× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edaf9629ea5d0ba91cbb5165db2f7487999d349e875047ff0527761f1e293e89
File name: 2.dll
Detection ratio: 2 / 57
Analysis date: 2015-04-02 12:51:43 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Fortinet W32/Dridex.M!tr 20150402
Tencent Trojan.Win32.Qudamah.Gen.14 20150402
Ad-Aware 20150402
AegisLab 20150402
Yandex 20150401
AhnLab-V3 20150402
Alibaba 20150402
ALYac 20150402
Antiy-AVL 20150402
Avast 20150402
AVG 20150402
Avira (no cloud) 20150402
AVware 20150402
Baidu-International 20150402
BitDefender 20150402
Bkav 20150402
ByteHero 20150402
CAT-QuickHeal 20150402
ClamAV 20150401
CMC 20150402
Comodo 20150402
Cyren 20150402
DrWeb 20150402
Emsisoft 20150402
ESET-NOD32 20150402
F-Prot 20150401
F-Secure 20150402
GData 20150402
Ikarus 20150402
Jiangmin 20150401
K7AntiVirus 20150402
K7GW 20150402
Kaspersky 20150402
Kingsoft 20150402
Malwarebytes 20150402
McAfee 20150402
McAfee-GW-Edition 20150401
Microsoft 20150402
eScan 20150402
NANO-Antivirus 20150402
Norman 20150402
nProtect 20150402
Panda 20150401
Qihoo-360 20150402
Rising 20150402
Sophos AV 20150402
SUPERAntiSpyware 20150402
Symantec 20150402
TheHacker 20150401
TotalDefense 20150402
TrendMicro 20150402
TrendMicro-HouseCall 20150402
VBA32 20150402
VIPRE 20150402
ViRobot 20150402
Zillya 20150402
Zoner 20150402
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name DInput8.dll
Internal name DInput8.dll
File version 5.03.2621.5512 (xpsp.080413-0845)
Description Microsoft DirectInput
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-07-26 04:31:58
Entry Point 0x00005D30
Number of sections 4
PE sections
PE imports
FreeLibrary
GetLastError
GetVolumePathNameW
RaiseException
LocalAlloc
GetModuleHandleA
LocalFree
GlobalAlloc
InterlockedExchange
GetLogicalDrives
LoadLibraryA
InterlockedCompareExchange
GetProcAddress
memset
_chkstk
memcpy
CoInternetCreateSecurityManager
PE exports
Number of PE resources by type
RT_STRING 93
RT_RCDATA 9
RT_VERSION 1
Number of PE resources by language
RUSSIAN 103
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
5.2

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.3.2621.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x5d30

OriginalFileName
DInput8.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.03.2621.5512 (xpsp.080413-0845)

TimeStamp
1992:07:26 05:31:58+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DInput8.dll

ProductVersion
5.03.2621.5512

FileDescription
Microsoft DirectInput

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
303104

ProductName
Microsoft Windows

ProductVersionNumber
5.3.2621.5512

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 62e780a6237c6f9fd0a8e16a2823562d
SHA1 9cecd711d41adf2369851fc4f97e519ae449dd25
SHA256 edaf9629ea5d0ba91cbb5165db2f7487999d349e875047ff0527761f1e293e89
ssdeep
6144:8LiFHbJZj7NMk4t93/nyLSqHug2B3xz6QfNwrn49uvasfw0+CYXwUmaCCt3kAUW:8Mrj7NMkO9vn0uX3kQSM9DsfT+AUmGt3

authentihash 644747ed97445e50c9c4532b2558f85666e679e7c403490535f408474dc6d254
imphash 7dcd8700838ed82138d42af9811a7b73
File size 348.0 KB ( 356352 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-02 12:51:43 UTC ( 2 years, 4 months ago )
Last submission 2017-04-16 16:40:08 UTC ( 4 months ago )
File names 3783.tmp
2015-04-02-follow-up-malware-after-the-first-download.dll
2.dll
2.tmp
2015-04-02-follow-up-malware-after-the-first-download.dll.txt
10.tmp
DInput8.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!