× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fbb30d9a0b0ab815312cdc29710d32a523198576ddf1b138eed48a71b5bafc16
File name: 067dbaa60c6b11fb69bab1701bcad085
Detection ratio: 39 / 48
Analysis date: 2014-01-15 05:19:25 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.21355 20140115
AntiVir TR/Crypt.XPACK.Gen 20140115
Avast Win32:Harnig-PE [Trj] 20140115
AVG Win32/DH.FFBD002B{Mw} 20140114
Baidu-International Trojan.Win32.Generic.Af 20131213
BitDefender Gen:Variant.Kazy.21355 20140115
CAT-QuickHeal Trojan.FakeAV 20140115
Commtouch W32/FakeAlert.PQ.gen!Eldorado 20140115
Comodo TrojWare.Win32.Kryptik.NEI 20140115
DrWeb Trojan.Advload.66 20140115
Emsisoft Gen:Variant.Kazy.21355 (B) 20140115
ESET-NOD32 a variant of Win32/Kryptik.NIS 20140115
F-Prot W32/FakeAlert.PQ.gen!Eldorado 20140114
F-Secure Gen:Variant.Kazy.21355 20140115
Fortinet W32/Krap.AON!tr 20140115
GData Gen:Variant.Kazy.21355 20140115
Ikarus Gen.Variant.Tdss 20140115
Jiangmin Trojan/Generic.fhot 20140115
K7AntiVirus Riskware ( 64e01af00 ) 20140114
K7GW Backdoor ( 04c4eaac1 ) 20140114
Kaspersky HEUR:Trojan.Win32.Generic 20140114
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.FakeAlert 20140115
McAfee PWS-Zbot.gen.jn 20140115
McAfee-GW-Edition PWS-Zbot.gen.jn 20140115
Microsoft TrojanDownloader:Win32/Harnig.S 20140115
eScan Gen:Variant.Kazy.21355 20140115
NANO-Antivirus Trojan.Win32.Kryptik.cfkwq 20140115
Norman FakeAV.ADUJ 20140114
Panda Adware/WindowsRecovery 20140114
Rising PE:Trojan.Win32.Generic.12A41960!312744288 20140115
Sophos AV Mal/FakeAV-EA 20140115
Symantec Packed.Generic.332 20140115
TheHacker Trojan/Kryptik.nis 20140115
TotalDefense Win32/FakeAV.AJ!generic 20140114
TrendMicro TROJ_KRYPTO.SMX 20140115
TrendMicro-HouseCall TROJ_KRYPTO.SMX 20140115
VBA32 BScope.Zbot.01470 20140114
VIPRE Trojan.Win32.FakeAv.awrp (v) 20140115
Yandex 20140114
AhnLab-V3 20140114
Antiy-AVL 20140114
Bkav 20140114
ByteHero 20140114
ClamAV 20140115
CMC 20140114
nProtect 20140114
SUPERAntiSpyware 20140115
ViRobot 20140115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name XACTSRV.DLL
Internal name XACTSRV.DLL
File version 5.1.2600.5512 (xpsp.080413-2113)
Description Downlevel API Server DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-05 21:16:50
Entry Point 0x0000111B
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegCreateKeyW
AdjustTokenPrivileges
RegDeleteKeyW
RegCreateKeyA
RegQueryValueExW
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
DeregisterEventSource
RegEnumKeyW
RegisterEventSourceA
RegOpenKeyW
RegEnumKeyA
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegQueryValueA
RegQueryInfoKeyA
RegEnumValueW
RegSetValueExW
InitializeSecurityDescriptor
RegSetValueExA
RegEnumValueA
ReportEventA
DirectDrawEnumerateA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetShortPathNameA
GetCPInfo
GetStringTypeA
WriteFile
MoveFileA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
GetUserDefaultLangID
GetModuleFileNameW
ExitProcess
FlushFileBuffers
RemoveDirectoryA
lstrcmpiW
GetVolumeInformationA
LoadLibraryExA
GetUserDefaultLCID
GetSystemDefaultLCID
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
_lclose
CreateSemaphoreA
CreateThread
SetFileAttributesA
GlobalAddAtomA
MulDiv
UnlockFile
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GlobalSize
GetStartupInfoA
GetDateFormatA
GlobalDeleteAtom
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
_lread
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
ResetEvent
GetTempFileNameA
FindNextFileA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
LockFile
GetModuleFileNameA
WinExec
VirtualFree
_lwrite
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
SetLocalTime
GetSystemDefaultLangID
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
FileTimeToLocalFileTime
SizeofResource
CreateProcessA
WideCharToMultiByte
HeapCreate
VirtualQuery
CreateProcessW
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
SamConnectWithCreds
SamRemoveMultipleMembersFromAlias
MapWindowPoints
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
CharPrevA
DdeSetUserHandle
SetMenuDefaultItem
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
DdeDisconnect
DdeCreateStringHandleA
IsWindow
DispatchMessageA
ClientToScreen
VkKeyScanA
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
GetMessageTime
VkKeyScanW
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
ReleaseDC
DdeInitializeA
GetClassInfoA
GetMenu
UnregisterClassA
TranslateMessage
OpenClipboard
GetWindowTextLengthA
DefFrameProcA
GetClientRect
ToAscii
CharLowerBuffA
DdeFreeStringHandle
GetScrollPos
CallNextHookEx
DdeFreeDataHandle
IsClipboardFormatAvailable
CharUpperA
CopyAcceleratorTableA
GetKeyboardState
GetActiveWindow
ShowCursor
GetUpdateRgn
EnumClipboardFormats
LockWindowUpdate
wsprintfA
MsgWaitForMultipleObjects
GetMenuItemCount
GetWindowTextA
InvalidateRgn
GetKeyState
DdeQueryStringA
DestroyWindow
IsRectEmpty
GetParent
UpdateWindow
SetPropA
DdeCmpStringHandles
EqualRect
DefWindowProcA
CreateCaret
GetClassInfoExA
ShowWindow
GetCaretPos
DrawFrameControl
GetDesktopWindow
CharToOemBuffA
GetClipboardFormatNameA
PeekMessageW
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
LoadImageA
PeekMessageA
IsCharAlphaA
GetQueueStatus
IsWindowEnabled
GetWindow
DestroyCaret
CreateCursor
GetIconInfo
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowRgn
DdeConnect
DrawMenuBar
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
GetDCEx
DdeClientTransaction
OemToCharA
GetKeyboardLayout
FillRect
EnumThreadWindows
CopyRect
WaitForInputIdle
DdeCreateDataHandle
CreateMenu
GetCursorPos
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
DdeAbandonTransaction
PostMessageA
BeginPaint
OffsetRect
SetCaretPos
DrawIcon
keybd_event
KillTimer
CharNextA
ClipCursor
SetTimer
DefMDIChildProcA
DrawFocusRect
GetClipboardData
SendDlgItemMessageA
CharLowerA
EnableMenuItem
SetScrollRange
DdeGetData
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
LoadAcceleratorsA
SetWindowLongA
SetKeyboardState
InvalidateRect
GetScrollInfo
SetScrollPos
WaitMessage
CreatePopupMenu
ShowCaret
GetMenuItemInfoA
GetLastActivePopup
PtInRect
CharUpperBuffW
CreateWindowExA
GetDlgItem
CreateDialogParamA
BringWindowToTop
AppendMenuA
FindWindowW
ScreenToClient
PostMessageW
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
AttachThreadInput
DestroyAcceleratorTable
BeginDeferWindowPos
GetMenuState
SetWindowsHookExW
GetSystemMenu
RemoveMenu
GetDC
SetForegroundWindow
PostThreadMessageA
CharToOemA
EmptyClipboard
GetCaretBlinkTime
EndPaint
CharLowerBuffW
IntersectRect
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
RemovePropA
FindWindowA
SetWindowTextA
MessageBeep
CheckMenuItem
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
DdeUninitialize
GetPropA
UnhookWindowsHookEx
SetDlgItemTextA
MessageBoxIndirectA
MoveWindow
DdePostAdvise
GetCursor
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
SetScrollInfo
RegisterClassExA
EndDeferWindowPos
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
IsWindowVisible
GetUpdateRect
SubtractRect
DdeNameService
SetCursorPos
WinHelpA
GetSubMenu
FrameRect
SetRect
DeleteMenu
MessageBoxA
SendMessageA
DdeQueryConvInfo
DrawTextA
AdjustWindowRect
CreateIcon
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
DdeGetLastError
ModifyMenuA
SetMenu
SetCursor
setsockopt
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
81920

InitializedDataSize
112640

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.5512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Downlevel API Server DLL

CharacterSet
Unicode

LinkerVersion
7.1

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.5512 (xpsp.080413-2113)

TimeStamp
2009:03:05 22:16:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XACTSRV.DLL

ProductVersion
5.1.2600.5512

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
XACTSRV.DLL

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1536

FileSubtype
0

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x111b

ObjectFileType
Dynamic link library

File identification
MD5 067dbaa60c6b11fb69bab1701bcad085
SHA1 8fdc318376ac0c4783c7c61a31c0802ccc6c018e
SHA256 fbb30d9a0b0ab815312cdc29710d32a523198576ddf1b138eed48a71b5bafc16
ssdeep
768:KlERIiRLoGczzHstrl+TXCjVeAOaQzzw+LqR7WlU17NY57sKEPthqF:KonREhHstrkTXCRObzcfZWlU1uxsKE4

File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2011-05-06 11:52:38 UTC ( 7 years, 7 months ago )
Last submission 2014-01-15 05:19:25 UTC ( 4 years, 11 months ago )
File names YYQ9FQ.tar.gz
vt-upload-lFgZJ
file-2212775_
[16495]gc.exe.#
067dbaa60c6b11fb69bab1701bcad085
gc.exe
NECj.reg
AE0A02AA00CBCBD184EC00C40F674800A4FE8771.tmp
XACTSRV.DLL
sample.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!