2015-01-02 17:01:44 UTC ( 2 years, 9 months ago )
File names vti-rescan
scan32.dump
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!