× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2d9f06da72929af0a1597e16c7cc9459f0d5a112f55d8d9d59581671e17ebac
File name: mir_core.dll
Detection ratio: 0 / 47
Analysis date: 2013-04-15 20:36:12 UTC ( 5 years, 8 months ago )
Antivirus Result Update
Yandex 20130415
AhnLab-V3 20130415
AntiVir 20130415
Antiy-AVL 20130415
Avast 20130415
AVG 20130415
BitDefender 20130415
ByteHero 20130415
CAT-QuickHeal 20130415
ClamAV 20130415
Commtouch 20130415
Comodo 20130415
DrWeb 20130415
Emsisoft 20130415
eSafe 20130415
ESET-NOD32 20130415
F-Prot 20130415
F-Secure 20130415
Fortinet 20130415
GData 20130415
Ikarus 20130415
Jiangmin 20130415
K7AntiVirus 20130412
K7GW 20130412
Kaspersky 20130415
Kingsoft 20130415
Malwarebytes 20130415
McAfee 20130415
McAfee-GW-Edition 20130415
Microsoft 20130415
eScan 20130415
NANO-Antivirus 20130415
Norman 20130415
nProtect 20130415
Panda 20130415
PCTools 20130415
Rising 20130412
Sophos AV 20130415
SUPERAntiSpyware 20130415
Symantec 20130415
TheHacker 20130415
TotalDefense 20130415
TrendMicro 20130415
TrendMicro-HouseCall 20130415
VBA32 20130415
VIPRE 20130415
ViRobot 20130415
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-31 09:37:08
Entry Point 0x000065D5
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetLastError
GetSystemTimeAsFileTime
EnterCriticalSection
DecodePointer
ReleaseMutex
TerminateThread
lstrlenA
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
lstrcmpiW
QueueUserAPC
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
lstrlenW
UnhandledExceptionFilter
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
InterlockedCompareExchange
EncodePointer
GetCurrentThread
lstrcpynW
lstrcpyW
RaiseException
WideCharToMultiByte
GetFileAttributesA
TlsFree
GetModuleHandleA
lstrcmpA
GetCurrentProcessId
InterlockedExchange
SetUnhandledExceptionFilter
CreateMutexW
CloseHandle
ResetEvent
lstrcpynA
FindFirstFileW
TerminateProcess
DuplicateHandle
WaitForMultipleObjects
GetModuleHandleW
OutputDebugStringA
GetFullPathNameA
FreeLibrary
SetThreadPriority
GetFileAttributesW
GetModuleFileNameA
CreateEventW
InitializeCriticalSection
FindClose
TlsGetValue
Sleep
GetFullPathNameW
TlsSetValue
GetCurrentThreadId
GetVersion
SleepEx
SetLastError
LeaveCriticalSection
_malloc_crt
malloc
_lock
sscanf
realloc
memset
fclose
__dllonexit
_wcslwr
fgets
_onexit
feof
_vsnwprintf
__clean_type_info_names_internal
_amsg_exit
strtol
??2@YAPAXI@Z
_beginthread
fseek
qsort
isxdigit
ftell
_strlwr
strncpy
strrchr
_initterm_e
wcsrchr
strchr
wcspbrk
_unlock
wcschr
_crt_debugger_hook
??3@YAXPAX@Z
free
_except_handler4_common
atoi
_wfopen
memcpy
_vsnprintf
strstr
memmove
_beginthreadex
_encoded_null
bsearch
__CppXcptFilter
wcsstr
_initterm
SetClassLongW
MsgWaitForMultipleObjectsEx
DefWindowProcW
SetWindowLongW
PeekMessageW
EnumChildWindows
TranslateMessage
PostMessageW
SetMenuItemInfoW
DispatchMessageW
CharNextExA
GetDlgCtrlID
SendMessageW
GetClassLongW
SetWindowTextW
SetTimer
GetClassNameW
IsDialogMessageW
GetMenuItemCount
GetWindowTextW
CreateWindowExW
GetWindowLongW
DestroyWindow
GetMenuItemInfoW
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:31 09:37:08+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
24064

LinkerVersion
10.0

FileAccessDate
2013:04:15 21:39:33+01:00

EntryPoint
0x65d5

InitializedDataSize
12288

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:04:15 21:39:33+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 ec79ceb2b5c763d90fc15400470fdc50
SHA1 1f6a07be5e5bbf2258b64450b0c546ef74b0cf49
SHA256 f2d9f06da72929af0a1597e16c7cc9459f0d5a112f55d8d9d59581671e17ebac
ssdeep
768:n3PUXAdcpRjHTrougmEBzwY1uqxBvsv/KditwPQ:38w01rhgB0Y1uqx+UP

File size 36.5 KB ( 37376 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (38.0%)
Generic Win/DOS Executable (11.7%)
DOS Executable Generic (11.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-04-15 20:36:12 UTC ( 5 years, 8 months ago )
Last submission 2013-04-15 20:36:12 UTC ( 5 years, 8 months ago )
File names mir_core.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!