VT Community Sign in ▼ Languages ▼
VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email
password
Keep me logged in
Forgot your password? Create an account
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
HPZipm12L.dll
Submission date:
2011-04-01 12:52:03 (UTC)
Current status:

VT Community

not reviewed
 Safety score: - 
Antivirus Version Last Update Result
AhnLab-V32011.04.01.012011.04.01-
AntiVir7.11.5.1612011.04.01-
Antiy-AVL2.0.3.72011.03.31-
Avast4.8.1351.02011.04.01Win32:Malware-gen
Avast55.0.677.02011.04.01Win32:Malware-gen
AVG10.0.0.11902011.04.01Generic21.AYHF
BitDefender7.22011.04.01Gen:Variant.Vundo.4
CAT-QuickHeal11.002011.04.01-
ClamAV0.97.0.02011.04.01-
Commtouch5.2.11.52011.03.24-
Comodo81832011.04.01-
DrWeb5.0.2.033002011.04.01-
Emsisoft5.1.0.52011.04.01Gen.Variant.Vundo!IK
eSafe7.0.17.02011.04.01-
eTrust-Vet36.1.82472011.04.01-
F-Prot4.6.2.1172011.04.01-
F-Secure9.0.16440.02011.03.23Gen:Variant.Vundo.4
Fortinet4.2.254.02011.04.01-
GData222011.04.01Gen:Variant.Vundo.4
IkarusT3.1.1.103.02011.04.01Gen.Variant.Vundo
Jiangmin13.0.9002011.03.31-
K7AntiVirus9.96.42692011.04.01-
Kaspersky7.0.0.1252011.04.01-
McAfee5.400.0.11582011.04.01-
McAfee-GW-Edition2010.1C2011.04.01-
Microsoft1.67022011.04.01-
NOD3260052011.04.01-
Norman6.07.032011.04.01-
Panda10.0.3.52011.03.31-
PCTools7.0.3.52011.04.01-
Prevx3.02011.04.01-
Rising23.51.03.062011.03.31-
Sophos4.64.02011.04.01-
SUPERAntiSpyware4.40.0.10062011.04.01-
Symantec20101.3.2.892011.04.01-
TheHacker6.7.0.1.1642011.04.01-
TrendMicro9.200.0.10122011.04.01-
TrendMicro-HouseCall9.200.0.10122011.04.01-
VBA323.12.14.32011.03.31-
VIPRE88852011.04.01-
ViRobot2011.4.1.43882011.04.01-
VirusBuster13.6.280.02011.03.31-
Additional information
MD5   : ced3103e366d2eeac145639b080b3426
SHA1  : 77881085585c7ae773814c8f5d9083ed9ac466a5
SHA256: 675af79b0fe81efd43a36fa02469767bfe01107c6240eb05e01c15c572b5c587
ssdeep: 1536:9LRSYDJELTyDFuCsgfpM9UeZ0CfW3g3KEQBom6gbV/wAYQTQMxuWp:PSYDyv63lpM9R0Cf
VQBoVgbV/VYjDc
File size : 118784 bytes
First seen: 2011-04-01 12:52:03
Last seen : 2011-04-01 12:52:03
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Seswrqkme Irshxagykay
copyright....: (c) Nzpmhmaky Bksrynteigs. All rights reserved.
product......: Internet Information Services
description..: Xaoatxjyx IIS Plugin DLL
original name: IISLOG.DLL
internal name: IISLOG.DLL
file version.: 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9B8A
timedatestamp....: 0x47F7E871 (Sat Apr 05 21:00:33 2008)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBC1E, 0xC000, 6.50, 2f9dd14f76499758023a1ab5b69a9d2a
.rdata, 0xD000, 0x10AC, 0x2000, 3.40, c0d1c90d8949f1d6152729904f516dfc
.data, 0xF000, 0x13F84, 0xC000, 4.36, ecc0317f6703c98b55a7c58d2819a519
.rsrc, 0x23000, 0x698, 0x1000, 1.71, 57371fdefdcfc6397a4120ee244f7216
.reloc, 0x24000, 0xE20, 0x1000, 5.70, 94fa5d5f878f59389d9c9da6642a0e85

[[ 5 import(s) ]]
KERNEL32.dll: GetCurrentProcess, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, OutputDebugStringA, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleA, LoadLibraryA, CloseHandle, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, GetOEMCP, GetACP, GetCPInfo, SetUnhandledExceptionFilter, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, ExitProcess, HeapReAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetModuleFileNameA, RtlUnwind, HeapFree, HeapAlloc, UnhandledExceptionFilter, TerminateProcess, VirtualAlloc, GetProcessHeap, GetThreadLocale, GetStringTypeW, SetThreadLocale, ExpandEnvironmentStringsW, CreateThread, FormatMessageW, SetProcessWorkingSetSize, WaitForSingleObject, SetEvent, lstrcmpA, LocalAlloc, LocalFree, GetCommandLineA, WriteFile, VirtualProtect
USER32.dll: GetSystemMetrics, SetCursor, GetParent, SetWindowTextW, GetDC, ReleaseDC, ShowWindow, SetWindowLongW, LoadCursorW, PostMessageW, GetScrollInfo, SetScrollInfo, MapWindowPoints, CreateWindowExW, DispatchMessageW, IsWindowVisible, IsWindowEnabled, TrackMouseEvent, GetSysColor, CallWindowProcW, GetWindowLongW, EnableWindow, DestroyIcon, FillRect, DrawIconEx, GetFocus, DrawFocusRect, GetDlgItem, SetRect, IsDialogMessageW, GetMessageW, PeekMessageW, TranslateMessage, LoadImageW, SendMessageW, LoadIconW, MoveWindow, GetWindowRect, GetClientRect, ScreenToClient, BeginPaint, EndPaint, InvalidateRect, SetFocus, DestroyWindow, DefWindowProcW, SystemParametersInfoW
ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, RegCloseKey, RegEnumKeyExW, CheckTokenMembership
GDI32.dll: GetObjectW, SelectObject, CreateFontIndirectW, CreateCompatibleDC, GetDeviceCaps, CreateBitmap, CreateSolidBrush, BitBlt, DeleteObject, DeleteDC, SetTextColor
ole32.dll: CoGetObject, CoInitializeEx, CoUninitialize
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 49152
CompanyName: Seswrqkme Irshxagykay
EntryPoint: 0x9b8a
FileDescription: Xaoatxjyx IIS Plugin DLL
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 116 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)
FileVersionNumber: 6.0.3790.3959
ImageVersion: 5.1
InitializedDataSize: 98304
InternalName: IISLOG.DLL
LanguageCode: English (U.S.)
LegalCopyright: Nzpmhmaky Bksrynteigs. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: IISLOG.DLL
PEType: PE32
ProductName: Internet Information Services
ProductVersion: 6.0.3790.3959
ProductVersionNumber: 6.0.3790.3959
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:04:05 23:00:33+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

[b]text[/b] -- bold
[i]text[/i] -- italics
[u]text[/u] -- underline
[s]text[/s] -- strikethrough
[code]text[/code] -- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download






ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.