× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c271f42da9f1483de15869914d216a8ef44ca80c0d5907789b6e9873e3aa245f
File name: pthreadGC2.dll
Detection ratio: 0 / 64
Analysis date: 2017-08-18 08:45:29 UTC ( 3 days, 6 hours ago )
Antivirus Result Update
Ad-Aware 20170818
AegisLab 20170818
AhnLab-V3 20170817
Alibaba 20170818
ALYac 20170818
Antiy-AVL 20170818
Arcabit 20170818
Avast 20170818
AVG 20170818
Avira (no cloud) 20170818
AVware 20170818
Baidu 20170817
BitDefender 20170818
Bkav 20170817
CAT-QuickHeal 20170818
ClamAV 20170818
CMC 20170818
Comodo 20170818
CrowdStrike Falcon (ML) 20170804
Cylance 20170818
Cyren 20170818
DrWeb 20170818
Emsisoft 20170818
Endgame 20170721
ESET-NOD32 20170818
F-Prot 20170818
F-Secure 20170818
Fortinet 20170818
GData 20170818
Ikarus 20170817
Sophos ML 20170818
Jiangmin 20170818
K7AntiVirus 20170818
K7GW 20170817
Kaspersky 20170818
Kingsoft 20170818
Malwarebytes 20170818
MAX 20170818
McAfee 20170818
McAfee-GW-Edition 20170818
Microsoft 20170818
eScan 20170818
NANO-Antivirus 20170818
nProtect 20170818
Palo Alto Networks (Known Signatures) 20170818
Panda 20170817
Qihoo-360 20170818
Rising 20170818
SentinelOne (Static ML) 20170806
Sophos AV 20170818
SUPERAntiSpyware 20170818
Symantec 20170818
Symantec Mobile Insight 20170818
Tencent 20170818
TheHacker 20170817
TrendMicro 20170818
TrendMicro-HouseCall 20170818
Trustlook 20170818
VBA32 20170817
VIPRE 20170818
ViRobot 20170818
Webroot 20170818
WhiteArmor 20170817
Yandex 20170817
Zillya 20170817
ZoneAlarm by Check Point 20170818
Zoner 20170818
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Project contributors 2011

Product POSIX Threads for Windows LPGL
Original name pthreadGC
Internal name pthreadGC
File version 2, 9, 0, 0
Description GNU C 32 bit
Comments http://sourceware.org/pthreads-win32/
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-20 21:51:39
Entry Point 0x000010C0
Number of sections 11
PE sections
Overlays
MD5 2b1283f8fa27d2a1eddc0f0362ca0574
File type data
Offset 68096
Size 26204
Entropy 4.39
PE imports
GetLastError
EnterCriticalSection
SetThreadContext
WaitForSingleObject
ResumeThread
FreeLibrary
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SetThreadPriority
GetCurrentProcessId
ReleaseSemaphore
OpenProcess
GetProcAddress
GetThreadContext
GetCurrentThread
SuspendThread
CreateSemaphoreA
TlsFree
GetModuleHandleA
CloseHandle
ResetEvent
DuplicateHandle
WaitForMultipleObjects
GetThreadPriority
SetEvent
GetProcessAffinityMask
InitializeCriticalSection
VirtualQuery
CreateEventA
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
SetLastError
LeaveCriticalSection
malloc
longjmp
_errno
fwrite
abort
__dllonexit
_setjmp
memcpy
_beginthreadex
exit
free
vfprintf
calloc
fflush
_winmajor
_endthreadex
_ftime
_iob
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
GNU C 32 bit

Comments
http://sourceware.org/pthreads-win32/

LinkerVersion
2.21

ImageVersion
1.0

ProductName
POSIX Threads for Windows LPGL

FileVersionNumber
2.9.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
67072

FileTypeExtension
dll

OriginalFileName
pthreadGC

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
2, 9, 0, 0

TimeStamp
2011:05:20 22:51:39+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
pthreadGC

SubsystemVersion
4.0

ProductVersion
2, 9, 0, 0

UninitializedDataSize
512

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) Project contributors 2011

MachineType
Intel 386 or later, and compatibles

CompanyName
Open Source Software community LGPL

CodeSize
56320

FileSubtype
0

ProductVersionNumber
2.9.0.0

EntryPoint
0x10c0

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 ac05fbba61f939cd90133032f2595c69
SHA1 ce3d3811457176dbefb06f5a395505eef8b2a641
SHA256 c271f42da9f1483de15869914d216a8ef44ca80c0d5907789b6e9873e3aa245f
ssdeep
1536:oeHa2+yL/iA1P91IBfiH/p/DKIMds0RweKZw:oe6oLiA1rIBfiH/p/DKIMds0Rwel

authentihash d11b800306e346efb585faff6b2a2dde9d9458886bc368f9d69362816c26ba20
imphash 5d779cfdcc989deb214e59d1ee6b53c4
File size 92.1 KB ( 94300 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
overlay pedll via-tor

VirusTotal metadata
First submission 2011-10-18 15:28:00 UTC ( 5 years, 10 months ago )
Last submission 2017-08-18 08:45:29 UTC ( 3 days, 6 hours ago )
File names pthreadGC2
sbs_ve_ambr_20140807170511.142_ 22018
is-0hgv7.tmp
is-ogtrr.tmp
_63CD14AF42B541F0AADAE561B7F9994E
sbs_ve_ambr_20150222002028.706_ 26264
is-hlhja.tmp
is-8bok2.tmp
sbs_ve_ambr_20140910173901.601_ 15856
sbs_ve_ambr_20141019171207.324_ 23062
is-he2qa.tmp
sbs_ve_ambr_20140827161356.899_ 39377
sbs_ve_ambr_20140904174917.392_ 29452
sbs_ve_ambr_20150028190811.873_ 13730
is-bv8oe.tmp
pthreadgc2.dll
is-5m7f1.tmp
is-3mo52.tmp
is-hasck.tmp
sbs_ve_ambr_20140917180904.989_ 22745
66283944.dll
sbs_ve_ambr_20140917180857.031_ 22682
sbs_ve_ambr_20140904174925.114_ 29515
sbs_ve_ambr_20150028190818.877_ 13793
sbs_ve_ambr_20150105174924.358_ 20938
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!