× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec9f7c75523b87d5ec64b0f7f06651d3406a21025e1fcce465456b7ccca7ecb7
File name: vt-upload-cHBx6D
Detection ratio: 0 / 50
Analysis date: 2014-03-23 16:49:18 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20140323
Yandex 20140323
AhnLab-V3 20140323
AntiVir 20140323
Antiy-AVL 20140320
Avast 20140323
AVG 20140323
Baidu-International 20140323
BitDefender 20140323
Bkav 20140322
ByteHero 20140323
CAT-QuickHeal 20140323
ClamAV 20140323
CMC 20140319
Commtouch 20140323
Comodo 20140323
DrWeb 20140323
Emsisoft 20140323
ESET-NOD32 20140323
F-Prot 20140323
F-Secure 20140323
Fortinet 20140323
GData 20140323
Ikarus 20140323
Jiangmin 20140323
K7AntiVirus 20140321
K7GW 20140321
Kaspersky 20140323
Kingsoft 20140323
Malwarebytes 20140323
McAfee 20140323
McAfee-GW-Edition 20140323
Microsoft 20140323
eScan 20140323
NANO-Antivirus 20140323
Norman 20140323
nProtect 20140323
Panda 20140323
Qihoo-360 20140323
Rising 20140322
Sophos AV 20140323
SUPERAntiSpyware 20140323
Symantec 20140323
TheHacker 20140321
TotalDefense 20140323
TrendMicro 20140323
TrendMicro-HouseCall 20140323
VBA32 20140321
VIPRE 20140323
ViRobot 20140323
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name photowiz.dll
Internal name photowiz
File version 5.1.2600.5512 (xpsp.080413-0852)
Description ?????? ?????? ??????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-14 16:09:57
Entry Point 0x0000FD80
Number of sections 4
PE sections
PE imports
SetGraphicsMode
SetMapMode
CreateFontIndirectW
CreateHalftonePalette
CreatePen
SaveDC
SetICMMode
CreateRectRgnIndirect
LPtoDP
SetStretchBltMode
ModifyWorldTransform
Rectangle
GetDeviceCaps
DeleteDC
SetWorldTransform
RestoreDC
SetBkMode
SetLayout
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
GetObjectW
CreateDCW
CreateDIBSection
RealizePalette
SetTextColor
DPtoLP
SetAbortProc
GetStockObject
SetViewportOrgEx
SelectPalette
SetROP2
SelectClipRgn
CreateCompatibleDC
SetBrushOrgEx
EndPage
GetTextExtentPoint32W
AbortDoc
SetWindowExtEx
CreateSolidBrush
Polyline
SetViewportExtEx
SelectObject
StartDocW
GetLastError
EnterCriticalSection
lstrcpynW
lstrlenA
LoadLibraryW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
GetTickCount
GlobalUnlock
lstrlenW
lstrcatW
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetWindowsDirectoryW
SetThreadPriority
GetCurrentProcessId
LockResource
GetModuleHandleW
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
GlobalLock
GetLocaleInfoW
SuspendThread
GetModuleFileNameW
CompareStringW
lstrcpyW
GetFileSizeEx
WideCharToMultiByte
GetProcAddress
lstrcmpA
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
InterlockedIncrement
MulDiv
GetSystemTimeAsFileTime
lstrcpynA
lstrcmpW
WaitForMultipleObjects
FreeResource
FreeLibrary
LocalFree
FormatMessageW
TerminateProcess
ResumeThread
CreateEventW
FreeLibraryAndExitThread
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
InterlockedDecrement
Sleep
GetSystemWindowsDirectoryW
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
CloseHandle
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SHBindToParent
Ord(25)
Ord(155)
SHGetPathFromIDListW
Ord(754)
Ord(727)
SHGetFileInfoW
SHGetDesktopFolder
Ord(18)
Ord(12)
wnsprintfW
Ord(219)
StrRetToBufW
Ord(16)
StrToIntW
MapWindowPoints
GetMonitorInfoW
GetParent
UpdateWindow
DrawTextExW
BeginPaint
TranslateMessage
KillTimer
GetMessageW
ShowWindow
EndPaint
GetSysColorBrush
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
InflateRect
RegisterClassExW
MoveWindow
SendDlgItemMessageW
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
ReleaseDC
GetIconInfo
DestroyIcon
GetWindowLongW
DrawIconEx
OffsetRect
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
GetDC
InvalidateRect
PeekMessageW
SetTimer
LoadImageW
GetClassNameW
UnregisterClassW
PostThreadMessageW
FillRect
GetClientRect
MonitorFromWindow
RegisterClipboardFormatW
SetDlgItemInt
CreateWindowExW
MsgWaitForMultipleObjects
EnableWindow
GetUpdateRect
DrawTextW
DestroyWindow
DeviceCapabilitiesW
GetPrinterW
Ord(203)
EnumPrintersW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
GdipSetImageAttributesWrapMode
GdipGetImageHorizontalResolution
GdipCreateStringFormat
GdipImageSelectActiveFrame
GdipDrawRectangleI
GdipCreateSolidFill
GdipImageRotateFlip
GdipLoadImageFromStreamICM
GdipGetPropertyItemSize
GdipCloneBrush
GdipGetImageHeight
GdipGetGenericFontFamilySansSerif
GdipSetSmoothingMode
GdipCreateFromHDC2
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipDeleteFontFamily
GdipCreatePen1
GdipDisposeImage
GdipSetPageScale
GdipGetDC
GdipCreateHBITMAPFromBitmap
GdipBitmapSetResolution
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipGetFontHeight
GdipScaleWorldTransform
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipGetImageThumbnail
GdipGetImageBounds
GdipGraphicsClear
GdipDrawString
GdipCreateImageAttributes
GdipCreateFromHDC
GdipCreatePen2
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipDrawRectangle
GdipSetStringFormatAlign
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetPropertyItem
GdipAlloc
GdipCreateFromHWND
GdipCreateFont
GdiplusShutdown
GdipFillRectangle
GdipDrawImageI
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromHBITMAP
GdipDeletePen
GdipFillRectangleI
GdipSetInterpolationMode
GdipCreateFromHWNDICM
GdipGetImageType
GdipFree
GdipGetImageRawFormat
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipCloneImage
GdipReleaseDC
GdipDeleteFont
GdipSetPageUnit
GdipGetImageDecodersSize
GdipGetImageGraphicsContext
GdipGetImageDecoders
_except_handler3
malloc
_errno
_ftol
_adjust_fdiv
free
_onexit
wcstol
__dllonexit
_initterm
_vsnwprintf
NtQuerySystemInformation
CoInitializeEx
CoCreateInstance
ReleaseStgMedium
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
URLOpenBlockingStreamW
CoInternetParseUrl
PE exports
Number of PE resources by type
RT_HTML 10
RT_ICON 9
RT_DIALOG 6
RT_STRING 4
RT_BITMAP 2
RT_GROUP_ICON 2
REGINST 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 36
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
196096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0852)

TimeStamp
2008:04:14 17:09:57+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
photowiz

FileAccessDate
2014:03:23 17:51:13+01:00

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
5.1

FileCreateDate
2014:03:23 17:51:13+01:00

OriginalFilename
photowiz.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
82944

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

EntryPoint
0xfd80

ObjectFileType
Dynamic link library

File identification
MD5 983e46df29317c515cce85aaec478d82
SHA1 6401b69a0f0a8385ef6b24f774da539cc745fd93
SHA256 ec9f7c75523b87d5ec64b0f7f06651d3406a21025e1fcce465456b7ccca7ecb7
ssdeep
3072:bnw5RQL4IR6AShpST2KMm36tKi8U+cYMjUyglVdLXUF5065oIpiESScNKUY:zD4IRzCpST2KMe6tccYb/dLXailSMKU

imphash 41f596c8c075d3333d74da0feded61bb
File size 273.5 KB ( 280064 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (58.2%)
Windows ActiveX control (33.6%)
Windows Screen Saver (3.7%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.3%)
Tags
pedll

VirusTotal metadata
First submission 2014-03-23 16:49:18 UTC ( 4 years, 8 months ago )
Last submission 2014-03-23 16:49:18 UTC ( 4 years, 8 months ago )
File names photowiz.dll
photowiz
vt-upload-cHBx6D
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!