× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 221563c74ab95697af9d318b30e7cf5ff0cb3402577f68e8757ec0c2b7956e73
File name: F__intl
Detection ratio: 0 / 54
Analysis date: 2015-12-28 08:38:10 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware 20151224
AegisLab 20151227
Yandex 20151226
AhnLab-V3 20151228
Alibaba 20151208
Antiy-AVL 20151228
Arcabit 20151228
Avast 20151228
AVG 20151228
Avira (no cloud) 20151227
AVware 20151228
Baidu-International 20151227
BitDefender 20151228
Bkav 20151227
ByteHero 20151228
CAT-QuickHeal 20151228
ClamAV 20151228
CMC 20151217
Comodo 20151228
Cyren 20151227
DrWeb 20151228
Emsisoft 20151228
ESET-NOD32 20151228
F-Prot 20151227
F-Secure 20151228
Fortinet 20151228
GData 20151228
Ikarus 20151228
Jiangmin 20151228
K7AntiVirus 20151228
K7GW 20151228
Kaspersky 20151228
Malwarebytes 20151228
McAfee 20151228
McAfee-GW-Edition 20151228
Microsoft 20151228
eScan 20151228
NANO-Antivirus 20151228
nProtect 20151224
Panda 20151227
Rising 20151227
Sophos AV 20151228
SUPERAntiSpyware 20151228
Symantec 20151227
Tencent 20151228
TheHacker 20151228
TotalDefense 20151227
TrendMicro 20151228
TrendMicro-HouseCall 20151228
VBA32 20151225
VIPRE 20151228
ViRobot 20151228
Zillya 20151227
Zoner 20151228
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1995-2006

Publisher Stefan Kueng - Open Source Developer
Product libintl: accessing NLS message catalogs
Original name libintl3.dll
Internal name libintl3.dll
File version 0.14.6
Description LGPLed libintl for Windows NT/2000/XP and Windows 95/98/ME
Comments This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Signature verification Signed file, verified signature
Signing date 6:21 PM 8/14/2012
Signers
[+] Stefan Kueng - Open Source Developer
Status Certificate out of its validity period
Issuer None
Valid from 11:04 AM 4/12/2012
Valid to 11:04 AM 4/12/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 7A78C9BDDD0F4265DE1D558C808B640EEC186722
Serial number 42 DB 7F A9 72 36 5D 03 A6 9A 18 72 9B CC 6D FD
[+] Certum Level III CA
Status Valid
Issuer None
Valid from 1:53 PM 3/3/2009
Valid to 1:53 PM 3/3/2024
Valid usage All
Algorithm SHA1
Thumbprint 827E72353D6910A9DEC7F3D1061676E80356FD53
Serial number 04 7A 53
[+] Certum
Status Valid
Issuer None
Valid from 11:46 AM 6/11/2002
Valid to 11:46 AM 6/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm SHA1
Thumbprint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Counter signers
[+] Certum Time-Stamping Authority
Status Valid
Issuer None
Valid from 1:58 PM 3/3/2009
Valid to 1:58 PM 3/3/2024
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 0D2CF962FB4D042F2F1401DE66EACBA80DA76112
Serial number 04 7A 55
[+] Certum
Status Valid
Issuer None
Valid from 11:46 AM 6/11/2002
Valid to 11:46 AM 6/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm SHA1
Thumbrint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-14 16:45:44
Entry Point 0x00007669
Number of sections 5
PE sections
Overlays
MD5 7a273d3b6ca77e80eba6975eaf74d5e3
File type data
Offset 40960
Size 5000
Entropy 7.35
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
DecodePointer
GetCurrentProcessId
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
GetACP
EncodePointer
GetThreadLocale
strncmp
_malloc_crt
malloc
_fstat64i32
realloc
_getcwd
fclose
__dllonexit
fgets
abort
fprintf
strtoul
isdigit
fopen
feof
__clean_type_info_names_internal
_amsg_exit
raise
isalnum
_errno
fwrite
_lock
qsort
_open
_onexit
fputs
isalpha
_snprintf
sprintf
putc
_strdup
_initterm_e
isspace
_close
strchr
tolower
_unlock
_crt_debugger_hook
free
getenv
_except_handler4_common
vfprintf
memcpy
_vsnprintf
strstr
_read
__iob_func
_encoded_null
bsearch
__CppXcptFilter
_initterm
isupper
vsprintf
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

LinkerVersion
10.0

ImageVersion
0.0

ProductName
libintl: accessing NLS message catalogs

FileVersionNumber
0.14.6.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
ASCII

InitializedDataSize
11776

FileTypeExtension
dll

OriginalFileName
libintl3.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.14.6

TimeStamp
2012:08:14 17:45:44+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
libintl3.dll

ProductVersion
0.14.6

FileDescription
LGPLed libintl for Windows NT/2000/XP and Windows 95/98/ME

OSVersion
5.1

FileOS
Windows 32-bit

LegalCopyright
Copyright (C) 1995-2006

MachineType
Intel 386 or later, and compatibles

CompanyName
Free Software Foundation

CodeSize
28160

FileSubtype
0

ProductVersionNumber
0.14.6.0

EntryPoint
0x7669

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 88717f4e1f3e7c9c8a970c2dff8f47ab
SHA1 d7686f589fcac36f55a158c0e8c90f1579df5403
SHA256 221563c74ab95697af9d318b30e7cf5ff0cb3402577f68e8757ec0c2b7956e73
ssdeep
768:T/zJy7xq/gpLZ5/UHeWjP44CH72g6OuZV5KHK7sm+AOiyb2aXAdISYTb/KYIo+:DzJydqIx/UHeM44w72g1uz5KHwsUPek/

authentihash c9d373fc0d3ca98929a0ab0dcdc2fa5d23618cf22d8c8dc7ae1af0f6a7eda502
imphash e6ea5fc00635843325ddfbb0dd23f542
File size 44.9 KB ( 45960 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2012-08-16 02:57:27 UTC ( 6 years, 7 months ago )
Last submission 2012-08-16 02:57:27 UTC ( 6 years, 7 months ago )
File names libintl3.dll
intl3_tsvn32.dll
F__intl
intl3_tsvn32.dll
ECC45CD88810B872B33B00EAE7569100B030242D.dll
intl3_tsvn32.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!