× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
File name: libgcc_s_dw2-1.dll
Detection ratio: 0 / 64
Analysis date: 2018-01-31 16:28:26 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
AegisLab 20180131
AhnLab-V3 20180131
Alibaba 20180131
ALYac 20180131
Antiy-AVL 20180131
Arcabit 20180131
Avast 20180131
Avast-Mobile 20180131
AVG 20180131
Avira (no cloud) 20180131
AVware 20180131
Baidu 20180131
BitDefender 20180131
Bkav 20180131
CAT-QuickHeal 20180131
ClamAV 20180131
CMC 20180131
Comodo 20180131
CrowdStrike Falcon (ML) 20170201
Cybereason 20171103
Cylance 20180131
Cyren 20180131
DrWeb 20180131
eGambit 20180131
Emsisoft 20180131
Endgame 20171130
ESET-NOD32 20180131
F-Prot 20180131
Fortinet 20180131
GData 20180131
Ikarus 20180131
Sophos ML 20180121
Jiangmin 20180131
K7AntiVirus 20180131
K7GW 20180131
Kaspersky 20180131
Kingsoft 20180131
Malwarebytes 20180131
MAX 20180131
McAfee 20180131
McAfee-GW-Edition 20180131
Microsoft 20180131
eScan 20180131
NANO-Antivirus 20180131
nProtect 20180131
Palo Alto Networks (Known Signatures) 20180131
Panda 20180131
Qihoo-360 20180131
Rising 20180131
SentinelOne (Static ML) 20180115
Sophos AV 20180131
SUPERAntiSpyware 20180131
Symantec 20180131
Symantec Mobile Insight 20180131
Tencent 20180131
TheHacker 20180130
TotalDefense 20180131
TrendMicro 20180131
TrendMicro-HouseCall 20180131
Trustlook 20180131
VBA32 20180131
VIPRE 20180131
ViRobot 20180131
Webroot 20180131
Yandex 20180130
Zillya 20180131
ZoneAlarm by Check Point 20180131
Zoner 20180131
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-02 01:30:53
Entry Point 0x00001058
Number of sections 10
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
TlsAlloc
VirtualProtect
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
malloc
_errno
fwrite
__dllonexit
abort
free
vfprintf
realloc
calloc
fflush
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:12:02 02:30:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
96768

LinkerVersion
2.21

FileTypeExtension
dll

InitializedDataSize
117760

SubsystemVersion
4.0

EntryPoint
0x1058

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
512

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 000abdf5d3e31514801b44b954e1cf91
SHA1 89ebff9d7806e8550adde0ce111733909a205a5d
SHA256 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
ssdeep
3072:ou768hn2xXOjzXa6VhSlmBuqwNKvp7Ag9MSspV:H766sXOjzV+lmBZwNKvp7AwM

authentihash 116bb6b14630fba9ebf462523a7794aa7fce1582d76ce73938c54e51a6d80cb6
imphash be24466d210a5d342c48b1c5ea8928aa
File size 116.0 KB ( 118784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
pedll

VirusTotal metadata
First submission 2012-01-11 14:52:41 UTC ( 6 years, 1 month ago )
Last submission 2018-01-20 21:38:15 UTC ( 1 month ago )
File names 86.tmp
sbs_ve_ambr_20160129083219.577_ 64131
sbs_ve_ambr_20160018092108.228_ 170417
sbs_ve_ambr_20151017231515.667_ 332380
is-1jjli.tmp
sbs_ve_ambr_20160111215905.593_ 201037
sbs_ve_ambr_20151127215829.649_ 262393
AdbWinApi.dll
sbs_ve_ambr_20160302083329.427_ 286279
sbs_ve_ambr_20151108215459.573_ 262390
sbs_ve_ambr_20151101215422.365_ 170097
sbs_ve_ambr_20160124182418.503_ 344799
sbs_ve_ambr_20150815223141.239_ 317671
sbs_ve_ambr_20160102224333.780_ 322267
42.tmp
229.tmp
sbs_ve_ambr_20150911215714.786_ 373794
sbs_ve_ambr_20160121214024.763_ 199954
sbs_ve_ambr_20160015004629.406_ 184585
sbs_ve_ambr_20160128213833.581_ 213992
sbs_ve_ambr_20150910170555.841_ 339262
sbs_ve_ambr_20151108220908.594_ 323828
is-ri3fr.tmp
sbs_ve_ambr_20150915220115.432_ 138774
sbs_ve_ambr_20150906220508.410_ 272381
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!