× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 651306b7e19b0be89075e6f5ce7508fe111cc571f03a68fd81b40e43586a6395
Nom du fichier : dpnhpast.dll
Ratio de détection : 53 / 68
Date d'analyse : 2017-11-06 04:04:32 UTC (il y a 7 mois, 2 semaines)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.Generic.6990772 20171106
AegisLab Troj.W32.FakeAV.ixdq!c 20171106
AhnLab-V3 Trojan/Win32.FakeAV.R16692 20171105
ALYac Trojan.Generic.6990772 20171104
Antiy-AVL Trojan/Win32.AGeneric 20171103
Arcabit Trojan.Generic.D6AABB4 20171106
Avast Win32:MalOb-IG [Cryp] 20171106
AVG Win32:MalOb-IG [Cryp] 20171106
Avira (no cloud) TR/Fake.Rean.2732 20171105
AVware LooksLike.Win32.Sirefef.h (v) 20171106
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20171103
BitDefender Trojan.Generic.6990772 20171106
CAT-QuickHeal Trojan.Agent 20171104
Comodo UnclassifiedMalware 20171106
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171030
Cylance Unsafe 20171106
Cyren W32/FakeAlert.SM.gen!Eldorado 20171106
DrWeb Trojan.Fakealert.20509 20171106
Emsisoft Trojan.Generic.6990772 (B) 20171106
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.WIT 20171106
F-Prot W32/FakeAlert.SM.gen!Eldorado 20171106
F-Secure Trojan.Generic.6990772 20171106
Fortinet W32/FakeAlert_Rena.56!tr 20171106
GData Trojan.Generic.6990772 20171106
Ikarus Trojan.Win32.FakeAV 20171105
Sophos ML heuristic 20170914
Jiangmin Trojan/Fakeav.aimy 20171105
Kaspersky HEUR:Trojan.Win32.Generic 20171106
MAX malware (ai score=83) 20171106
McAfee FakeAlert-Rena.am 20171031
McAfee-GW-Edition BehavesLike.Win32.Expiro.dh 20171106
Microsoft Rogue:Win32/FakeRean 20171106
eScan Trojan.Generic.6990772 20171106
NANO-Antivirus Trojan.Win32.Crypted.bdxwqf 20171106
nProtect Trojan/W32.Agent.302080.BX 20171106
Palo Alto Networks (Known Signatures) generic.ml 20171106
Panda Trj/Genetic.gen 20171105
Qihoo-360 Win32/Trojan.38b 20171106
Sophos AV Troj/Sirefef-T 20171106
SUPERAntiSpyware Trojan.Agent/Gen-FraudLoad 20171105
Symantec WindowsAVPro!gen1 20171106
Tencent Win32.Trojan.Generic.Hzdn 20171106
TheHacker Trojan/Kryptik.wit 20171102
TotalDefense Win32/FakeAV.BC!generic 20171105
TrendMicro TROJ_ZACCES.SMQK 20171106
TrendMicro-HouseCall TROJ_ZACCES.SMQK 20171106
VBA32 BScope.Trojan-Dropper.Injector 20171104
VIPRE LooksLike.Win32.Sirefef.h (v) 20171106
Webroot W32.Rogue.Gen 20171106
Zillya Trojan.FakeAV.Win32.160086 20171104
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171106
Alibaba 20170911
Avast-Mobile 20171105
Bkav 20171104
ClamAV 20171103
CMC 20171104
eGambit 20171106
K7AntiVirus 20171105
K7GW 20171106
Kingsoft 20171106
Malwarebytes 20171106
Rising 20171106
SentinelOne (Static ML) 20171019
Symantec Mobile Insight 20171103
Trustlook 20171106
ViRobot 20171106
WhiteArmor 20171104
Yandex 20171102
Zoner 20171106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name dpnhpast.dll
Internal name dpnhpast.dll
File version 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description Microsoft DirectPlay NAT Helper PAST
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 06:14:22
Entry Point 0x00004C0A
Number of sections 4
PE sections
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
SelectObject
GetTextMetricsW
SetMapMode
DeleteDC
CreateFontIndirectW
RestoreDC
SetBkMode
SetWindowOrgEx
GetStockObject
SaveDC
SetViewportOrgEx
CreateSolidBrush
CreateRectRgnIndirect
LPtoDP
GetObjectW
SetTextColor
SetBkColor
DeleteObject
Rectangle
GetTextExtentPointW
GetStdHandle
GetDriveTypeW
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
SearchPathW
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetWindowsDirectoryW
SetEvent
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
lstrcpyW
GetBinaryTypeW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
FindResourceW
LCMapStringA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
SHBindToParent
SHGetFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SetFocus
ClientToScreen
GetMessagePos
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
DestroyMenu
GetWindowTextW
ShowWindow
SetWindowPos
GetParent
BeginDeferWindowPos
SetWindowLongW
IsWindow
DestroyIcon
GetWindowRect
EnableWindow
EnumChildWindows
SendDlgItemMessageW
GetActiveWindow
GetWindow
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetKeyState
EndDeferWindowPos
ReleaseDC
CreatePopupMenu
SendMessageW
GetSystemMetrics
LoadStringW
GetClientRect
GetMenuItemInfoW
GetDlgItem
DrawTextW
UnionRect
GetNextDlgTabItem
ScreenToClient
DeleteMenu
InvalidateRect
LoadImageW
TrackPopupMenu
GetWindowTextLengthW
IsDialogMessageW
GetMenuItemCount
CreateAcceleratorTableW
DestroyAcceleratorTable
DeferWindowPos
GetDialogBaseUnits
GetFocus
GetWindowLongW
DestroyWindow
IsChild
PtInRect
RtlFreeUnicodeString
RtlUnwind
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAppendUnicodeToString
CoUninitialize
CoInitialize
OleRegGetMiscStatus
CoCreateInstance
OleRegEnumVerbs
OleRegGetUserType
CoTaskMemFree
CreateOleAdviseHolder
SfcIsFileProtected
CreateURLMoniker
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.3.2600.2180

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
348160

EntryPoint
0x4c0a

OriginalFileName
dpnhpast.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2004:08:04 07:14:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dpnhpast.dll

ProductVersion
5.03.2600.2180

FileDescription
Microsoft DirectPlay NAT Helper PAST

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
69632

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.3.2600.2180

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9ee76395619d5143be94db39e8f5f412
SHA1 3340feea8d54be43a0736bed97e6842c77616284
SHA256 651306b7e19b0be89075e6f5ce7508fe111cc571f03a68fd81b40e43586a6395
ssdeep
6144:7RYwqcuthCjKVaxICk5vvhl+Qa4HK78T1hKjAe47yIkkia:tjEAjeaIjcQd08TWjAeOia

authentihash d9d4b0f883368f62fb9fd1cab1d16658ffdb7822ef1979187c632535bb13b4df
imphash a717b61808e6dd5cadca4157a01a1280
File size 295.0 KB ( 302080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-11-30 15:45:39 UTC (il y a 6 ans, 6 mois)
Last submission 2016-12-09 23:35:26 UTC (il y a 1 an, 6 mois)
Noms du fichier 266A985500D0A35B9CCE04DBA9BDA500E71266AB.exe
fdl.exe
dpnhpast.dll
9EE76395619D5143BE94DB39E8F5F412
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests