× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a454d744105aa8112788ed288cd7f8a574f607c585953a28debcec900659e05
File name: AMD_AGS.DLL
Detection ratio: 0 / 66
Analysis date: 2017-10-13 04:49:03 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20171013
AegisLab 20171013
AhnLab-V3 20171013
Alibaba 20170911
ALYac 20171013
Antiy-AVL 20171012
Arcabit 20171013
Avast 20171013
Avast-Mobile 20171012
AVG 20171013
Avira (no cloud) 20171012
AVware 20171013
Baidu 20171013
BitDefender 20171013
Bkav 20171013
CAT-QuickHeal 20171012
ClamAV 20171013
CMC 20171012
Comodo 20171013
CrowdStrike Falcon (ML) 20170804
Cylance 20171013
Cyren 20171013
DrWeb 20171013
Emsisoft 20171013
Endgame 20170821
ESET-NOD32 20171013
F-Prot 20171013
F-Secure 20171013
Fortinet 20171013
GData 20171013
Ikarus 20171012
Sophos ML 20170914
Jiangmin 20171013
K7AntiVirus 20171013
K7GW 20171013
Kaspersky 20171013
Kingsoft 20171013
Malwarebytes 20171013
MAX 20171013
McAfee 20171013
McAfee-GW-Edition 20171013
Microsoft 20171013
eScan 20171013
NANO-Antivirus 20171013
nProtect 20171013
Palo Alto Networks (Known Signatures) 20171013
Panda 20171012
Qihoo-360 20171013
Rising 20171013
SentinelOne (Static ML) 20171001
Sophos AV 20171013
SUPERAntiSpyware 20171013
Symantec 20171013
Symantec Mobile Insight 20171011
Tencent 20171013
TheHacker 20171013
TotalDefense 20171012
TrendMicro 20171013
TrendMicro-HouseCall 20171013
Trustlook 20171013
VBA32 20171012
VIPRE 20171013
ViRobot 20171013
Webroot 20171013
WhiteArmor 20170927
Yandex 20171012
Zillya 20171012
ZoneAlarm by Check Point 20171013
Zoner 20171013
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-31 16:34:20
Entry Point 0x0000C518
Number of sections 5
PE sections
PE imports
CreateDCA
ExtEscape
DeleteDC
HeapSize
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetLocaleInfoW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetProcessHeap
GetCurrentThread
ExitProcess
SetFilePointer
GetTempPathA
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
GetStringTypeW
FatalAppExitA
HeapDestroy
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:07:31 17:34:20+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
181760

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0xc518

InitializedDataSize
73216

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 9041e591cfc099acc250af13e158b4ed
SHA1 207dd17e3890802b1cc26c36fba1f4e6c3b1ffb0
SHA256 1a454d744105aa8112788ed288cd7f8a574f607c585953a28debcec900659e05
ssdeep
6144:mPEzRLbjhlbAKGPSZbUzqOzMZURU6NMYqIqbaq:mMzRLZlbAKGPS1YqdZURlNMB

authentihash b7c48d3cabb9ccce0c1dd2df01571283a5a24a54c2c9b65a7ca35990328c049b
imphash 715892d4294c8a07a311de5e24986a9f
File size 250.0 KB ( 256000 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll

VirusTotal metadata
First submission 2014-02-13 17:02:20 UTC ( 4 years, 11 months ago )
Last submission 2018-05-08 12:24:11 UTC ( 8 months, 2 weeks ago )
File names amd_ags.dll
AMD_AGS.DLL
amd_ags.dll
AMD_AGS.DLL
amd_ags.dll
AMD_AGS.DLL
4c71b29d3f148fe04335b75e8e5e4f02_amd_ags.dll.safe
amd_ags.dll
AMD_AGS.DLL
amd_ags.dll
amd_ags.dll
file-7736520_DLL
AMD_AGS.DLL
AMD_AGS.DLL
amd_ags.dll
eb65c7ryscacwhgcnq3pxipu43b3d75q.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!