× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11ffe1d163ee7b2fd6cc96a91cefcc845cc1334f0f3f7ecacde47b7d586f6b5f
File name: libeay32.dll
Detection ratio: 0 / 57
Analysis date: 2016-09-01 06:33:31 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20160901
AegisLab 20160901
AhnLab-V3 20160901
Alibaba 20160901
ALYac 20160901
Antiy-AVL 20160901
Arcabit 20160901
Avast 20160901
AVG 20160901
Avira (no cloud) 20160901
AVware 20160901
Baidu 20160901
BitDefender 20160901
Bkav 20160901
CAT-QuickHeal 20160831
ClamAV 20160901
CMC 20160901
Comodo 20160901
CrowdStrike Falcon (ML) 20160725
Cyren 20160901
DrWeb 20160901
Emsisoft 20160901
ESET-NOD32 20160901
F-Prot 20160901
F-Secure 20160901
Fortinet 20160901
GData 20160901
Ikarus 20160901
Sophos ML 20160830
Jiangmin 20160901
K7AntiVirus 20160901
K7GW 20160901
Kaspersky 20160901
Kingsoft 20160901
Malwarebytes 20160901
McAfee 20160901
McAfee-GW-Edition 20160901
Microsoft 20160901
eScan 20160901
NANO-Antivirus 20160901
nProtect 20160901
Panda 20160901
Qihoo-360 20160901
Rising 20160901
Sophos AV 20160901
SUPERAntiSpyware 20160831
Symantec 20160901
Tencent 20160901
TheHacker 20160829
TotalDefense 20160901
TrendMicro 20160901
TrendMicro-HouseCall 20160901
VBA32 20160831
VIPRE 20160831
ViRobot 20160901
Yandex 20160831
Zillya 20160901
Zoner 20160901
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

Product The OpenSSL Toolkit
Original name libeay32.dll
Internal name libeay32
File version 0.9.8o
Description OpenSSL Shared Library
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-06-16 08:33:18
Entry Point 0x000A9113
Number of sections 5
PE sections
PE imports
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetDeviceCaps
GetObjectA
DeleteDC
CreateDCA
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
GetLastError
GetStdHandle
FlushConsoleInputBuffer
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
GetCurrentProcessId
GetProcAddress
GetCurrentThread
GetModuleHandleA
FindFirstFileA
CloseHandle
FindNextFileA
GetVersion
GlobalMemoryStatus
FindClose
GetFileType
GetThreadTimes
ExitProcess
GetCurrentThreadId
SetLastError
strncmp
malloc
sscanf
realloc
fread
fclose
fgets
abort
fprintf
strtoul
printf
isdigit
fflush
isxdigit
strncpy
_except_handler3
fopen
signal
isalnum
_errno
fwrite
_chmod
fseek
qsort
_getpid
fputs
ftell
exit
sprintf
_ftol
strrchr
isspace
localtime
strchr
tolower
_adjust_fdiv
gmtime
free
getenv
atoi
vfprintf
perror
_write
_getch
_stat
_vsnprintf
strstr
strtol
memmove
_read
strerror
_ftime
time
wcsstr
_setmode
_initterm
isupper
strcmp
memchr
_iob
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
htonl
accept
WSAStartup
connect
shutdown
htons
WSASetLastError
WSAGetLastError
getsockopt
closesocket
ntohl
send
ntohs
listen
WSACleanup
gethostbyname
inet_ntoa
recv
socket
setsockopt
WSACancelBlockingCall
bind
recvfrom
sendto
getservbyname
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
389120

ImageVersion
0.0

ProductName
The OpenSSL Toolkit

FileVersionNumber
0.9.8.15

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
OpenSSL Shared Library

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
dll

OriginalFileName
libeay32.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
0.9.8o

TimeStamp
2010:06:16 09:33:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
libeay32

ProductVersion
0.9.8o

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 1998-2007 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
The OpenSSL Project, http://www.openssl.org/

CodeSize
692224

FileSubtype
0

ProductVersionNumber
0.9.8.15

EntryPoint
0xa9113

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 e904cb3caecb56b8e34f8839ff3efc38
SHA1 bd9c20e9c95288da8d6d7e78d0cad5af7dda687c
SHA256 11ffe1d163ee7b2fd6cc96a91cefcc845cc1334f0f3f7ecacde47b7d586f6b5f
ssdeep
12288:zh20aThQwvycxchEYGJbCUd4Ex10AdNhslPCpAF2iImbTPL7FkXEx:V2bhPKcmhEnbCyDTdNC8ptiImfzxjx

authentihash acc3fbf04c5cbc08b29496df0e87971e58d2b481c9fdd61127f3b45ab3efc274
imphash afe3c2a79a22a93a5560f4b2c853308d
File size 1.0 MB ( 1073152 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2010-07-30 02:04:59 UTC ( 8 years, 8 months ago )
Last submission 2016-05-26 18:35:24 UTC ( 2 years, 11 months ago )
File names f79_91_libeay32.dll
libeay32.dll
libeay32.dll
e904cb3caecb56b8e34f8839ff3efc38
filelibeay32DLL
libeay32
smona131625457394260659406
sbs_ve_ambr_20150625163956.045_ 40669
smona131608621793261408097
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
sbs_ve_ambr_20150611194841.501_ 2499354
11FFE1D163EE7B2FD6CC96A91CEFCC845CC1334F0F3F7ECACDE47B7D586F6B5F
smona_11ffe1d163ee7b2fd6cc96a91cefcc845cc1334f0f3f7ecacde47b7d586f6b5f.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!