× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
File name: 3dmGameDll.dll
Detection ratio: 20 / 52
Analysis date: 2014-06-04 01:57:13 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
AVG Win32/Blacked 20140604
Baidu-International Trojan.Win32.VMProtect.BAAA 20140603
Comodo UnclassifiedMalware 20140603
ESET-NOD32 a variant of Win32/Packed.VMProtect.AAA 20140604
Ikarus Trojan.SuspectCRC 20140604
K7AntiVirus Trojan ( 0006651c1 ) 20140603
K7GW Trojan ( 0006651c1 ) 20140603
Kaspersky Trojan.Win32.Agent.icjg 20140604
McAfee Artemis!E18F11275398 20140604
McAfee-GW-Edition Artemis!E18F11275398 20140603
Microsoft VirTool:Win32/Obfuscator.XZ 20140604
Norman Suspicious_Gen2.VWOGM 20140603
nProtect Trojan.Generic.11324831 20140603
Panda Trj/Thed.W 20140603
Symantec Trojan.Gen.2 20140604
TrendMicro TROJ_GEN.R0CBC0OEU14 20140604
TrendMicro-HouseCall TROJ_GEN.R0CBC0OEU14 20140604
VBA32 Trojan.Agent 20140603
VIPRE Trojan.Win32.Generic!BT 20140604
ViRobot Trojan.Win32.S.Agent.419328.H 20140603
Ad-Aware 20140604
AegisLab 20140604
Yandex 20140602
AhnLab-V3 20140603
AntiVir 20140604
Antiy-AVL 20140603
Avast 20140604
BitDefender 20140604
Bkav 20140603
ByteHero 20140604
CAT-QuickHeal 20140603
ClamAV 20140603
CMC 20140530
Commtouch 20140604
DrWeb 20140604
Emsisoft 20140604
F-Prot 20140604
F-Secure 20140604
Fortinet 20140604
GData 20140604
Jiangmin 20140531
Kingsoft 20140604
Malwarebytes 20140604
eScan 20140604
NANO-Antivirus 20140604
Qihoo-360 20140604
Rising 20140603
Sophos AV 20140603
SUPERAntiSpyware 20140604
Tencent 20140604
TheHacker 20140602
TotalDefense 20140603
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2014-05-25 06:18:11
Entry Point 0x0006874C
Number of sections 10
PE sections
PE imports
GetStdHandle
HeapDestroy
EncodePointer
FlsGetValue
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
LocalFree
ResumeThread
InitializeCriticalSection
SetLastError
OpenThread
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlsSetValue
GetModuleFileNameA
HeapSetInformation
GetPrivateProfileStringA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetVersion
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetCurrentThreadId
RtlLookupFunctionEntry
RtlUnwindEx
CreateFileW
GetFileType
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
GetCurrentThread
SuspendThread
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2014:05:25 07:18:11+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
440320

LinkerVersion
10.0

EntryPoint
0x6874c

InitializedDataSize
218624

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e18f11275398ab3fd585321374488729
SHA1 096bed0083f0764d6135caae2df625692d44a8df
SHA256 e6dda7f9fd523b77ac6ec14c6f4ba029781d36c3c125b9c6f6f86587fd6e5546
ssdeep
3072:4bS5X5cUoeUPpcRHZAXd0JkkoBhBhd/ZT6qvcuf67cksX+aed8OfLDYJJ70sFBmT:4bShPo1pMaBXhxZT6qvcLYI/XkYJ4JX

authentihash 951c4ab18ebb1a83ecb0df011fae9f2b4353717b2dbebc8b51445b9af3d33de5
imphash bff16b645f7c8f8a399e191b8a09e219
File size 409.5 KB ( 419328 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits assembly pedll via-tor

VirusTotal metadata
First submission 2014-05-25 06:41:30 UTC ( 3 years, 8 months ago )
Last submission 2017-11-07 20:51:02 UTC ( 2 months, 1 week ago )
File names 3dmGameDll2.dll
473906
{B42AB613-A0B9-44D3-BF9C-3B4902EB0056}
0fcf5243d8b8e51677b0ca87d1638ec6_3dmGameDll.dll.safe
is-RBG6A.tmp
3dmGameDll.dll
3dmGameDll.dll
3dmgamedll.dll
test.dll
3DMGAMEDLL.DLL
3dmGameDll.dll
3dmgamedll.dll.7832.gzquar
d.dll
3dmGameDll.dll
3dmGameDll.dll
3dmGameDll.dll_
3dmGameDll.dll_old
file-7029210_dll
testuji.dll
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0EBO16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!