WININET.DLL File has already been analysed: MD5: 2d9c7b010409372c34f725da5cced083 First received: 2010.06.11 06:48:43 UTC Date: 2010.06.23 04:02:06 UTC [>5D] Results: 0/41 Permalink: analisis/1b8efa72379df68c604ed616fd99ebaaf407b20a3711366f5b1148371b04adae-1277265726 File 3A12E463008F6436FCA40D30AB177D00A11D76E9.dll received on 2010.06.23 04:02:06 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 5.0.0.30 2010.06.23 - AhnLab-V3 2010.06.23.00 2010.06.23 - AntiVir 8.2.2.6 2010.06.22 - Antiy-AVL 2.0.3.7 2010.06.22 - Authentium 5.2.0.5 2010.06.23 - Avast 4.8.1351.0 2010.06.22 - Avast5 5.0.332.0 2010.06.22 - AVG 9.0.0.836 2010.06.22 - BitDefender 7.2 2010.06.23 - CAT-QuickHeal 10.00 2010.06.22 - ClamAV 0.96.0.3-git 2010.06.23 - Comodo 5190 2010.06.23 - DrWeb 5.0.2.03300 2010.06.23 - eSafe 7.0.17.0 2010.06.22 - eTrust-Vet 36.1.7660 2010.06.23 - F-Prot 4.6.1.107 2010.06.22 - F-Secure 9.0.15370.0 2010.06.23 - Fortinet 4.1.133.0 2010.06.22 - GData 21 2010.06.23 - Ikarus T3.1.1.84.0 2010.06.23 - Jiangmin 13.0.900 2010.06.15 - Kaspersky 7.0.0.125 2010.06.23 - McAfee 5.400.0.1158 2010.06.23 - McAfee-GW-Edition 2010.1 2010.06.22 - Microsoft 1.5902 2010.06.23 - NOD32 5220 2010.06.23 - Norman 6.05.10 2010.06.22 - nProtect 2010-06-23.01 2010.06.23 - Panda 10.0.2.7 2010.06.22 - PCTools 7.0.3.5 2010.06.23 - Prevx 3.0 2010.06.23 - Rising 22.53.02.01 2010.06.23 - Sophos 4.54.0 2010.06.23 - Sunbelt 6492 2010.06.23 - Symantec 20101.1.0.89 2010.06.22 - TheHacker 6.5.2.0.302 2010.06.22 - TrendMicro 9.120.0.1004 2010.06.23 - TrendMicro-HouseCall 9.120.0.1004 2010.06.23 - VBA32 3.12.12.5 2010.06.22 - ViRobot 2010.6.21.3896 2010.06.23 - VirusBuster 5.0.27.0 2010.06.22 - Additional information File size: 916480 bytes MD5 : 2d9c7b010409372c34f725da5cced083 SHA1 : 3de5b2b1fd08a89bdd47d5b975cd6c640bbad1a4 SHA256: 1b8efa72379df68c604ed616fd99ebaaf407b20a3711366f5b1148371b04adae PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1748 timedatestamp.....: 0x4BE29CF0 (Thu May 6 12:41:52 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xAF930 0xAFA00 6.63 894b743884cb259ecb0fac64a7e410a1 .data 0xB1000 0x6850 0x3400 1.83 96c5fb31cac1140baf3bf8785f33d7f5 .rsrc 0xB8000 0x261C0 0x26200 4.72 f510d3857585944a3072e8e1477e9f00 .reloc 0xDF000 0x67CC 0x6800 6.78 704a73cec3949370af8444ca77511a69 ( 9 imports ) > advapi32.dll: RegDeleteValueW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, TraceEvent, DuplicateTokenEx, CreateWellKnownSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, UnregisterTraceGuids, RegisterTraceGuidsA, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CryptAcquireContextW, CryptGetProvParam, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus > iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, - > kernel32.dll: OpenFileMappingA, CreateFileMappingA, MapViewOfFileEx, FlushViewOfFile, SetEndOfFile, UnmapViewOfFile, OutputDebugStringA, DosDateTimeToFileTime, lstrcmpiW, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileExW, MoveFileW, MoveFileA, SetFilePointerEx, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, LoadLibraryW, FreeLibraryAndExitThread, ResetEvent, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetSystemDirectoryA, FormatMessageA, SetErrorMode, IsDBCSLeadByteEx, SystemTimeToFileTime, SizeofResource, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, GetLongPathNameW, lstrlenW, GetLongPathNameA, DeleteFileA, FormatMessageW, GetModuleHandleA, GetSystemTime, GetModuleHandleW, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetComputerNameA, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadResource, FindResourceExW, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, CompareFileTime, WritePrivateProfileStringW, GetFileAttributesW, CreateMutexW, DuplicateHandle, OpenMutexW, OpenEventW, LockResource, ResumeThread, GetTickCount, GetProcAddress, LoadLibraryA, FreeLibrary, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW, WaitForSingleObject, WideCharToMultiByte, MultiByteToWideChar, CreateEventA, CreateMutexA, CompareStringA, ReleaseMutex, GetCurrentThreadId, LocalFree, LocalAlloc, DeleteCriticalSection, SetEvent, InterlockedIncrement, lstrcmpiA, lstrlenA, InterlockedDecrement, GetModuleFileNameW, InitializeCriticalSectionAndSpinCount > msvcrt.dll: memset, _vsnwprintf, _lock, wcsncmp, bsearch, ___V@YAXPAX@Z, ___U@YAPAXI@Z, _onexit, _wcsnicmp, _wtoi, _wcsicmp, isupper, wcsstr, _purecall, _mbstok, iscntrl, ispunct, _strtoui64, __dllonexit, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr, memcpy, mbtowc, __mb_cur_max, isleadbyte, _iob, _snprintf, _itoa, wctomb, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, iswlower, iswascii, iswxdigit, wcstol, islower, __isascii, strtol, memmove, iswspace, wcsrchr, strrchr, atoi, realloc, free, malloc, time, wcstok, _vsnprintf > normaliz.dll: IdnToAscii, IdnToUnicode > ntdll.dll: RtlUnwind, RtlConvertSidToUnicodeString, RtlMoveMemory > shlwapi.dll: SHRegGetValueW, -, SHRegGetValueA, PathAddBackslashW, PathFindFileNameW, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrIA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, StrStrA, PathCombineW, StrChrNW, StrTrimW > urlmon.dll: -, -, -, -, -, -, - > user32.dll: FindWindowW, PostMessageW, RegisterWindowMessageW, ReleaseDC, GetDC, SendDlgItemMessageW, LoadImageW, GetSystemMetrics, IntersectRect, EqualRect, GetWindowRect, GetWindow, SetForegroundWindow, DestroyIcon, SetDlgItemTextW, SetWindowPos, IsWindow, PostMessageA, CharNextExA, EnumWindows, GetAncestor, IsWindowVisible, EnumChildWindows, GetWindowThreadProcessId, IsCharAlphaNumericA, CharLowerW, CharUpperA, CharToOemA, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA, DestroyWindow, KillTimer, EnableWindow, SetWindowTextW, GetDlgItem, SetFocus, EndDialog, CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo ( 1 exports ) > CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DeleteWpadCacheForNetworks, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, ReadUrlCacheEntryStreamEx, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl TrID : File type identification InstallShield setup (46.1%) Win32 Executable MS Visual C++ (generic) (40.4%) Win32 Executable Generic (9.1%) Generic Win/DOS Executable (2.1%) DOS Executable Generic (2.1%) ssdeep: 12288:21noSP+d8tK+RfS0k3T3SgepbtrGzlnhvw9nf7Sp8vkkMMIMMutumKIs:3dv+RfS04T31ArFnf7SpdkMMIMMuw sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Windows_ Internet Explorer description..: Internet Extensions for Win32 original name: wininet.dll internal name: wininet.dll file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set WIN32K.DLL File has already been analysed: MD5: b9d41312f6d9ffa8d1d80488d9fde849 First received: 2010.06.11 22:08:49 UTC Date: 2010.06.28 15:11:06 UTC [<1D] Results: 0/41 Permalink: analisis/9a68f402b6da827db0abc5a9a782d12968d7017d599834093301978d2c65ed17-1277737866 File 1CDE120F8052A4813F381C7186947D004571C813.sys received on 2010.06.28 15:11:06 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 5.0.0.30 2010.06.28 - AhnLab-V3 2010.06.27.01 2010.06.27 - AntiVir 8.2.4.2 2010.06.28 - Antiy-AVL 2.0.3.7 2010.06.25 - Authentium 5.2.0.5 2010.06.27 - Avast 4.8.1351.0 2010.06.28 - Avast5 5.0.332.0 2010.06.28 - AVG 9.0.0.836 2010.06.28 - BitDefender 7.2 2010.06.28 - CAT-QuickHeal 10.00 2010.06.28 - ClamAV 0.96.0.3-git 2010.06.28 - Comodo 5244 2010.06.28 - DrWeb 5.0.2.03300 2010.06.28 - eSafe 7.0.17.0 2010.06.28 - eTrust-Vet 36.1.7671 2010.06.28 - F-Prot 4.6.1.107 2010.06.27 - F-Secure 9.0.15370.0 2010.06.28 - Fortinet 4.1.133.0 2010.06.27 - GData 21 2010.06.28 - Ikarus T3.1.1.84.0 2010.06.28 - Jiangmin 13.0.900 2010.06.27 - Kaspersky 7.0.0.125 2010.06.28 - McAfee 5.400.0.1158 2010.06.28 - McAfee-GW-Edition 2010.1 2010.06.28 - Microsoft 1.5902 2010.06.28 - NOD32 5234 2010.06.28 - Norman 6.05.10 2010.06.28 - nProtect 2010-06-28.01 2010.06.28 - Panda 10.0.2.7 2010.06.28 - PCTools 7.0.3.5 2010.06.28 - Prevx 3.0 2010.06.28 - Rising 22.54.00.04 2010.06.28 - Sophos 4.54.0 2010.06.28 - Sunbelt 6516 2010.06.28 - Symantec 20101.1.0.89 2010.06.28 - TheHacker 6.5.2.0.304 2010.06.28 - TrendMicro 9.120.0.1004 2010.06.28 - TrendMicro-HouseCall 9.120.0.1004 2010.06.28 - VBA32 3.12.12.5 2010.06.28 - ViRobot 2010.6.26.3907 2010.06.26 - VirusBuster 5.0.27.0 2010.06.28 - Additional information File size: 1851264 bytes MD5 : b9d41312f6d9ffa8d1d80488d9fde849 SHA1 : d624e261d57b9532b987081c822175607ae8e566 SHA256: 9a68f402b6da827db0abc5a9a782d12968d7017d599834093301978d2c65ed17 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1B11FF timedatestamp.....: 0x4BDD0C20 (Sun May 2 07:22:40 2010) machinetype.......: 0x14C (Intel I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x380 0x18DA27 0x18DA80 6.69 36f3dfcb691f06bb5538cbf7f77df007 .rdata 0x18DE00 0xD05C 0xD080 5.74 eb71eb090f8b5babe8ce71b16a53f69a .data 0x19AE80 0x1284C 0x12880 3.94 6f25102c0c7926452ca42e438809bfcb .kbdfall 0x1AD700 0x63C 0x680 4.64 29f829807a57c3f1be70d31778a4a4d9 .edata 0x1ADD80 0x1AE3 0x1B00 5.96 526aeca951847c614f1029e701c66b95 INIT 0x1AF880 0x5796 0x5800 6.68 f4905138cea1c270a50aae109f281e31 .rsrc 0x1B5080 0x2218 0x2280 3.51 a34cc9fe932aa3ac305a455ccd763351 .reloc 0x1B7300 0xCC1C 0xCC80 6.76 aaee9bb699321464beee6f4f73dfc9e9 ( 4 imports ) > dxapi.sys: _DxApiGetVersion@0 > hal.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter > ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread > watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection ( 1 exports ) > BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2 TrID : File type identification Win64 Executable Generic (87.2%) Win32 Executable Generic (8.6%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 49152:6DqNe4/vdvf0pXYioLaYmW/p4ckdbVcFH:6DqNeQapXYPaRxN+ sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Multi-User Win32 Driver original name: win32k.sys internal name: win32k.sys file version.: 5.1.2600.5976 (xpsp_sp3_gdr.100501-1623) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set IEDVTOOL.DLL File has already been analysed: MD5: c0472c12e3780a1044128fd2a2af202e First received: 2010.06.08 18:56:40 UTC Date: 2010.06.18 20:44:49 UTC [>9D] Results: 0/41 Permalink: analisis/ec635e3b652276dc2ef00c7d52d7b0758af1df52a063f188a1a9f5d97bcb52b9-1276893889 File iedvtool.dll received on 2010.06.18 20:44:49 (UTC) Current status: finished Result: 0/41 (0.00%) Compact Compact Print results Print results Antivirus Version Last Update Result a-squared 5.0.0.26 2010.06.18 - AhnLab-V3 2010.06.18.05 2010.06.18 - AntiVir 8.2.2.6 2010.06.18 - Antiy-AVL 2.0.3.7 2010.06.18 - Authentium 5.2.0.5 2010.06.18 - Avast 4.8.1351.0 2010.06.18 - Avast5 5.0.332.0 2010.06.18 - AVG 9.0.0.787 2010.06.18 - BitDefender 7.2 2010.06.18 - CAT-QuickHeal 10.00 2010.06.18 - ClamAV 0.96.0.3-git 2010.06.18 - Comodo 5145 2010.06.18 - DrWeb 5.0.2.03300 2010.06.18 - eSafe 7.0.17.0 2010.06.17 - eTrust-Vet 36.1.7646 2010.06.18 - F-Prot 4.6.1.107 2010.06.18 - F-Secure 9.0.15370.0 2010.06.18 - Fortinet 4.1.133.0 2010.06.18 - GData 21 2010.06.18 - Ikarus T3.1.1.84.0 2010.06.18 - Jiangmin 13.0.900 2010.06.15 - Kaspersky 7.0.0.125 2010.06.18 - McAfee 5.400.0.1158 2010.06.18 - McAfee-GW-Edition 2010.1 2010.06.18 - Microsoft 1.5902 2010.06.18 - NOD32 5208 2010.06.18 - Norman 6.05.06 2010.06.18 - nProtect 2010-06-18.01 2010.06.18 - Panda 10.0.2.7 2010.06.18 - PCTools 7.0.3.5 2010.06.18 - Prevx 3.0 2010.06.18 - Rising 22.52.04.04 2010.06.18 - Sophos 4.54.0 2010.06.18 - Sunbelt 6468 2010.06.18 - Symantec 20101.1.0.89 2010.06.18 - TheHacker 6.5.2.0.300 2010.06.18 - TrendMicro 9.120.0.1004 2010.06.18 - TrendMicro-HouseCall 9.120.0.1004 2010.06.18 - VBA32 3.12.12.5 2010.06.18 - ViRobot 2010.6.14.3884 2010.06.18 - VirusBuster 5.0.27.0 2010.06.18 - Additional information File size: 743424 bytes MD5 : c0472c12e3780a1044128fd2a2af202e SHA1 : a99b7a6ffc2e85e520d071c7383cf68da0b13448 SHA256: ec635e3b652276dc2ef00c7d52d7b0758af1df52a063f188a1a9f5d97bcb52b9 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x181E timedatestamp.....: 0x4BE29CEC (Thu May 6 12:41:48 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x80CF1 0x80E00 6.44 55073f908b22065801956f09c5b6e7e1 .data 0x82000 0xED8 0xE00 2.53 c9103c463ada621d221c00d28dbac887 .rsrc 0x83000 0x2D2F8 0x2D400 5.42 610a70c8bab8a192baf8cca812943213 .reloc 0xB1000 0x63A0 0x6400 6.63 467d6723b0f8e548697a5b5378d4b1a6 ( 16 imports ) > advapi32.dll: RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW > gdi32.dll: IntersectClipRect, SelectClipRgn, GetClipRgn, CreateRectRgn, GetObjectW, SetBkColor, GetBkColor, SetTextColor, SelectObject, CreateFontIndirectW, GetCurrentObject, GetTextColor, SetLayout, GetDeviceCaps, SetBkMode, DeleteDC, CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, Rectangle, GetStockObject, CreatePen, LineTo, MoveToEx, CreateFontW, GetTextExtentPointW, CreatePatternBrush, CreateBitmap, PatBlt, CombineRgn, GetTextExtentPoint32W, GetPixel, CreateSolidBrush, DeleteObject, StretchBlt, SetTextAlign, TextOutW > ieframe.dll: -, -, -, IEIsProtectedModeProcess > iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > kernel32.dll: MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, SearchPathW, GetLocaleInfoW, GlobalFree, EnumUILanguagesW, InterlockedIncrement, InterlockedDecrement, lstrcmpW, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, MultiByteToWideChar, GetLastError, WideCharToMultiByte, lstrcmpiA, lstrlenW, Sleep, GetTickCount, lstrlenA, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatA, GetDateFormatA, FileTimeToSystemTime, FileTimeToLocalFileTime, GlobalUnlock, GlobalLock, GlobalAlloc, TlsGetValue, RaiseException, EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache, GetCurrentProcess, GetCurrentThreadId, SetLastError, MulDiv, HeapCreate, HeapDestroy, HeapReAlloc, HeapSize, LocalFree, FreeLibrary, GetModuleHandleW, LoadLibraryW, TlsSetValue, GlobalAddAtomW, GetProcAddress, CloseHandle, IsDebuggerPresent, SetEvent, WaitForSingleObject, ResetEvent, CreateThread, CreateEventW, InterlockedExchange, GetModuleFileNameW, GetVersionExW, TlsFree, TlsAlloc, lstrcmpA, GetCurrentProcessId, CreateFileW, WriteFile, GetTempFileNameW, ReadFile, GetFileSize, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiW, LoadLibraryExW, OpenEventW, GetVersionExA, GetVersion, LoadLibraryA, VirtualFree, VirtualAlloc, InterlockedCompareExchange, OutputDebugStringA, RtlUnwind, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW > msimg32.dll: TransparentBlt, GradientFill > msvcrt.dll: __1type_info@@UAE@XZ, realloc, _terminate@@YAXXZ, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, _unlock, _wcslwr, _errno, __CxxFrameHandler, _mbsstr, floor, _CIcos, _CIsin, _CIsqrt, _CIatan2, memcpy, towlower, _wcsnicmp, iswdigit, iswalpha, towupper, iswalnum, wcsstr, iswxdigit, wcsrchr, iswspace, strtoul, wcschr, calloc, strchr, toupper, _vsnwprintf, _CxxThrowException, memset, _vscwprintf, _wcsicmp, _purecall, malloc, __dllonexit, _lock, _onexit, memmove, mbtowc, __mb_cur_max, isleadbyte, _iob, _snprintf, _itoa, ferror, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, free, bsearch, wcsncmp > ole32.dll: CreateStreamOnHGlobal, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitializeEx, StringFromGUID2, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, OleInitialize, OleUninitialize > oleacc.dll: CreateStdAccessibleObject, LresultFromObject > oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, - > shell32.dll: SHGetFolderPathW, -, SHGetInstanceExplorer > shlwapi.dll: PathRemoveExtensionW, PathAddExtensionW, UrlCanonicalizeW, StrStrW, -, SHStrDupW, SHDeleteKeyW, StrChrW, StrToIntW, PathAppendW, PathFindExtensionW, -, StrRChrW, PathFindFileNameW, PathUndecorateW, SHCreateStreamOnFileW, StrCmpW, StrCmpIW, -, StrChrA > urlmon.dll: CoInternetCreateZoneManager, CoInternetIsFeatureEnabled, CoInternetCombineIUri, GetMarkOfTheWeb, -, CreateUri > user32.dll: GetDlgItemInt, GetActiveWindow, GetWindowInfo, GetWindow, GetClassLongW, SetLayeredWindowAttributes, ReleaseCapture, DrawEdge, UpdateWindow, GetCapture, SetCapture, IsIconic, GetClassInfoExW, TrackPopupMenu, RegisterClassExW, CheckMenuItem, GetMenuState, PostThreadMessageW, SystemParametersInfoA, AllowSetForegroundWindow, BringWindowToTop, CharNextW, NotifyWinEvent, UnregisterClassA, TrackPopupMenuEx, CreatePopupMenu, AppendMenuW, SetMenuItemInfoW, DestroyMenu, MessageBoxW, CloseWindow, LoadImageW, SendDlgItemMessageW, LoadIconW, MsgWaitForMultipleObjects, DestroyIcon, GetWindowThreadProcessId, AttachThreadInput, BeginPaint, FindWindowExW, EndPaint, GetUpdateRect, ValidateRect, DrawFocusRect, InSendMessageEx, ReplyMessage, IsWindowEnabled, GetComboBoxInfo, GetDesktopWindow, SetPropW, GetPropW, RemovePropW, EndDialog, CallWindowProcW, ClientToScreen, GetClassNameW, SetForegroundWindow, LoadAcceleratorsW, DestroyAcceleratorTable, GetMessagePos, CallNextHookEx, PostMessageW, EnableMenuItem, UnhookWindowsHookEx, SetWindowsHookExW, KillTimer, SetTimer, LoadMenuW, GetSubMenu, TranslateAcceleratorW, GetKeyState, MapWindowPoints, GetParent, EnableWindow, SetDlgItemTextW, IsDlgButtonChecked, CheckDlgButton, DialogBoxParamW, SetParent, ShowCaret, GetWindowTextW, DrawTextW, IsRectEmpty, UnionRect, InflateRect, EqualRect, CopyRect, SetRect, GetSystemMetrics, IntersectRect, GetFocus, SystemParametersInfoW, RedrawWindow, GetSysColorBrush, GetSysColor, IsWindowVisible, SetFocus, GetClientRect, CreateWindowExW, DefWindowProcW, MoveWindow, SetWindowLongW, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, WindowFromPoint, GetWindowLongW, IsChild, ScreenToClient, ChildWindowFromPoint, GetDC, ReleaseDC, IsWindow, SendMessageW, LoadStringW, GetDlgItem, SetWindowTextW, InvalidateRect, SetClassLongW, FillRect, FrameRect, DestroyCursor, CreateDialogParamW, ShowWindow, LoadCursorW, SetCursor, DestroyWindow, PeekMessageW, TranslateMessage, DispatchMessageW, SetWindowPos, OffsetRect, PtInRect, SetRectEmpty, GetWindowRect > uxtheme.dll: IsThemeActive > wininet.dll: InternetSetOptionW, FindNextUrlCacheEntryW, DeleteUrlCacheEntryW, FindFirstUrlCacheEntryW, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, HttpOpenRequestW, GetUrlCacheEntryInfoW, InternetCanonicalizeUrlW, RetrieveUrlCacheEntryStreamW, ReadUrlCacheEntryStream, UnlockUrlCacheEntryStream, InternetGetCookieW ( 1 exports ) > DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer TrID : File type identification DirectShow filter (43.0%) Windows OCX File (26.3%) Win64 Executable Generic (18.2%) Win32 Executable MS Visual C++ (generic) (8.0%) Win32 Executable Generic (1.8%) Symantec reputation: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 ssdeep: 12288:jEY7y9hOIztInnXH354qIP/7TvBX1b3XxlefBgqK0t9oMyqniakmQ:xwhTztIXH354qI7TbXxlefBZOMyqnie sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Windows_ Internet Explorer description..: Internet Explorer Developer Tools original name: iedvtool.dll internal name: iedvtool.dll file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD : - RDS : NSRL Reference Data Set