× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
File name: LangDLL.dll
Detection ratio: 0 / 40
Analysis date: 2010-05-13 14:15:19 UTC ( 3 years, 11 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20100513
AhnLab-V3 20100513
AntiVir 20100512
Antiy-AVL 20100513
Authentium 20100513
Avast 20100513
Avast5 20100513
BitDefender 20100513
CAT-QuickHeal 20100513
ClamAV 20100513
Comodo 20100513
DrWeb 20100513
F-Prot 20100513
F-Secure 20100513
Fortinet 20100513
GData 20100513
Ikarus 20100513
Jiangmin 20100513
Kaspersky 20100513
McAfee 20100513
McAfee-GW-Edition 20100513
Microsoft 20100513
NOD32 20100513
Norman 20100513
PCTools 20100513
Panda 20100512
Rising 20100513
Sophos 20100513
Sunbelt 20100513
Symantec 20100513
TheHacker 20100513
TrendMicro 20100513
TrendMicro-HouseCall 20100513
VBA32 20100513
ViRobot 20100513
VirusBuster 20100513
a-squared 20100510
eSafe 20100511
eTrust-Vet 20100513
nProtect 20100513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-06 21:41:22
Link date 10:41 PM 6/6/2009
Entry Point 0x00001596
Number of sections 5
PE sections
PE imports
GetDeviceCaps
CreateFontIndirectA
DeleteObject
GetModuleHandleA
lstrlenA
lstrcmpA
GlobalFree
GlobalAlloc
lstrcpyA
MulDiv
lstrcpynA
GetACP
SendDlgItemMessageA
SetWindowTextA
LoadIconA
EndDialog
SetDlgItemTextA
SendMessageA
DialogBoxParamA
ShowWindow
GetDC
PE exports
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:06:06 22:41:22+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2048

LinkerVersion
6.0

FileAccessDate
2014:04:25 05:25:44+01:00

EntryPoint
0x1596

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:25 05:25:44+01:00

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 a401e590877ef6c928d2a97c66157094
SHA1 75e24799cf67e789fadcc8b7fddefc72fdc4cd61
SHA256 2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
ssdeep
48:iV6sAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Joof5d2:2V11GED5ZTvycNSmwVsTJuftpZR0Ld2

imphash 9b6b6a7858e17fb0b17e1c1428330343
File size 5.5 KB ( 5632 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2009-06-11 19:34:58 UTC ( 4 years, 10 months ago )
Last submission 2014-02-21 02:10:00 UTC ( 2 months ago )
File names {e24cd60d-eef6-427a-9000-83299032f451}
{dcc1e4a6-1fca-41f6-bb0a-a85493012dbe}
{baf2af4a-b70f-471b-b64e-af2ea82f8971}
LangDLL.dll
{ceeb0f9c-4387-4b1c-b34f-80eb5b55a92d}
{ea0bb7b3-c5eb-4797-904b-dbd9d0e39a53}
{c81f3a9c-8470-41ea-87ba-fc79d5efd3fd}
vsll063r.81q
smona132541304649150332454
Troj.Agent-MJM_790331730a4e68d0efbfa0c65dfcb0a8_5632
LangDLL.dll_1
{b069fc0c-8bb0-4757-ba03-d7cbe1ffdc0a}
75e24799cf67e789fadcc8b7fddefc72fdc4cd61.bin
smona130622373284399232476
{df49cb26-e4d1-4193-a81e-4dc462f6f21a}
sample.exe
vs510m6u.g1r
{1c3eed95-84e7-495b-886a-fb83971b0ed9}
{34ddc892-2a4f-4092-aebf-11f20911d736}
{ab1755b3-555c-46bd-87d8-5a3efa96a4b2}
{92c46163-01a1-4a12-9a83-f840a3e923c4}
{af621dd3-8f28-49b8-a6a1-27d0c2150b24}
file-3705564_dll
a401e590877ef6c928d2a97c66157094
A401E590877EF6C928D2A97C66157094
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!