× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19
File name: 58be53d5012b3f45_libeay32.dll
Detection ratio: 1 / 67
Analysis date: 2017-10-23 07:33:32 UTC ( 7 minutes ago )
Antivirus Result Update
eGambit malicious_confidence_94% 20171023
Ad-Aware 20171023
AegisLab 20171023
AhnLab-V3 20171023
Alibaba 20170911
ALYac 20171023
Antiy-AVL 20171023
Arcabit 20171023
Avast 20171023
Avast-Mobile 20171022
AVG 20171023
Avira (no cloud) 20171022
AVware 20171023
Baidu 20171023
BitDefender 20171023
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171023
CMC 20171022
Comodo 20171023
CrowdStrike Falcon (ML) 20171016
Cylance 20171023
Cyren 20171023
DrWeb 20171023
Emsisoft 20171023
Endgame 20171016
ESET-NOD32 20171023
F-Prot 20171023
F-Secure 20171023
Fortinet 20171023
GData 20171023
Ikarus 20171022
Sophos ML 20170914
Jiangmin 20171023
K7AntiVirus 20171023
K7GW 20171023
Kaspersky 20171023
Kingsoft 20171023
Malwarebytes 20171023
MAX 20171023
McAfee 20171023
McAfee-GW-Edition 20171023
Microsoft 20171022
eScan 20171023
NANO-Antivirus 20171023
nProtect 20171023
Palo Alto Networks (Known Signatures) 20171023
Panda 20171022
Qihoo-360 20171023
Rising 20171023
SentinelOne (Static ML) 20171019
Sophos AV 20171023
SUPERAntiSpyware 20171023
Symantec 20171022
Symantec Mobile Insight 20171011
Tencent 20171023
TheHacker 20171017
TotalDefense 20171023
TrendMicro 20171023
TrendMicro-HouseCall 20171023
Trustlook 20171023
VBA32 20171020
VIPRE 20171023
ViRobot 20171023
Webroot 20171023
WhiteArmor 20171016
Yandex 20171021
Zillya 20171021
ZoneAlarm by Check Point 20171023
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

Product The OpenSSL Toolkit
Original name libeay32.dll
Internal name libeay32
File version 1.0.2k
Description OpenSSL shared library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00001400
Number of sections 18
PE sections
Overlays
MD5 b86eaad875750a5fff04e973cf3701f5
File type data
Offset 2156544
Size 1040562
Entropy 4.65
PE imports
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetDeviceCaps
GetDIBits
DeleteObject
CreateCompatibleBitmap
GetObjectA
GetSystemTime
GetLastError
GetStdHandle
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
ExitProcess
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SystemTimeToFileTime
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatus
InitializeCriticalSection
VirtualQuery
FindClose
TlsGetValue
Sleep
GetFileType
GetTickCount
GetVersion
SetLastError
LeaveCriticalSection
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDC
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
WSAGetLastError
getsockopt
closesocket
ntohl
send
ntohs
listen
WSACleanup
gethostbyname
WSASetLastError
recv
setsockopt
socket
bind
recvfrom
sendto
getservbyname
__udivdi3
__umoddi3
__stack_chk_guard
__stack_chk_fail
strncmp
malloc
fseek
sscanf
realloc
fread
fclose
strcat
__dllonexit
_stricmp
fgets
abort
_setmode
strtoul
printf
_chmod
_getch
fflush
fopen
feof
_write
strncpy
_amsg_exit
fputc
strtol
raise
isalnum
_errno
fwrite
_lock
qsort
_open
_onexit
fputs
ftell
_snprintf
sprintf
_fileno
strrchr
isspace
localtime
strchr
tolower
_fdopen
_unlock
ferror
memcmp
gmtime
free
getenv
signal
atoi
vfprintf
_wfopen
calloc
strlen
_exit
_stat
_vsnprintf
perror
memmove
_read
strerror
strcmp
wcsstr
strcpy
setvbuf
time
_strnicmp
fprintf
_initterm
isupper
isxdigit
memchr
_iob
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.2.11

UninitializedDataSize
12288

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2105344

EntryPoint
0x1400

OriginalFileName
libeay32.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2006 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

FileVersion
1.0.2k

TimeStamp
0000:00:00 00:00:00

FileType
Win32 DLL

PEType
PE32

InternalName
libeay32

ProductVersion
1.0.2k

FileDescription
OpenSSL shared library

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
The OpenSSL Project, http://www.openssl.org/

CodeSize
1526272

ProductName
The OpenSSL Toolkit

ProductVersionNumber
1.0.2.11

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 6ed47014c3bb259874d673fb3eaedc85
SHA1 c9b29ba7e8a97729c46143cc59332d7a7e9c1ad8
SHA256 58be53d5012b3f45c1ca6f4897bece4773efbe1ccbf0be460061c183ee14ca19
ssdeep
98304:W5FYc9YouOquJVqrR1LlZRUT83DlJrqd+kq:WrjYouOquJgrlZ283xFqdq

authentihash ae38c50369924066544fd98483dab202fdc551339e3161dff67dc9aba35d1e90
imphash abf94fc48a074b07aa906f31fcd3fc02
File size 3.0 MB ( 3197106 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll overlay

VirusTotal metadata
First submission 2017-03-07 15:21:26 UTC ( 7 months, 2 weeks ago )
Last submission 2017-10-23 07:33:32 UTC ( 7 minutes ago )
File names libeay32.dll
libeay32.dll
LIBEAY32.dll
libeay32.dll
libeay32.dll.2208.dr
LIBEAY32.dll
libeay32
libeay32.dll
LIBEAY32.dll
LIBEAY32.dll
LIBEAY32.dll
LIBEAY32.dll
58BE53D5012B3F45C1CA6F4897BECE4773EFBE1CCBF0BE460061C183EE14CA19
libeay32.dll
58be53d5012b3f45_libeay32.dll
LIBEAY32.dll
3BC462D21BC762F6EEC3D23BB57E2BAF532807AB8B46FAB1FE38A841E5FDE81ED446E5305A78AD0D513D85419E6EC8C4B54985DA1D6B198ACB793230AEECD93E.dll
LIBEAY32.dll
libeay32.dll.2064.dr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!