× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: 6ae2796aac066dc0066ff9d05f693a4d338472e90b74a1db10264f7eb19fcd29
Nome do arquivo: [www.OldSchoolHack.de]_ESP3.dll
Taxa de detecção: 1 / 56
Data da análise: 2015-07-04 18:03:44 UTC ( 3 anos, 3 meses atrás )
Antivírus Resultado Atualização
Symantec WS.Reputation.1 20150704
Ad-Aware 20150704
AegisLab 20150704
Yandex 20150630
AhnLab-V3 20150704
Alibaba 20150630
ALYac 20150704
Antiy-AVL 20150704
Arcabit 20150630
Avast 20150704
AVG 20150704
Avira (no cloud) 20150704
AVware 20150704
Baidu-International 20150704
BitDefender 20150704
Bkav 20150704
ByteHero 20150704
CAT-QuickHeal 20150704
ClamAV 20150704
Comodo 20150704
Cyren 20150704
DrWeb 20150704
Emsisoft 20150704
ESET-NOD32 20150704
F-Prot 20150704
F-Secure 20150704
Fortinet 20150704
GData 20150702
Ikarus 20150704
Jiangmin 20150703
K7AntiVirus 20150704
K7GW 20150704
Kaspersky 20150704
Kingsoft 20150704
Malwarebytes 20150704
McAfee 20150704
McAfee-GW-Edition 20150704
Microsoft 20150704
eScan 20150704
NANO-Antivirus 20150704
nProtect 20150703
Panda 20150704
Qihoo-360 20150704
Rising 20150704
Sophos AV 20150704
SUPERAntiSpyware 20150703
Tencent 20150704
TheHacker 20150702
TotalDefense 20150704
TrendMicro 20150704
TrendMicro-HouseCall 20150704
VBA32 20150703
VIPRE 20150704
ViRobot 20150704
Zillya 20150704
Zoner 20150704
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-08 20:18:58
Entry Point 0x00006703
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SwapBuffers
DeleteDC
CreateRectRgn
DescribePixelFormat
CreateSolidBrush
ChoosePixelFormat
SetPixelFormat
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
Process32NextW
GetCurrentProcess
Module32FirstW
GetCurrentProcessId
OpenProcess
ReadProcessMemory
Process32FirstW
GetProcessId
CreateThread
Module32NextW
CloseHandle
IsProcessorFeaturePresent
ExitThread
DecodePointer
GetModuleHandleW
Sleep
GetCurrentThreadId
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bid@locale@std@@QAEIXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Syserror_map@std@@YAPBDH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Winerror_map@std@@YAPBDH@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
_malloc_crt
_purecall
??0bad_cast@std@@QAE@ABV01@@Z
fgetpos
fputc
fgetc
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
fclose
__dllonexit
_wcsicmp
fflush
fsetpos
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
memcpy_s
??2@YAPAXI@Z
fwrite
_lock
_onexit
_initterm_e
strtol
_CxxThrowException
_libm_sse2_sqrt_precise
??1bad_cast@std@@UAE@XZ
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
_fseeki64
memcpy
??0exception@std@@QAE@ABV01@@Z
__crtUnhandledException
??0bad_cast@std@@QAE@PBD@Z
memmove
_libm_sse2_pow_precise
_lock_file
_calloc_crt
setvbuf
__CppXcptFilter
ungetc
_initterm
_unlock_file
memchr
wglDeleteContext
glVertex2f
glMatrixMode
wglMakeCurrent
wglCreateContext
glViewport
glClear
glEnd
glOrtho
glLineWidth
glBegin
glColor4f
glClearColor
SetLayeredWindowAttributes
BeginPaint
DefWindowProcW
FindWindowW
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
MessageBoxW
GetWindowRect
EndPaint
TranslateMessage
DispatchMessageW
GetAsyncKeyState
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
GetDC
InvalidateRect
CreateWindowExW
RegisterClassExW
DestroyWindow
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:06:08 21:18:58+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
25088

LinkerVersion
12.0

EntryPoint
0x6703

InitializedDataSize
46592

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 180be315e5b04476be6b41f566241f81
SHA1 5b5fe93750c6dcc1be55550752fdc5d7e9e203ac
SHA256 6ae2796aac066dc0066ff9d05f693a4d338472e90b74a1db10264f7eb19fcd29
ssdeep
768:ljHdHuU7+PhbtzdoFt6e8iHyaLt+baL1BelGJBj8N0LaNHx:ljHdHuQIhbt5oFtNVBLRC0mNHx

authentihash 4cd65b04f27ba3b6b828c866a716fa1ffe5f9269a15246dd24ae86994d9fc8fb
imphash c2cf73a6f3d7b2d5965696d04ec6085e
File size 39.0 KB ( 39936 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-06-09 12:07:13 UTC ( 3 anos, 4 meses atrás )
Last submission 2015-06-13 00:43:03 UTC ( 3 anos, 4 meses atrás )
Nomes do arquivo ESP3_[www.unknowncheats.me]_.dll
ESP3.dll
[www.OldSchoolHack.de]_ESP3.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!