× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f259feff8c187b51dabb766491df61c8f0de1345427b337536c2ee4550ac937d
File name: 1.dll
Detection ratio: 24 / 56
Analysis date: 2014-12-24 10:37:14 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.DridexKD.2046489 20141224
AVware Win32.Malware!Drop 20141224
Baidu-International Trojan.Win32.Dridex.bG 20141224
BitDefender Trojan.DridexKD.2046489 20141224
Bkav HW32.Packed.4CE0 20141223
Cyren W32/Dridex.SCUQ-1116 20141224
Emsisoft Trojan.DridexKD.2046489 (B) 20141224
ESET-NOD32 Win32/Dridex.G 20141224
F-Prot W32/Dridex.F 20141224
F-Secure Trojan.DridexKD.2046489 20141224
GData Trojan.DridexKD.2046489 20141224
Ikarus Trojan.Win32.Dridex 20141224
K7GW Trojan ( 004b22df1 ) 20141224
McAfee RDN/Generic BackDoor!b2r 20141224
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20141224
Microsoft Backdoor:Win32/Drixed.C 20141224
eScan Trojan.DridexKD.2046489 20141224
nProtect Trojan.DridexKD.2046489 20141224
Qihoo-360 HEUR/QVM40.1.Malware.Gen 20141224
Sophos AV Troj/Dridex-G 20141224
Symantec Trojan.Gen.2 20141224
TrendMicro TSPY_URSNIF.XXPU 20141224
TrendMicro-HouseCall TSPY_URSNIF.XXPU 20141224
VIPRE Win32.Malware!Drop 20141224
AegisLab 20141224
Yandex 20141222
AhnLab-V3 20141224
ALYac 20141224
Antiy-AVL 20141224
Avast 20141224
AVG 20141224
Avira (no cloud) 20141224
ByteHero 20141224
CAT-QuickHeal 20141224
ClamAV 20141224
CMC 20141218
Comodo 20141224
DrWeb 20141224
Fortinet 20141224
Jiangmin 20141223
K7AntiVirus 20141223
Kaspersky 20141224
Kingsoft 20141224
Malwarebytes 20141224
NANO-Antivirus 20141224
Norman 20141224
Panda 20141223
Rising 20141224
SUPERAntiSpyware 20141224
Tencent 20141224
TheHacker 20141222
TotalDefense 20141224
VBA32 20141223
ViRobot 20141224
Zillya 20141223
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name SXS.DLL
Internal name SXS.DLL
File version 5.1.2600.5512 (xpsp.080413-2111)
Description Fusion 2.5
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-23 08:07:23
Entry Point 0x00007E40
Number of sections 7
PE sections
PE imports
PauseClusterNode
ClusterResourceTypeCloseEnum
ClusterRegSetKeySecurity
OnlineClusterGroup
ClusterRegSetValue
GetClusterResourceKey
RemoveClusterResourceNode
GetClusterKey
RemoveClusterResourceDependency
ClusterNodeControl
ClusterRegOpenKey
GetClusterFromNetInterface
ClusterRegCloseKey
ClusterNetworkCloseEnum
ClusterNodeEnum
CreateDIBPatternBrushPt
SetBkColor
SaveDC
GetTextExtentPointW
GetPrivateProfileSectionNamesA
CancelDeviceWakeupRequest
Toolhelp32ReadProcessMemory
GetDriveTypeW
GetConsoleOutputCP
GetPrivateProfileStructA
GetFileAttributesA
DeactivateActCtx
PurgeComm
FindFirstFileW
EncodePointer
ReplaceFileW
GetFileAttributesW
GetCommandLineW
GetStdHandle
DuplicateHandle
GetExitCodeProcess
GetProfileIntA
GetVolumePathNamesForVolumeNameW
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
LocalFree
CompareFileTime
Heap32Next
GetStringTypeW
LocalAlloc
lstrcatA
GetVolumeInformationW
ExitProcess
SetErrorMode
WritePrivateProfileStringW
LockFile
GetConsoleProcessList
GetTapePosition
QueryMemoryResourceNotification
HeapWalk
CommConfigDialogA
TerminateJobObject
WaitCommEvent
SetStdHandle
GetFileTime
FindFirstVolumeMountPointA
GetTempPathA
GetCPInfo
GetThreadIOPendingFlag
WriteConsoleOutputA
SetComputerNameW
InterlockedExchange
BackupRead
GetTempPathW
MoveFileA
SetLocalTime
GetSystemTimeAsFileTime
GetThreadTimes
GlobalMemoryStatusEx
SetComputerNameA
EnumCalendarInfoExA
FindActCtxSectionStringW
SetEvent
SetConsoleCP
HeapLock
GetDriveTypeA
InitAtomTable
FreeLibraryAndExitThread
VerLanguageNameW
FindFirstVolumeMountPointW
GetStringTypeExW
GetLogicalDriveStringsW
TlsGetValue
MoveFileW
EnumDateFormatsA
SetLocaleInfoW
BeginUpdateResourceA
SetLastError
EnumUILanguagesW
PeekNamedPipe
OpenThread
ReadConsoleInputA
FindNextFileA
GlobalFindAtomW
GetNamedPipeInfo
UpdateResourceW
FindNextVolumeA
TryEnterCriticalSection
SetLocaleInfoA
DeleteTimerQueueEx
ReadConsoleInputW
GetSystemDefaultLCID
RemoveDirectoryA
GlobalHandle
SetConsoleScreenBufferSize
FillConsoleOutputCharacterW
VerSetConditionMask
FoldStringA
EnumCalendarInfoA
EnumSystemLocalesA
LoadLibraryExA
Sleep
GetPrivateProfileStringA
SetThreadPriority
DefineDosDeviceW
SetCalendarInfoA
GetCalendarInfoW
WritePrivateProfileSectionW
WriteConsoleInputW
CreateActCtxA
UnhandledExceptionFilter
SetFileShortNameA
MultiByteToWideChar
EnumCalendarInfoW
SetProcessAffinityMask
GetPrivateProfileStringW
DeleteTimerQueue
DeleteVolumeMountPointA
CreateMutexA
GetVolumeNameForVolumeMountPointA
EraseTape
GetSystemDefaultUILanguage
Module32NextW
GetSystemDirectoryW
ReadConsoleA
GetExitCodeThread
SetNamedPipeHandleState
GetFirmwareEnvironmentVariableA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetProcessPriorityBoost
SetHandleInformation
MulDiv
IsProcessorFeaturePresent
EnumSystemLanguageGroupsW
GetDateFormatA
GetSystemDirectoryA
HeapCreate
LocalUnlock
SetEnvironmentVariableA
GetPrivateProfileIntW
Module32Next
GlobalUnWire
GetDiskFreeSpaceExA
SearchPathW
GetProcessShutdownParameters
GetModuleHandleExW
GetProfileIntW
GetEnvironmentVariableW
DebugActiveProcess
SearchPathA
FindAtomA
lstrcatW
FindNextChangeNotification
SetEndOfFile
GetLocaleInfoA
SetFirmwareEnvironmentVariableA
GetCurrentThreadId
GetProcAddress
SleepEx
GetModuleHandleA
ReadConsoleOutputA
LocalCompact
InitializeCriticalSectionAndSpinCount
HeapFree
GetConsoleFontSize
GetThreadPriorityBoost
FillConsoleOutputCharacterA
EndUpdateResourceW
FindVolumeClose
CreateMailslotW
GetOEMCP
SetVolumeMountPointA
SetFileApisToANSI
ClearCommError
VirtualProtect
GetVersionExA
WriteConsoleOutputAttribute
FatalExit
WaitForSingleObjectEx
ExitThread
FreeLibrary
CopyFileW
GlobalSize
GetProcessIoCounters
GetWindowsDirectoryW
TzSpecificLocalTimeToSystemTime
GetFileSize
AddAtomA
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
SetFileValidData
GetDateFormatW
CreateTimerQueueTimer
SetThreadExecutionState
LoadModule
SetVolumeMountPointW
GetDiskFreeSpaceA
WaitForMultipleObjects
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetThreadContext
GetComputerNameExA
CreateFileMappingW
AssignProcessToJobObject
GlobalWire
GetLogicalDrives
lstrcpynA
GetConsoleTitleW
GlobalReAlloc
EnumDateFormatsExA
SetConsoleWindowInfo
EnumDateFormatsExW
FindNextFileW
GlobalFix
BackupWrite
LoadLibraryW
GetThreadSelectorEntry
GetProfileStringA
GetTimeFormatA
GetTempFileNameA
Thread32Next
Process32First
lstrcmpW
GetLargestConsoleWindowSize
ExpandEnvironmentStringsA
GetBinaryTypeA
SetCommTimeouts
GetPrivateProfileSectionW
GetNamedPipeHandleStateW
GetProcessAffinityMask
CreateEventW
OpenJobObjectW
GetCurrencyFormatA
VirtualProtectEx
SetVolumeLabelA
SetMessageWaitingIndicator
CreateFileA
GetProcessTimes
PrepareTape
GetLocaleInfoW
RemoveVectoredExceptionHandler
InterlockedIncrement
GetLastError
IsValidCodePage
SetConsoleOutputCP
LoadLibraryExW
LoadLibraryA
QueryDepthSList
FindFirstChangeNotificationA
CreateNamedPipeW
lstrlenA
GlobalFree
GlobalGetAtomNameW
FindResourceW
LCMapStringA
GetSystemWindowsDirectoryW
OpenWaitableTimerW
MprConfigInterfaceTransportSetInfo
MprAdminDeviceEnum
MprConfigInterfaceTransportAdd
MprAdminServerConnect
MprAdminConnectionGetInfo
MprConfigTransportGetInfo
MprAdminUserSetInfo
MprConfigInterfaceCreate
VarR4CmpR8
LPSAFEARRAY_UserSize
VarR4FromDec
VarBstrCmp
VarUI2FromR4
BSTR_UserFree
GetErrorInfo
VarCyRound
VarCyFromUI2
VarBstrFromR8
SHGetFileInfoA
DragQueryFileW
SHIsFileAvailableOffline
ExtractIconA
DuplicateIcon
ExtractIconW
Ord(179)
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHAppBarMessage
DragQueryFileA
SHLoadNonloadedIconOverlayIdentifiers
Ord(180)
Shell_NotifyIconA
rename
rand
tmpfile
wprintf
wcstoul
strxfrm
fclose
mbtowc
fwprintf
wcstok
memset
remove
printf
isdigit
isalpha
fflush
ispunct
strlen
iswgraph
strncpy
strtol
clearerr
strcspn
strtok
feof
scanf
fgetpos
fsetpos
fputs
vfwprintf
wcsncat
sprintf
iswctype
rewind
srand
isspace
strncat
fread
isleadbyte
ferror
asctime
fgetwc
memcpy
strcat
isgraph
wcsncmp
vfprintf
atol
calloc
ungetwc
realloc
iswupper
towupper
perror
fputws
fscanf
wcstombs
fwscanf
iswlower
wcscpy
atoi
strspn
fputwc
freopen
fwrite
localeconv
CoCreateInstance
PdhEnumObjectsA
PdhAddCounterA
PdhCloseQuery
PdhGetCounterInfoA
PdhCollectQueryDataEx
PdhLookupPerfNameByIndexW
PdhParseCounterPathW
RevokeFormatEnumerator
CoInternetGetSecurityUrl
CoInternetCompareUrl
CreateURLMoniker
URLDownloadToCacheFileW
FindMediaTypeClass
RegisterFormatEnumerator
UrlMkSetSessionOption
CreateAsyncBindCtx
ReleaseBindInfo
Number of PE resources by type
RT_ICON 12
RT_STRING 3
RT_DIALOG 2
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 21
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Fusion 2.5

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
303104

EntryPoint
0x7e40

OriginalFileName
SXS.DLL

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-2111)

TimeStamp
2014:12:23 09:07:23+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
SXS.DLL

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
49152

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 a2954065cff8924665c93d64103ae5ea
SHA1 a1656faa8676595395495b298a5385e9248694d3
SHA256 f259feff8c187b51dabb766491df61c8f0de1345427b337536c2ee4550ac937d
ssdeep
6144:1G7qVkdW/YV9Pjz7mkGNoNpRJ8Cq+EwF18pTjRjZDEza+FRp7CtQ:F2TtjzSkGmzJbrESsvRjZDkaU1

authentihash 1ca57df921f26adb7bbfc340ee7eb0c34dc9b4cd4cfefb616ae5c7435a037d33
imphash c0135d9a433a03fdbbd127b55dc53123
File size 340.0 KB ( 348160 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (29.5%)
Win64 Executable (generic) (26.1%)
Microsoft Visual C++ compiled executable (generic) (15.6%)
Windows screen saver (12.4%)
Win32 Dynamic Link Library (generic) (6.2%)
Tags
pedll

VirusTotal metadata
First submission 2014-12-23 11:25:57 UTC ( 4 years, 5 months ago )
Last submission 2015-03-30 06:45:38 UTC ( 4 years, 1 month ago )
File names SXS.DLL
12C.tmp
miam2.bin
1.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!