hmmm says something about TR/VUNDO GEN trojan
I ran the .dll with Malwarebytes,SpyBot S&D,Symantic Corporate and found nothing.
I ran it ONLINE and got a few hits due to a "packer":
File size: 580096 bytes
MD5 : 0efaef75a036be5f0e0116976998fdba
SHA1 : 329167285486fd5b369cd0fd296d90b66d506c11
SHA256: a847800e679db94b8c4e8b5654a3f42b8af9a1cab2a17ef89c44d446a12bcd9d
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x795B
timedatestamp.....: 0x0 (Thu Jan 1 01:00:00 1970)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xAE000 0x8C200 8.00 2a0ea2f437f84f7036d963c69ffe4d48
.rsrc 0xAF000 0x2000 0x1400 7.17 e8e2ea7274fcff349015c15f88e919d6
.reloc 0xB1000 0x200 0x200 0.20 074afb4c04f4e3ff9d6832b24beeac90
( 3 imports )
> d3dx9_42.dll: D3DXCreateSprite
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree
> user32.dll: GetAsyncKeyState
( 0 exports )
TrID : File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 12288:SZn+Y3Vdn7C/WxcFeU0kXr4PGrbSmO2+SeESgg18Qy:b0txcFeU0iDrWv2+S
PEiD : -
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
packers (F-Prot): PecBundle, PECompact
RDS : NSRL Reference Data Set
More info and list of AV programs that get "upset" over the packer:
http://www.virustotal.com/analisis/a847800e679db94b8c4e8b5654a3f42b8af9a1cab2a17ef89c44d446a12bcd9d-1255573559I have no idea why it (or any trainer) should use a packer as any info in it could be viewed when run and allot of people will FIRST run new things on a VM/sandbox.
If Bellend reports that he did NOT use a packer then he should perhaps scan his network.
EDIT: There are also a few places on the internet that you can also upload any file to and they will open/run them in a sandbox and show you everything inside them so you don't even need to set up a VM or sandbox on your own system(s) or have tools to look inside.
Most trainers that are ment to be sold use a "packer" to protect content...but you can always see what is inside so why do people bother?