× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc34b1cd9132d5fba6841c112b2b3f4712ee01288fab2fa065acc5722603506b
File name: SHI.dll
Detection ratio: 0 / 54
Analysis date: 2014-07-01 08:40:14 UTC ( 3 tahun, 3 bulan ago ) View latest
Antivirus Result Update
Ad-Aware 20140701
AegisLab 20140701
Yandex 20140630
AhnLab-V3 20140630
AntiVir 20140701
Antiy-AVL 20140630
Avast 20140701
AVG 20140701
Baidu-International 20140701
BitDefender 20140701
Bkav 20140630
ByteHero 20140701
CAT-QuickHeal 20140701
ClamAV 20140701
CMC 20140630
Commtouch 20140701
Comodo 20140701
DrWeb 20140701
Emsisoft 20140701
ESET-NOD32 20140701
F-Prot 20140629
F-Secure 20140701
Fortinet 20140701
GData 20140701
Ikarus 20140701
Jiangmin 20140701
K7AntiVirus 20140630
K7GW 20140630
Kaspersky 20140701
Kingsoft 20140701
Malwarebytes 20140701
McAfee 20140701
McAfee-GW-Edition 20140701
Microsoft 20140701
eScan 20140701
NANO-Antivirus 20140701
Norman 20140701
nProtect 20140701
Panda 20140630
Qihoo-360 20140701
Rising 20140630
Sophos AV 20140701
SUPERAntiSpyware 20140701
Symantec 20140701
Tencent 20140701
TheHacker 20140630
TotalDefense 20140701
TrendMicro 20140701
TrendMicro-HouseCall 20140701
VBA32 20140630
VIPRE 20140701
ViRobot 20140701
Zillya 20140630
Zoner 20140701
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-01 08:37:55
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
GetAtomNameA
IsBadWritePtr
CreateThread
AddAtomA
FindAtomA
ExitProcess
DisableThreadLibraryCalls
VirtualProtect
Sleep
GetModuleFileNameA
GetModuleHandleA
IsBadReadPtr
MessageBoxA
malloc
strstr
_errno
system
free
abort
__dllonexit
fflush
memcpy
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:01 09:37:55+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
3584

LinkerVersion
2.56

EntryPoint
0x1000

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 e4aceaabfa3b85e91a4b61be5edc4c16
SHA1 fd72b787ba0577d10177b518fc9a5c90daf6d5b9
SHA256 fc34b1cd9132d5fba6841c112b2b3f4712ee01288fab2fa065acc5722603506b
ssdeep
96:tkhNWHvLOek9QFsBQpOj0X5Lf2QUyfbJFqgq3D2FXOzRyIxu3u+x+T+b+F1z+w+0:CKD9r4jE5LfBfeR1BfYMGSLjarS8/fMR

authentihash 2c5ef65b227fb2856a2fe13ef83bbd98d31348c5e481502b1a7989e906055e3f
imphash 31caab91b95dacc76fcbd03c323b466e
File size 16.1 KB ( 16533 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2014-07-01 08:40:14 UTC ( 3 tahun, 3 bulan ago )
Last submission 2014-07-01 08:40:14 UTC ( 3 tahun, 3 bulan ago )
File names SHI.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!