× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7b973550ebbc7163fdd3c1e0589ba84f425d0ccbea69eb1273bac36b01eafbc
File name: 38.dll
Detection ratio: 18 / 57
Analysis date: 2015-06-15 10:28:23 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.Yakes 20150615
Avira (no cloud) TR/Crypt.ZPACK.13951 20150615
AVware Trojan.Win32.Generic!BT 20150615
Baidu-International Trojan.Win32.Yakes.kvpi 20150615
ESET-NOD32 Win32/Dridex.M 20150615
Fortinet W32/Yakes.KVPI!tr 20150615
GData Win32.Trojan.Agent.LUW0FP 20150615
Ikarus Trojan.Win32.Yakes 20150615
Kaspersky Trojan.Win32.Yakes.kvpi 20150615
McAfee Artemis!724683FA48C4 20150615
McAfee-GW-Edition BehavesLike.Win32.BadFile.gh 20150614
Panda Generic Suspicious 20150614
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20150615
Sophos AV Mal/Generic-L 20150615
Symantec W32.Cridex.B 20150615
Tencent Trojan.Win32.Qudamah.Gen.13 20150615
TrendMicro-HouseCall Suspicious_GEN.F47V0613 20150615
VIPRE Trojan.Win32.Generic!BT 20150615
Ad-Aware 20150615
AegisLab 20150615
Yandex 20150614
AhnLab-V3 20150615
Alibaba 20150614
ALYac 20150615
Arcabit 20150615
Avast 20150615
AVG 20150615
BitDefender 20150615
Bkav 20150612
ByteHero 20150615
CAT-QuickHeal 20150615
ClamAV 20150615
CMC 20150610
Comodo 20150615
Cyren 20150615
DrWeb 20150615
Emsisoft 20150615
F-Prot 20150615
F-Secure 20150615
Jiangmin 20150614
K7AntiVirus 20150615
K7GW 20150615
Kingsoft 20150615
Malwarebytes 20150615
Microsoft 20150615
eScan 20150615
NANO-Antivirus 20150614
nProtect 20150612
Rising 20150614
SUPERAntiSpyware 20150615
TheHacker 20150614
TotalDefense 20150615
TrendMicro 20150615
VBA32 20150613
ViRobot 20150615
Zillya 20150615
Zoner 20150615
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ?????????? (Microsoft Corp.). ??? ????? ????????.

Publisher ?????????? ?????????? (Microsoft Corp.)
Product Microsoft Data Access Components
Original name msorc32r.dll
Internal name msorc32r.dll
File version 2.575.1117.0 built by: (_sqlbld)
Description Microsoft Data Access - ??????? ODBC ??? ???????? Oracle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-12 10:09:40
Entry Point 0x0001F9F0
Number of sections 5
PE sections
PE imports
SetEnhMetaFileBits
GetFullPathNameA
GetFileAttributesExW
FindAtomW
LoadLibraryExA
GetTapeParameters
PeekNamedPipe
UpdateResourceA
CreateToolhelp32Snapshot
GetStringTypeExW
MapUserPhysicalPages
SetErrorMode
SetLastError
BuildCommDCBW
OpenJobObjectA
GetBinaryTypeA
VerSetConditionMask
SHInvokePrinterCommandA
ftell
rewind
_chkstk
strcspn
memset
iswdigit
isdigit
memcpy
NtMapViewOfSection
PdhBrowseCountersW
CreateAsyncBindCtx
FindMediaTypeClass
Number of PE resources by type
RT_STRING 16
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
RUSSIAN 19
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.575.1117.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0003

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x1f9f0

OriginalFileName
msorc32r.dll

MIMEType
application/octet-stream

LegalCopyright
(Microsoft Corp.). .

FileVersion
2.575.1117.0 built by: (_sqlbld)

TimeStamp
2015:06:12 11:09:40+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
msorc32r.dll

ProductVersion
2.575.1117.0

FileDescription
Microsoft Data Access - ODBC Oracle

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
(Microsoft Corp.)

CodeSize
163840

ProductName
Microsoft Data Access Components

ProductVersionNumber
2.575.1117.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 724683fa48c498a793d70161d46c811c
SHA1 f385a74ee2fc3aa7184e01725e6f25a9317663d2
SHA256 e7b973550ebbc7163fdd3c1e0589ba84f425d0ccbea69eb1273bac36b01eafbc
ssdeep
6144:PqJ2E1HzQ0Bq7jD/6M4QkwI/4ub3L0lW8NP6GbFNdeQp5aAT4NPQUvJtYt+Rz:SJ2E1T7M4zw+4ubIbNrz5eBit+Rz

authentihash eec64f4e1b0aa0260e00299ee7eb92a8cfd8c5daf2ca9733d9ab204dc504a726
imphash 5ed67f082bc869ad884b2f2cb57a0e10
File size 468.0 KB ( 479232 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-12 11:15:05 UTC ( 3 years, 11 months ago )
Last submission 2015-06-15 10:28:23 UTC ( 3 years, 11 months ago )
File names 7.tmp
msorc32r.dll
38.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!