× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47997c48f9721335a0f242b288c29eeadab59dd3529beedfe6d5c3a9a6db9b94
File name: GMS CRC.dll
Detection ratio: 0 / 57
Analysis date: 2015-02-22 22:13:46 UTC ( 4 år ago ) View latest
Antivirus Result Update
Ad-Aware 20150222
AegisLab 20150222
Yandex 20150222
AhnLab-V3 20150222
Alibaba 20150219
ALYac 20150222
Antiy-AVL 20150222
Avast 20150222
AVG 20150222
Avira (no cloud) 20150222
AVware 20150222
Baidu-International 20150222
BitDefender 20150222
Bkav 20150213
ByteHero 20150222
CAT-QuickHeal 20150221
ClamAV 20150222
CMC 20150214
Comodo 20150222
Cyren 20150222
DrWeb 20150222
Emsisoft 20150222
ESET-NOD32 20150222
F-Prot 20150222
F-Secure 20150222
Fortinet 20150222
GData 20150222
Ikarus 20150222
Jiangmin 20150222
K7AntiVirus 20150222
K7GW 20150222
Kaspersky 20150222
Kingsoft 20150222
Malwarebytes 20150222
McAfee 20150222
McAfee-GW-Edition 20150222
Microsoft 20150222
eScan 20150222
NANO-Antivirus 20150222
Norman 20150222
nProtect 20150218
Panda 20150222
Qihoo-360 20150222
Rising 20150222
Sophos AV 20150222
SUPERAntiSpyware 20150222
Symantec 20150222
Tencent 20150222
TheHacker 20150222
TotalDefense 20150222
TrendMicro 20150222
TrendMicro-HouseCall 20150222
VBA32 20150220
VIPRE 20150222
ViRobot 20150222
Zillya 20150222
Zoner 20150220
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-22 22:09:40
Entry Point 0x00001D02
Number of sections 5
PE sections
PE imports
GetCurrentProcess
IsProcessorFeaturePresent
CreateThread
GetCurrentProcessId
GetModuleHandleA
K32GetModuleInformation
QueryPerformanceCounter
IsDebuggerPresent
Sleep
GetSystemTimeAsFileTime
VirtualProtect
EncodePointer
GetCurrentThreadId
DecodePointer
_amsg_exit
rand
malloc
memset
__crtUnhandledException
_unlock
_crt_debugger_hook
_lock
memcpy
_calloc_crt
free
_onexit
_malloc_crt
__dllonexit
_except_handler4_common
__CppXcptFilter
_initterm
_initterm_e
__crtTerminateProcess
__clean_type_info_names_internal
ShellExecuteW
MessageBoxA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:02:22 23:09:40+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
5120

LinkerVersion
12.0

EntryPoint
0x1d02

InitializedDataSize
5120

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 9681f18075dc7b8a8b6261e5a7cdfed6
SHA1 7a9f1af90bb0a2b26baff18201c63b828ab31062
SHA256 47997c48f9721335a0f242b288c29eeadab59dd3529beedfe6d5c3a9a6db9b94
ssdeep
192:tKEM9m8aHl1f9oAwwPf9HvJfK/iVf3XUtoQwt35:tu9vaFOw3zfK/gEt1o

authentihash eceaa63ea24cace05081daf7b2f15fc3239b218e548479f203ae208068e270c3
imphash 2860164edf138b51825d55d5031fc9fd
File size 10.5 kB ( 10752 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-02-22 22:13:46 UTC ( 4 år ago )
Last submission 2015-03-22 08:29:16 UTC ( 4 år ago )
File names gmscrc.dll
GMS CRC.dll
GMSCRC.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!