× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4fa473a8ef97f09571979fe460e116e3445aa3ff88f972a56a539b49c511d8f
File name: mypic.dll
Detection ratio: 7 / 46
Analysis date: 2013-03-06 17:09:29 UTC ( 6 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Foreign 20130306
Emsisoft Gen:Trojan.Heur.LP.g04@aqM63jki (B) 20130306
ESET-NOD32 Win32/Reveton.N 20130306
Kaspersky Trojan-Ransom.Win32.Foreign.alyk 20130306
Malwarebytes Spyware.Zbot.ED 20130306
McAfee Ransom-FAKU!413F4A8A996F 20130306
Sophos AV Mal/Generic-S 20130306
Yandex 20130306
AntiVir 20130306
Antiy-AVL 20130306
Avast 20130306
AVG 20130306
BitDefender 20130306
ByteHero 20130304
CAT-QuickHeal 20130306
ClamAV 20130306
Commtouch 20130306
Comodo 20130306
DrWeb 20130306
eSafe 20130211
F-Prot 20130306
F-Secure 20130306
Fortinet 20130306
GData 20130306
Ikarus 20130306
Jiangmin 20130304
K7AntiVirus 20130306
Kingsoft 20130304
McAfee-GW-Edition 20130306
Microsoft 20130306
eScan 20130306
NANO-Antivirus 20130306
Norman 20130306
nProtect 20130306
Panda 20130306
PCTools 20130306
Rising 20130306
SUPERAntiSpyware 20130306
Symantec 20130306
TheHacker 20130305
TotalDefense 20130306
TrendMicro 20130306
TrendMicro-HouseCall 20130306
VBA32 20130305
VIPRE 20130306
ViRobot 20130306
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-06 10:40:53
Entry Point 0x00003900
Number of sections 13
PE sections
PE imports
GetTokenInformation
RegCloseKey
LookupAccountSidW
OpenProcessToken
RegSetValueExW
RegConnectRegistryW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExW
GetStockObject
VirtualAllocEx
LoadIconA
InvalidateRect
__p__fmode
malloc
__wgetmainargs
realloc
_wcsnicmp
_wgetcwd
wcstok
fprintf
fflush
wcstod
__winitenv
_cexit
_c_exit
strtok
wcslen
exit
_XcptFilter
__setusermatherr
wcsncpy
_controlfp
sprintf
_adjust_fdiv
__CxxFrameHandler
_wcsicmp
wcschr
__p__commode
free
wcsncmp
_except_handler3
calloc
_wtol
wcstol
wcsstr
_initterm
_exit
__set_app_type
_iob
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:06 11:40:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
12288

LinkerVersion
9.0

EntryPoint
0x3900

InitializedDataSize
91136

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 413f4a8a996f3725b3e2bd7fd32a98e6
SHA1 fce6f244a0bdf78f11274f6dae1f2d6860970be1
SHA256 e4fa473a8ef97f09571979fe460e116e3445aa3ff88f972a56a539b49c511d8f
ssdeep
1536:+cLaarg98PcWf31fj4HQ3r0jFA0oNAMxZlDgcxYnMSx9rpZPDx:n098PcWfBj8Q7q/oWSZVkMqD

File size 102.0 KB ( 104448 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-03-06 17:09:29 UTC ( 6 years ago )
Last submission 2013-03-10 08:16:04 UTC ( 6 years ago )
File names mypic.dll
413f4a8a996f3725b3e2bd7fd32a98e6
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!