× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a35aba61a35d2e8be5c329a7385d5c2887c32e328cec146732db3a6c7782a41
File name: iertutil.dll
Detection ratio: 0 / 60
Analysis date: 2017-05-12 01:38:16 UTC ( 1 month, 2 weeks ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170511
AVG 20170511
AVware 20170512
Ad-Aware 20170512
AegisLab 20170512
AhnLab-V3 20170511
Arcabit 20170512
Avast 20170512
Avira (no cloud) 20170511
Baidu 20170503
BitDefender 20170512
Bkav 20170511
CAT-QuickHeal 20170511
CMC 20170511
ClamAV 20170511
Comodo 20170512
CrowdStrike Falcon (ML) 20170130
Cyren 20170512
DrWeb 20170512
ESET-NOD32 20170511
Emsisoft 20170512
Endgame 20170503
F-Prot 20170512
F-Secure 20170512
Fortinet 20170512
GData 20170512
Ikarus 20170511
Invincea 20170413
Jiangmin 20170510
K7AntiVirus 20170511
K7GW 20170511
Kaspersky 20170512
Kingsoft 20170512
Malwarebytes 20170512
McAfee 20170511
McAfee-GW-Edition 20170511
eScan 20170511
Microsoft 20170511
NANO-Antivirus 20170512
Palo Alto Networks (Known Signatures) 20170512
Panda 20170511
Qihoo-360 20170512
Rising 20170512
SUPERAntiSpyware 20170511
SentinelOne (Static ML) 20170330
Sophos 20170512
Symantec 20170511
Tencent 20170512
TheHacker 20170508
TotalDefense 20170511
TrendMicro 20170512
VBA32 20170511
VIPRE 20170512
ViRobot 20170511
Webroot 20170512
Yandex 20170510
Zillya 20170511
ZoneAlarm by Check Point 20170512
Zoner 20170512
nProtect 20170512
Alibaba 20170511
Symantec Mobile Insight 20170511
Trustlook 20170512
WhiteArmor 20170502
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows® Internet Explorer
Original name IeRtUtil.dll
Internal name IeRtUtil.dll
File version 7.00.5730.11 (winmain(wmbla).061017-1135)
Description Run time utility for Internet Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-17 19:57:14
Entry Point 0x0000132D
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
RegQueryValueExA
GetAce
InitializeAcl
RegDeleteKeyW
GetAclInformation
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
DeregisterEventSource
AddAccessAllowedAce
RegOpenKeyExW
CreateProcessAsUserW
RegisterEventSourceA
SetTokenInformation
RegOpenKeyExA
ConvertSidToStringSidW
GetTokenInformation
DuplicateTokenEx
GetKernelObjectSecurity
IsValidSid
RegQueryInfoKeyW
RegDeleteValueW
OpenThreadToken
GetSecurityDescriptorSacl
CreateRestrictedToken
GetLengthSid
ConvertStringSidToSidW
InitializeSid
SetSecurityInfo
RegEnumValueW
RegSetValueExW
FreeSid
GetSidLengthRequired
ReportEventW
AllocateAndInitializeSid
EqualSid
AddAce
GetDeviceCaps
OpenFileMappingW
GetSystemTime
GetLastError
GetVolumePathNameW
HeapFree
LocalReAlloc
GetDriveTypeW
ReleaseMutex
GetSystemInfo
lstrlenA
LoadLibraryW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
HeapAlloc
SystemTimeToFileTime
GetVersionExA
GetFileAttributesW
lstrlenW
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
CompareFileTime
GetThreadLocale
LocalAlloc
OpenProcess
UnhandledExceptionFilter
GetLogicalDrives
CreateDirectoryW
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
GetProcessHeap
CreateFileMappingW
GetModuleFileNameW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
ExpandEnvironmentStringsW
lstrcmpA
LeaveCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
GetModuleHandleA
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
DuplicateHandle
HeapReAlloc
GetModuleHandleW
CompareStringW
LocalFree
OpenEventA
TerminateProcess
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetDiskFreeSpaceExW
InterlockedDecrement
Sleep
SetFileAttributesW
GetTickCount
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
SetLastError
InterlockedIncrement
GetWindowThreadProcessId
ReleaseDC
GetSystemMetrics
GetUserObjectInformationW
PostQuitMessage
TranslateMessage
WaitForInputIdle
DispatchMessageW
GetMessageW
GetShellWindow
GetThreadDesktop
GetDC
_amsg_exit
strncat
malloc
memset
memmove
_unlock
_adjust_fdiv
_lock
wcschr
__dllonexit
_onexit
_wcslwr
memcpy
_wcsicmp
_strlwr
free
wcsrchr
_initterm
_vsnwprintf
towupper
_XcptFilter
RtlUnwind
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
31744

ImageVersion
6.0

ProductName
Windows Internet Explorer

FileVersionNumber
7.0.5730.11

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
IeRtUtil.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.00.5730.11 (winmain(wmbla).061017-1135)

TimeStamp
2006:10:17 20:57:14+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
IeRtUtil.dll

ProductVersion
7.00.5730.11

FileDescription
Run time utility for Internet Explorer

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
234496

FileSubtype
0

ProductVersionNumber
7.0.5730.11

EntryPoint
0x132d

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 c9f48c6a6963bab7d1b5d025212d8f36
SHA1 f9a3ed8554454e80aa769a674b23cf0865721602
SHA256 2a35aba61a35d2e8be5c329a7385d5c2887c32e328cec146732db3a6c7782a41
ssdeep
6144:qwukB0nTQA2FIPlZznlUJZCKV+O2BiadbtMO:lansAjPlZQBV+V7j

authentihash 8ac3fd22797f8a60c4c82ed61c0749f2695a708aaf1decf501057be832411ffd
imphash 5d2697ab66b8912dd623b269dc272d20
File size 260.5 KB ( 266752 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (34.8%)
Win64 Executable (generic) (30.8%)
Win 9x/ME Control Panel applet (17.3%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
pedll trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with iertutil.dll as its name. The file belongs to the Windows XP Embedded product, it can be found, for example, in SW CD Windows XP Embed w/SP2 EMB English #1 Internet Explorer 7.0 OEM.
VirusTotal metadata
First submission 2009-05-26 18:02:52 UTC ( 8 years, 1 month ago )
Last submission 2017-05-12 01:38:16 UTC ( 1 month, 2 weeks ago )
File names file-2443211_dll
iertutil.dll
iertutil.dll
smona_2a35aba61a35d2e8be5c329a7385d5c2887c32e328cec146732db3a6c7782a41.bin
wiertutil.dll
iertutil.dll
c9f48c6a6963bab7d1b5d025212d8f36_iertutil.dll
iertutil(2).dll
DPTJDAQWHW-690.pms.dll.SVD
smona131320151703145030665
iertutil.dll
C9F48C6A6963BAB7D1B5D025212D8F36
iertutil (58).dll
IeRtUtil.dll
iertutil.dll
f9a3ed8554454e80aa769a674b23cf0865721602
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!