× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 177e9d74aee2fbe2708406bd1c762e3e154483eec9cdb8df0db92bdb619cc208
File name: iefdm2.dll
Detection ratio: 0 / 66
Analysis date: 2017-10-31 01:53:13 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware 20171031
AegisLab 20171031
AhnLab-V3 20171030
Alibaba 20170911
ALYac 20171030
Antiy-AVL 20171030
Arcabit 20171030
Avast 20171030
Avast-Mobile 20171030
AVG 20171030
Avira (no cloud) 20171030
AVware 20171031
Baidu 20171030
BitDefender 20171030
Bkav 20171030
CAT-QuickHeal 20171030
ClamAV 20171030
CMC 20171030
Comodo 20171031
CrowdStrike Falcon (ML) 20171016
Cybereason 20170628
Cylance 20171031
Cyren 20171031
DrWeb 20171031
Emsisoft 20171031
Endgame 20171024
ESET-NOD32 20171031
F-Prot 20171031
F-Secure 20171030
Fortinet 20171031
GData 20171031
Ikarus 20171030
Sophos ML 20170914
Jiangmin 20171030
K7AntiVirus 20171030
K7GW 20171030
Kaspersky 20171031
Kingsoft 20171031
Malwarebytes 20171031
MAX 20171030
McAfee 20171031
McAfee-GW-Edition 20171030
Microsoft 20171030
eScan 20171031
NANO-Antivirus 20171031
nProtect 20171031
Palo Alto Networks (Known Signatures) 20171031
Panda 20171030
Qihoo-360 20171031
Rising 20171031
SentinelOne (Static ML) 20171019
Sophos AV 20171030
SUPERAntiSpyware 20171030
Symantec 20171030
Symantec Mobile Insight 20171027
Tencent 20171031
TheHacker 20171028
TotalDefense 20171030
TrendMicro 20171031
TrendMicro-HouseCall 20171031
Trustlook 20171031
VBA32 20171030
VIPRE 20171031
ViRobot 20171030
Webroot 20171031
WhiteArmor 20171024
Yandex 20171030
Zillya 20171030
ZoneAlarm by Check Point 20171031
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) FreeDownloadManager.ORG, 2003-2012

Product Free Download Manager
File version 981.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-26 04:11:29
Entry Point 0x00020A84
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
GetObjectA
GetDeviceCaps
DeleteDC
SelectObject
GetStockObject
CreateSolidBrush
BitBlt
CreateRoundRectRgn
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
LeaveCriticalSection
GetModuleHandleW
GetStartupInfoW
GlobalLock
GetProcessHeap
lstrcmpA
FindFirstFileA
FindNextFileA
IsValidLocale
GetUserDefaultLCID
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetVersion
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CreateErrorInfo
OleCreateFontIndirect
SysFreeString
SysStringLen
UnRegisterTypeLib
SysAllocStringLen
RegisterTypeLib
VariantChangeType
LoadRegTypeLib
SysAllocStringByteLen
VariantInit
VariantCopy
VariantClear
SysStringByteLen
GetErrorInfo
SysAllocString
LoadTypeLib
SetErrorInfo
VarUI4FromStr
SetFocus
GetMessageA
SetWindowRgn
MapDialogRect
RedrawWindow
PostMessageA
EndDialog
LoadMenuA
MoveWindow
CreateDialogIndirectParamA
KillTimer
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
MessageBoxA
SetWindowPos
GetParent
GetWindowThreadProcessId
IsWindow
SetWindowLongA
GetWindowRect
DispatchMessageA
EndPaint
UnhookWindowsHookEx
SetDlgItemTextA
SetCapture
ReleaseCapture
EnumChildWindows
CreateWindowExA
PeekMessageA
GetWindowTextLengthA
GetWindowLongA
TranslateMessage
GetWindow
InvalidateRect
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
BeginPaint
SetWindowTextA
CheckMenuItem
UnregisterClassA
PtInRect
SendMessageTimeoutA
SendMessageA
GetClientRect
SetTimer
GetDlgItem
CharNextA
ScreenToClient
CharNextW
CallNextHookEx
GetSubMenu
FindWindowExA
CreateAcceleratorTableA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
ClientToScreen
FillRect
SetWindowContextHelpId
DestroyAcceleratorTable
GetDesktopWindow
InflateRect
CallWindowProcA
GetClassNameA
GetFocus
GetWindowTextA
InvalidateRgn
ModifyMenuA
IsChild
DestroyWindow
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
CLSIDFromProgID
OleRun
OleInitialize
CoTaskMemFree
StringFromGUID2
CoGetClassObject
PE exports
Number of PE resources by type
RT_ICON 3
REGISTRY 2
RT_DIALOG 1
TYPELIB 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 4
RUSSIAN 1
NEUTRAL DEFAULT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
107008

ImageVersion
0.0

ProductName
Free Download Manager

FileVersionNumber
981.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
981.0.0.0

TimeStamp
2012:12:26 05:11:29+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
0.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) FreeDownloadManager.ORG, 2003-2012

MachineType
Intel 386 or later, and compatibles

CompanyName
FreeDownloadManager.ORG

CodeSize
257024

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x20a84

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 07cef34eff8cff74acce8935357d6926
SHA1 d083130623a332e688cf3fea8c05c1d0edb4a673
SHA256 177e9d74aee2fbe2708406bd1c762e3e154483eec9cdb8df0db92bdb619cc208
ssdeep
6144:foqWSXGwzCbT3hJ7/aW/3jSSDnDDrzRgqZt605RFjGjrhoFp:wiGwk7yW/jSYRgqZt6ORFjGjCFp

authentihash a9db31d7dd323830ab92f361a6d24d733e9c290204efebd17594e3f90940c24b
imphash 663fe57780f8773ddc3fbf028d95e4f3
File size 356.5 KB ( 365056 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (73.1%)
Win64 Executable (generic) (17.3%)
Win32 Dynamic Link Library (generic) (4.1%)
Win32 Executable (generic) (2.8%)
Generic Win/DOS Executable (1.2%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-28 17:31:22 UTC ( 6 years, 1 month ago )
Last submission 2013-09-07 16:09:03 UTC ( 5 years, 5 months ago )
File names IEFDM2.DLL
iefdm2.dll
iefdm2.dll
iefdm2.dll
iefdm2.dll
iefdm2.dll
2cbrgbrdumzoncgph7viybob2dw3jjtt.dll
iefdm2.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!