× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e38adf1d29cac36d1609bcc723cdc152d12dfbb0cbe8a291b69f7c10643aa5d9
File name: kbdmgr.dll
Detection ratio: 8 / 47
Analysis date: 2013-09-02 14:22:32 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Graftor.984 20130902
Emsisoft Gen:Variant.Graftor.984 (B) 20130902
ESET-NOD32 probably a variant of Win32/Farfli.LJ 20130902
F-Secure Gen:Variant.Graftor.984 20130902
GData Gen:Variant.Graftor.984 20130902
Ikarus Backdoor.Win32.Inject 20130902
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20130901
eScan Gen:Variant.Graftor.984 20130902
Yandex 20130902
AhnLab-V3 20130902
AntiVir 20130902
Antiy-AVL 20130830
Avast 20130902
AVG 20130902
Baidu 20130816
ByteHero 20130902
CAT-QuickHeal 20130902
ClamAV 20130902
Commtouch 20130902
Comodo 20130902
DrWeb 20130902
F-Prot 20130902
Fortinet 20130902
Jiangmin 20130902
K7AntiVirus 20130830
K7GW 20130830
Kaspersky 20130902
Kingsoft 20130829
Malwarebytes 20130902
McAfee 20130902
Microsoft 20130902
NANO-Antivirus 20130902
Norman 20130902
nProtect 20130902
Panda 20130902
PCTools 20130902
Rising 20130902
Sophos 20130902
SUPERAntiSpyware 20130902
Symantec 20130902
TheHacker 20130901
TotalDefense 20130830
TrendMicro 20130902
TrendMicro-HouseCall 20130902
VBA32 20130902
VIPRE 20130902
ViRobot 20130902
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2013

Internal name Microsoft(R) Windows(R) Operating System
File version 3, 9, 0, 0
Description Device Protect Application
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-14 02:56:32
Entry Point 0x0000E1F3
Number of sections 5
PE sections
PE imports
PeekNamedPipe
GetLastError
LocalReAlloc
EnterCriticalSection
ReleaseMutex
lstrlenA
WaitForSingleObject
FreeLibrary
GetTickCount
GetVersionExA
LoadLibraryA
RemoveDirectoryA
GetShortPathNameA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
OpenProcess
DeleteFileA
SetErrorMode
GetLocalTime
GetProcAddress
CancelIo
GetTempPathA
RaiseException
CreateThread
SetFilePointer
GetSystemDefaultUILanguage
DisconnectNamedPipe
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
WaitForMultipleObjects
SetEvent
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
CreateEventA
FindClose
Sleep
GetCurrentThreadId
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
ResetEvent
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
_except_handler3
__CxxFrameHandler
malloc
_CxxThrowException
strtok
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_adjust_fdiv
memmove
??3@YAXPAX@Z
free
ceil
_beginthreadex
sprintf
_ftol
calloc
_initterm
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
3.9.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

OriginalFileqqqq
csdf.dll

CharacterSet
Unicode

InitializedDataSize
24576

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2013

FileVersion
3, 9, 0, 0

TimeStamp
2013:06:14 03:56:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Microsoft(R) Windows(R) Operating System

FileAccessDate
2014:11:06 20:15:21+01:00

ProductVersion
3, 9, 0, 0

FileDescription
Device Protect Application

OSVersion
4.0

FileCreateDate
2014:11:06 20:15:21+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
55808

FileSubtype
0

ProductVersionNumber
3.9.0.0

EntryPoint
0xe1f3

ObjectFileType
Executable application

File identification
MD5 41ae059e71838e68b16b2019afc6dec5
SHA1 50b9767734d9661c1e3f28bdb9cd750190b749b9
SHA256 e38adf1d29cac36d1609bcc723cdc152d12dfbb0cbe8a291b69f7c10643aa5d9
ssdeep
1536:qyJYbqplvX54kGsBS+tNGKnrG02ccXWfe6eeUrtjSUQ:RjvSkjNGKrx2bXAe6eekdSUQ

authentihash 5545d580cb7451888e5b73fa8be8adc511e19d2c5888f39ac146eeb53901d262
imphash a0e6068e7444d5b3494c6d5496e7446b
File size 77.5 KB ( 79360 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2013-09-02 14:22:32 UTC ( 3 years, 8 months ago )
Last submission 2014-09-01 06:07:58 UTC ( 2 years, 8 months ago )
File names Microsoft(R) Windows(R) Operating System
kbdmgr.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!