× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00747cecc5b325cc68ea6cadf1a51ae7a070adcf4dc5a87d754d1f8d41049d7e
File name: SaveAsRTF.api
Detection ratio: 0 / 64
Analysis date: 2018-03-03 08:25:25 UTC ( 10 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180303
AegisLab 20180303
AhnLab-V3 20180302
Alibaba 20180302
ALYac 20180303
Antiy-AVL 20180303
Arcabit 20180303
Avast 20180303
Avast-Mobile 20180303
AVG 20180303
Avira (no cloud) 20180301
AVware 20180303
Baidu 20180302
BitDefender 20180303
Bkav 20180303
CAT-QuickHeal 20180302
ClamAV 20180303
CMC 20180303
Comodo 20180303
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180303
Cyren 20180303
DrWeb 20180303
eGambit 20180303
Emsisoft 20180303
Endgame 20180303
ESET-NOD32 20180303
F-Prot 20180303
F-Secure 20180303
Fortinet 20180303
GData 20180303
Sophos ML 20180121
Jiangmin 20180303
K7AntiVirus 20180303
K7GW 20180303
Kaspersky 20180302
Kingsoft 20180303
Malwarebytes 20180303
MAX 20180303
McAfee 20180303
McAfee-GW-Edition 20180303
Microsoft 20180303
eScan 20180303
NANO-Antivirus 20180303
nProtect 20180303
Palo Alto Networks (Known Signatures) 20180303
Panda 20180303
Qihoo-360 20180303
Rising 20180303
SentinelOne (Static ML) 20180225
Sophos AV 20180303
SUPERAntiSpyware 20180303
Symantec 20180302
Symantec Mobile Insight 20180220
Tencent 20180303
TheHacker 20180303
TotalDefense 20180303
Trustlook 20180303
VBA32 20180302
VIPRE 20180303
ViRobot 20180303
Webroot 20180303
WhiteArmor 20180223
Yandex 20180303
Zillya 20180302
ZoneAlarm by Check Point 20180303
Zoner 20180303
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.

Product Adobe Acrobat
Original name SaveAsRTF.api
File version 11.0.03.37
Description Adobe Acrobat SaveAsRTF Plug-in
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-11 10:07:08
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 37ea2f34c870667f76163b5616785cc8
File type data
Offset 435712
Size 611
Entropy 7.28
PE imports
GetLastError
GetSystemTimeAsFileTime
lstrlenA
GetModuleFileNameW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
GetModuleFileNameA
GetFileAttributesW
GetCurrentProcess
SizeofResource
GetCurrentProcessId
LockResource
GetModuleHandleW
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetDllDirectoryW
LoadLibraryW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
IsProcessorFeaturePresent
SetDllDirectoryW
TerminateProcess
GetACP
DecodePointer
OutputDebugStringA
FreeResource
FindAtomW
GetVersion
LoadResource
Sleep
GetTickCount
GetCurrentThreadId
FindResourceA
SetLastError
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?max@?$numeric_limits@I@std@@SAIXZ
_malloc_crt
_purecall
_ltoa_s
?what@exception@std@@UBEPBDXZ
setlocale
??0exception@std@@QAE@ABQBDH@Z
memset
_time64
__dllonexit
_stricmp
_vsnprintf_s
isdigit
isalpha
strlen
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
strncmp
_lock
_onexit
vsprintf_s
abs
??_V@YAXPAX@Z
memcmp
strrchr
_gmtime64
_initterm_e
_set_invalid_parameter_handler
strchr
_ultoa_s
_CxxThrowException
tolower
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
atoi
_mbsstr
atof
memcpy
??0exception@std@@QAE@ABV01@@Z
strpbrk
strstr
??1exception@std@@UAE@XZ
memmove
localeconv
??0exception@std@@QAE@ABQBD@Z
_encoded_null
_localtime64
__CppXcptFilter
_initterm
strcmp
memchr
SetFocus
wsprintfA
GetWindowRect
GetPropW
MoveWindow
GetFocus
FindWindowA
SetPropW
PE exports
Number of PE resources by type
EXVW 5
RT_RCDATA 4
ZDCT 2
RT_VERSION 1
PNGI 1
Number of PE resources by language
ENGLISH US 13
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.0.3.37

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0xffff

CharacterSet
Windows, Latin1

InitializedDataSize
143360

EntryPoint
0x1000

OriginalFileName
SaveAsRTF.api

MIMEType
application/octet-stream

LegalCopyright
Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.

FileVersion
11.0.03.37

TimeStamp
2013:05:11 11:07:08+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
11.0.03.37

FileDescription
Adobe Acrobat SaveAsRTF Plug-in

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
291328

ProductName
Adobe Acrobat

ProductVersionNumber
11.0.3.37

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 7b27b828e90c89b1d5c378ab2f695e95
SHA1 1a4fcb2ad13e32a9bfc06e5a4f7b5ed21ba66f7f
SHA256 00747cecc5b325cc68ea6cadf1a51ae7a070adcf4dc5a87d754d1f8d41049d7e
ssdeep
6144:aGvzH4P0548WUrThIG8EFK4iFijPAvlXfpZos+I9IlV/u04lesmyWKhMReZmUzuz:xj7q0dIKoiHZuksMAMsqh0zqiL2YG

authentihash d9461f5570daac0ee366adfb9a63028ce42932eb5be82082e46138ae45bc22d4
imphash f4d37d2dfc24125669b8df42bcd1413d
File size 426.1 KB ( 436323 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll overlay

VirusTotal metadata
First submission 2013-05-14 20:27:33 UTC ( 5 years, 8 months ago )
Last submission 2016-06-04 03:43:12 UTC ( 2 years, 7 months ago )
File names saveasrtf.api
bit86eb.tmp
bit7285.tmp
bit710d.tmp
bit6050.tmp
bitaa4b.tmp
00747cecc5b325cc68ea6cadf1a51ae7a070adcf4dc5a87d754d1f8d41049d7e-content_2c018508-d878-4970-b115-50a614dfef0f.1.lab00101.temp
bitaef0.tmp
bitce8.tmp
bite04f.tmp
bit6f22.tmp
bit3070.tmp
SaveAsRTF.api
bit7146.tmp
bit3235.tmp
bit7e92.tmp
bit7b8c.tmp
bit8720.tmp
bit87e5.tmp
bit290d.tmp
bit9e16.tmp
bit2f0e.tmp
bitc3bd.tmp
SaveAsRTF.api
bit3e70.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!