× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
File name: libgcc_s_dw2-1.dll
Detection ratio: 0 / 64
Analysis date: 2017-09-05 14:26:09 UTC ( 2 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware 20170905
AegisLab 20170905
AhnLab-V3 20170905
Alibaba 20170905
ALYac 20170905
Antiy-AVL 20170905
Arcabit 20170905
Avast 20170905
AVG 20170905
Avira (no cloud) 20170905
AVware 20170905
Baidu 20170831
BitDefender 20170905
Bkav 20170905
CAT-QuickHeal 20170905
ClamAV 20170905
CMC 20170902
Comodo 20170905
CrowdStrike Falcon (ML) 20170804
Cylance 20170905
Cyren 20170905
DrWeb 20170905
Emsisoft 20170905
Endgame 20170821
ESET-NOD32 20170905
F-Prot 20170905
F-Secure 20170905
Fortinet 20170905
GData 20170905
Ikarus 20170905
Sophos ML 20170822
Jiangmin 20170905
K7AntiVirus 20170905
K7GW 20170905
Kaspersky 20170905
Kingsoft 20170905
Malwarebytes 20170905
MAX 20170905
McAfee 20170905
McAfee-GW-Edition 20170905
Microsoft 20170905
eScan 20170905
NANO-Antivirus 20170905
nProtect 20170905
Palo Alto Networks (Known Signatures) 20170905
Panda 20170904
Qihoo-360 20170905
Rising 20170901
SentinelOne (Static ML) 20170806
Sophos AV 20170905
SUPERAntiSpyware 20170905
Symantec 20170905
Symantec Mobile Insight 20170901
Tencent 20170905
TheHacker 20170904
TrendMicro 20170905
TrendMicro-HouseCall 20170905
Trustlook 20170905
VBA32 20170905
VIPRE 20170905
ViRobot 20170905
Webroot 20170905
WhiteArmor 20170829
Yandex 20170904
Zillya 20170902
ZoneAlarm by Check Point 20170905
Zoner 20170905
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-02 01:30:53
Entry Point 0x00001058
Number of sections 10
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
TlsAlloc
VirtualProtect
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
malloc
_errno
fwrite
__dllonexit
abort
free
vfprintf
realloc
calloc
fflush
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:12:02 02:30:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
96768

LinkerVersion
2.21

FileTypeExtension
dll

InitializedDataSize
117760

SubsystemVersion
4.0

EntryPoint
0x1058

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
512

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 000abdf5d3e31514801b44b954e1cf91
SHA1 89ebff9d7806e8550adde0ce111733909a205a5d
SHA256 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
ssdeep
3072:ou768hn2xXOjzXa6VhSlmBuqwNKvp7Ag9MSspV:H766sXOjzV+lmBZwNKvp7AwM

authentihash 116bb6b14630fba9ebf462523a7794aa7fce1582d76ce73938c54e51a6d80cb6
imphash be24466d210a5d342c48b1c5ea8928aa
File size 116.0 KB ( 118784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2012-01-11 14:52:41 UTC ( 5 years, 8 months ago )
Last submission 2017-09-05 14:26:09 UTC ( 2 weeks, 2 days ago )
File names 86.tmp
sbs_ve_ambr_20160129083219.577_ 64131
sbs_ve_ambr_20160018092108.228_ 170417
sbs_ve_ambr_20151017231515.667_ 332380
is-1jjli.tmp
sbs_ve_ambr_20160111215905.593_ 201037
sbs_ve_ambr_20151127215829.649_ 262393
AdbWinApi.dll
sbs_ve_ambr_20160302083329.427_ 286279
sbs_ve_ambr_20151108215459.573_ 262390
sbs_ve_ambr_20151101215422.365_ 170097
sbs_ve_ambr_20160124182418.503_ 344799
sbs_ve_ambr_20150813220637.782_ 372319
sbs_ve_ambr_20150815223141.239_ 317671
sbs_ve_ambr_20160102224333.780_ 322267
42.tmp
229.tmp
sbs_ve_ambr_20150911215714.786_ 373794
sbs_ve_ambr_20160121214024.763_ 199954
sbs_ve_ambr_20160015004629.406_ 184585
sbs_ve_ambr_20160128213833.581_ 213992
sbs_ve_ambr_20150910170555.841_ 339262
sbs_ve_ambr_20151108220908.594_ 323828
is-ri3fr.tmp
sbs_ve_ambr_20150915220115.432_ 138774
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!