× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb5cd48d7ea8fa3b8f3ac57a54f8f6fd4c5eee736f45dd139fbea13ab1d1597f
File name: MWAsLE3B8YP.dll
Detection ratio: 4 / 56
Analysis date: 2016-12-09 08:58:07 UTC ( 1 year ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware09 20161208
Sophos ML trojan.win32.necurs.a 20161202
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161209
Rising Malware.Generic!IxMSecmqEkF@3 (thunder) 20161209
Ad-Aware 20161209
AegisLab 20161209
AhnLab-V3 20161209
Alibaba 20161209
ALYac 20161209
Antiy-AVL 20161209
Arcabit 20161209
Avast 20161209
AVG 20161209
Avira (no cloud) 20161209
AVware 20161209
Baidu 20161207
BitDefender 20161209
CAT-QuickHeal 20161209
ClamAV 20161209
CMC 20161209
Comodo 20161209
CrowdStrike Falcon (ML) 20161024
Cyren 20161209
DrWeb 20161209
Emsisoft 20161209
ESET-NOD32 20161209
F-Prot 20161209
F-Secure 20161209
Fortinet 20161209
GData 20161209
Ikarus 20161208
Jiangmin 20161208
K7AntiVirus 20161209
K7GW 20161209
Kaspersky 20161209
Kingsoft 20161209
Malwarebytes 20161209
McAfee 20161209
McAfee-GW-Edition 20161208
Microsoft 20161209
eScan 20161209
NANO-Antivirus 20161209
nProtect 20161209
Panda 20161208
Sophos AV 20161209
SUPERAntiSpyware 20161209
Symantec 20161209
Tencent 20161209
TheHacker 20161130
TrendMicro 20161209
TrendMicro-HouseCall 20161209
Trustlook 20161209
VBA32 20161208
VIPRE 20161209
ViRobot 20161209
WhiteArmor 20161207
Yandex 20161208
Zillya 20161207
Zoner 20161209
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2004-2014, Applied Informatics Software Engineering GmbH and Contributors.

Product POCO C++ Libraries - http://pocoproject.org
Internal name POCO
File version 1.5.3
Description This file is part of the POCO C++ Libraries.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-09 05:57:12
Entry Point 0x00010502
Number of sections 5
PE sections
Overlays
MD5 536c9e5ef22ed65efa6bb712382e751e
File type data
Offset 139776
Size 9152
Entropy 7.98
PE imports
CloseServiceHandle
StartServiceW
GetUserNameW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
SetThreadLocale
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetVersionExW
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetModuleFileNameA
GetLocalTime
IsProcessorFeaturePresent
lstrcatW
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
WriteConsoleW
lstrlenW
WideCharToMultiByte
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetUserDefaultLCID
TlsFree
GetPrivateProfileStringW
GetLocaleInfoW
SetStdHandle
RaiseException
GetCPInfo
MoveFileExW
SetFilePointer
ReadFile
GlobalFindAtomA
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindNextFileW
GetPrivateProfileIntA
LocalFree
FormatMessageW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
FindClose
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
lstrcmpW
GetCurrentProcessId
SetLastError
LeaveCriticalSection
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
StrTrimW
SetForegroundWindow
GetForegroundWindow
IsWindowUnicode
CharLowerW
wsprintfW
Ord(161)
_exit
isalnum
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.3.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
81408

EntryPoint
0x10502

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004-2014, Applied Informatics Software Engineering GmbH and Contributors.

FileVersion
1.5.3

TimeStamp
2016:12:09 06:57:12+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
POCO

ProductVersion
1.5.3

FileDescription
This file is part of the POCO C++ Libraries.

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Applied Informatics Software Engineering GmbH

CodeSize
98304

ProductName
POCO C++ Libraries - http://pocoproject.org

ProductVersionNumber
1.5.3.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 5e3f5666a5d6fbd4e64b62f8556a41f5
SHA1 13583bbbf995e462e8aa3864c1cc7d3d8ebeb681
SHA256 fb5cd48d7ea8fa3b8f3ac57a54f8f6fd4c5eee736f45dd139fbea13ab1d1597f
ssdeep
3072:3/40JExRNezFzY4t+DlkDRW1sg4saDletvW2as:JQNezBYE+DlSlUtv

authentihash bb690d3486e0cd58ba10102e07728a5399acee53e4077ae449dc19f1a6a45903
imphash e073baa91793b3886b04b3f173f5e632
File size 145.4 KB ( 148928 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-12-09 08:58:07 UTC ( 1 year ago )
Last submission 2016-12-09 08:58:07 UTC ( 1 year ago )
File names POCO
MWAsLE3B8YP.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!