× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
File name: libgcc_s_dw2-1.dll
Detection ratio: 0 / 66
Analysis date: 2017-11-19 20:12:22 UTC ( 4 days, 22 hours ago )
Antivirus Result Update
Ad-Aware 20171119
AegisLab 20171119
AhnLab-V3 20171119
Alibaba 20170911
ALYac 20171119
Antiy-AVL 20171119
Arcabit 20171119
Avast 20171119
Avast-Mobile 20171119
AVG 20171119
Avira (no cloud) 20171119
AVware 20171118
Baidu 20171117
BitDefender 20171119
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171119
CMC 20171119
Comodo 20171119
CrowdStrike Falcon (ML) 20171016
Cybereason None
Cylance 20171119
Cyren 20171119
DrWeb 20171119
eGambit 20171119
Emsisoft 20171119
Endgame 20171024
ESET-NOD32 20171119
F-Prot 20171119
F-Secure 20171119
Fortinet 20171119
GData 20171119
Ikarus 20171119
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171119
Kaspersky 20171119
Kingsoft 20171119
Malwarebytes 20171119
MAX 20171119
McAfee 20171119
McAfee-GW-Edition 20171119
Microsoft 20171118
eScan 20171119
NANO-Antivirus 20171119
nProtect 20171119
Palo Alto Networks (Known Signatures) 20171119
Panda 20171119
Qihoo-360 20171119
Rising 20171119
SentinelOne (Static ML) 20171113
Sophos AV 20171119
SUPERAntiSpyware 20171119
Symantec 20171118
Symantec Mobile Insight 20171117
Tencent 20171119
TheHacker 20171117
TrendMicro 20171119
TrendMicro-HouseCall 20171119
Trustlook 20171119
VBA32 20171117
VIPRE 20171119
ViRobot 20171119
Webroot 20171119
WhiteArmor 20171104
Yandex 20171118
Zillya 20171117
ZoneAlarm by Check Point 20171119
Zoner 20171119
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-02 01:30:53
Entry Point 0x00001058
Number of sections 10
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
TlsAlloc
VirtualProtect
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
malloc
_errno
fwrite
__dllonexit
abort
free
vfprintf
realloc
calloc
fflush
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2011:12:02 02:30:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
96768

LinkerVersion
2.21

EntryPoint
0x1058

InitializedDataSize
117760

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 000abdf5d3e31514801b44b954e1cf91
SHA1 89ebff9d7806e8550adde0ce111733909a205a5d
SHA256 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
ssdeep
3072:ou768hn2xXOjzXa6VhSlmBuqwNKvp7Ag9MSspV:H766sXOjzV+lmBZwNKvp7AwM

authentihash 116bb6b14630fba9ebf462523a7794aa7fce1582d76ce73938c54e51a6d80cb6
imphash be24466d210a5d342c48b1c5ea8928aa
File size 116.0 KB ( 118784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2012-01-11 14:52:41 UTC ( 5 years, 10 months ago )
Last submission 2017-11-19 20:12:22 UTC ( 4 days, 22 hours ago )
File names 86.tmp
sbs_ve_ambr_20160129083219.577_ 64131
sbs_ve_ambr_20160018092108.228_ 170417
sbs_ve_ambr_20151017231515.667_ 332380
is-1jjli.tmp
sbs_ve_ambr_20160111215905.593_ 201037
sbs_ve_ambr_20151127215829.649_ 262393
AdbWinApi.dll
sbs_ve_ambr_20160302083329.427_ 286279
sbs_ve_ambr_20151108215459.573_ 262390
sbs_ve_ambr_20151101215422.365_ 170097
sbs_ve_ambr_20160124182418.503_ 344799
sbs_ve_ambr_20150813220637.782_ 372319
sbs_ve_ambr_20150815223141.239_ 317671
sbs_ve_ambr_20160102224333.780_ 322267
42.tmp
229.tmp
sbs_ve_ambr_20150911215714.786_ 373794
sbs_ve_ambr_20160121214024.763_ 199954
sbs_ve_ambr_20160015004629.406_ 184585
sbs_ve_ambr_20160128213833.581_ 213992
sbs_ve_ambr_20150910170555.841_ 339262
sbs_ve_ambr_20151108220908.594_ 323828
is-ri3fr.tmp
sbs_ve_ambr_20150915220115.432_ 138774
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!