× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c42fc1d3434fe6cc8d027239a09aea79fe49003991b295bfdfbd79ba642d431
File name: php_imap.dll
Detection ratio: 0 / 58
Analysis date: 2016-09-11 07:52:46 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20160911
AegisLab 20160911
AhnLab-V3 20160910
Alibaba 20160910
ALYac 20160911
Antiy-AVL 20160911
Arcabit 20160911
Avast 20160911
AVG 20160911
Avira (no cloud) 20160911
AVware 20160911
Baidu 20160910
BitDefender 20160911
Bkav 20160910
CAT-QuickHeal 20160910
ClamAV 20160911
CMC 20160908
Comodo 20160908
CrowdStrike Falcon (ML) 20160725
Cyren 20160911
DrWeb 20160911
Emsisoft 20160911
ESET-NOD32 20160910
F-Prot 20160911
F-Secure 20160910
Fortinet 20160911
GData 20160911
Ikarus 20160910
Sophos ML 20160830
Jiangmin 20160911
K7AntiVirus 20160911
K7GW 20160911
Kaspersky 20160911
Kingsoft 20160911
Malwarebytes 20160911
McAfee 20160911
McAfee-GW-Edition 20160911
Microsoft 20160911
eScan 20160911
NANO-Antivirus 20160911
nProtect 20160911
Panda 20160910
Qihoo-360 20160911
Rising 20160911
Sophos AV 20160911
SUPERAntiSpyware 20160911
Symantec 20160911
Tencent 20160911
TheHacker 20160909
TotalDefense 20160907
TrendMicro 20160911
TrendMicro-HouseCall 20160911
VBA32 20160909
VIPRE 20160911
ViRobot 20160911
Yandex 20160910
Zillya 20160910
Zoner 20160911
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © 1997-2014 The PHP Group

Product PHP
Original name php_imap.dll
Internal name IMAP extension
File version 5.6.12
Description IMAP
Comments Thanks to Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky
PE header basic information
Target machine x64
Compilation timestamp 2015-08-06 19:14:50
Entry Point 0x00054FDC
Number of sections 6
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LogonUserA
GetUserNameA
RegisterEventSourceA
ImpersonateLoggedOnUser
ReportEventA
CertFreeCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertNameToStrA
GetLastError
GetCurrentProcess
IsProcessorFeaturePresent
LockFileEx
WideCharToMultiByte
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
Sleep
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetVersionExA
MultiByteToWideChar
UnlockFileEx
GetProcAddress
DecodePointer
LoadLibraryA
EncodePointer
getc
rand
fclose
_time64
strtoul
fflush
isxdigit
strtol
_findclose
fwrite
fputs
_findfirst64i32
_tzname
_fileno
_unlink
_write
memcpy
strstr
memmove
_lseek
__crt_debugger_hook
_mkdir
_initterm
strcmp
memchr
strncmp
memset
_stricmp
_findnext64i32
_setmode
_stat64i32
fgets
__clean_type_info_names_internal
strchr
fopen
clock
_lock
_getpid
ftell
exit
sprintf
strrchr
_initterm_e
free
_gmtime64
putchar
_read
_exit
_daylight
__crtCaptureCurrentContext
rename
_fstat64i32
realloc
__dllonexit
_tempnam
_access
_commit
strncpy
getchar
__C_specific_handler
isalnum
qsort
_tzset
_open
_onexit
isalpha
putc
_ctime64
srand
_fdopen
getenv
atoi
atol
__crtUnhandledException
strerror
_localtime64
ungetc
_close
vsprintf
_malloc_crt
malloc
__crtTerminateProcess
fread
strtok_s
abort
fprintf
isdigit
_amsg_exit
iscntrl
_errno
_utime64
fseek
_get_osfhandle
rewind
_unlock
strpbrk
isgraph
_getch
__crtCapturePreviousContext
_rmdir
__iob_func
_chsize
_calloc_crt
__CppXcptFilter
InitializeSecurityContextA
AcquireCredentialsHandleA
EnumerateSecurityPackagesA
DeleteSecurityContext
FreeContextBuffer
DecryptMessage
QueryContextAttributesA
EncryptMessage
FreeCredentialsHandle
timeSetEvent
timeBeginPeriod
getaddrinfo
htonl
ioctlsocket
WSAStartup
WSACleanup
freeaddrinfo
WSAWaitForMultipleEvents
getsockname
htons
getnameinfo
select
gethostname
closesocket
WSACloseEvent
send
ntohs
WSAGetLastError
connect
WSAEventSelect
getpeername
WSACreateEvent
recv
socket
getprotobyname
WSAEnumNetworkEvents
getservbyname
zend_ini_string_ex
add_property_string_ex
convert_to_long
_array_init
_php_stream_write
zend_hash_get_current_key_ex
_zend_hash_index_update_or_next_insert
php_check_open_basedir
php_pcre_match_impl
php_strlcpy
zend_register_list_destructors_ex
TSendMail
add_assoc_long_ex
zend_hash_internal_pointer_reset_ex
zend_fetch_resource
php_info_print_table_start
_zval_dtor_func
php_file_le_pstream
file_globals
executor_globals
_efree
zend_hash_num_elements
_php_stream_free
zend_hash_get_current_data_ex
_php_stream_open_wrapper_ex
_convert_to_string
add_assoc_zval_ex
_estrndup
zend_error
_emalloc
_safe_erealloc
GetSMErrorText
compiler_globals
add_next_index_string
zend_register_long_constant
php_info_print_table_end
ap_php_snprintf
_object_init
add_property_long_ex
zend_hash_find
zend_hash_index_find
_erealloc
_zend_list_delete
_zend_hash_add_or_update
php_info_print_table_row
spprintf
zend_hash_move_forward_ex
_safe_emalloc
add_next_index_long
ap_php_slprintf
pcre_get_compiled_regex_cache
_zval_copy_ctor_func
php_strlcat
zend_register_resource
zend_parse_parameters
php_error_docref0
php_file_le_stream
add_assoc_stringl_ex
_estrdup
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
CodeSize
386048

SubsystemVersion
6.0

Comments
Thanks to Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky

InitializedDataSize
518144

ImageVersion
0.0

ProductName
PHP

FileVersionNumber
5.6.12.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
dll

OriginalFileName
php_imap.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.6.12

URL
http://www.php.net

TimeStamp
2015:08:06 20:14:50+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
IMAP extension

ProductVersion
5.6.12

FileDescription
IMAP

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright 1997-2014 The PHP Group

MachineType
AMD AMD64

CompanyName
The PHP Group

LegalTrademarks
PHP

FileSubtype
0

ProductVersionNumber
5.6.12.0

EntryPoint
0x54fdc

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 ccc777817d9e71487d8c451406831495
SHA1 86751864de394868c15f7737d6361c290b4202bd
SHA256 1c42fc1d3434fe6cc8d027239a09aea79fe49003991b295bfdfbd79ba642d431
ssdeep
12288:rFVlg8tpyJY+0+3hl+WYteQNiBz+9SDssfpBznLCSZw2BUGGm:9dtpyJY+0+L+WYgQNiBzj5fjznDBOm

authentihash d3b9019944f0110a0594948a19b04d14b285bd547f481c78ae98ad2ba19858c4
imphash fc51b9b53a4e58d7886b1a417cad6e96
File size 884.0 KB ( 905216 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2015-08-07 06:03:56 UTC ( 3 years, 9 months ago )
Last submission 2015-08-07 06:03:56 UTC ( 3 years, 9 months ago )
File names IMAP extension
php_imap.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!