× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
File name: _iscrypt.dll
Detection ratio: 0 / 54
Analysis date: 2015-11-24 15:20:03 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151124
AegisLab 20151124
Yandex 20151123
AhnLab-V3 20151124
Alibaba 20151124
ALYac 20151124
Antiy-AVL 20151124
Arcabit 20151124
Avast 20151124
AVG 20151124
Avira (no cloud) 20151124
AVware 20151124
Baidu-International 20151124
BitDefender 20151124
Bkav 20151124
ByteHero 20151124
CAT-QuickHeal 20151124
ClamAV 20151124
CMC 20151124
Comodo 20151124
Cyren 20151124
DrWeb 20151124
ESET-NOD32 20151124
F-Prot 20151124
F-Secure 20151124
Fortinet 20151124
GData 20151124
Ikarus 20151124
Jiangmin 20151123
K7AntiVirus 20151124
K7GW 20151124
Kaspersky 20151124
Malwarebytes 20151124
McAfee 20151124
McAfee-GW-Edition 20151124
Microsoft 20151124
eScan 20151124
NANO-Antivirus 20151124
nProtect 20151124
Panda 20151124
Qihoo-360 20151124
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151124
Symantec 20151123
Tencent 20151124
TheHacker 20151121
TrendMicro 20151124
TrendMicro-HouseCall 20151124
VBA32 20151124
VIPRE 20151124
ViRobot 20151124
Zillya 20151123
Zoner 20151124
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-23 18:39:37
Entry Point 0x000011E0
Number of sections 3
PE sections
PE imports
DisableThreadLibraryCalls
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:04:23 19:39:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
512

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
1024

SubsystemVersion
4.0

EntryPoint
0x11e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
ssdeep
24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG

authentihash a3a51f75ec6e9c9e8b2cefb43eb0fb0db5cbf726238c81f8a529e8a369faa383
imphash 6c8408bb5d7d5a5b75b9314f94e68763
File size 2.5 KB ( 2560 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2008-10-18 02:09:58 UTC ( 8 years, 10 months ago )
Last submission 2017-08-11 12:26:54 UTC ( 1 week, 1 day ago )
File names _iscrypt.dll.2463947571.DROPPED
_iscrypt.dll
_iscrypt.dll
2f6294f9aa09f59a__iscrypt.dll
_iscrypt_BC8F404FFDB1960B50C12FF9413C893B56F2E36F.dll
ISCrypt.dll
34898-4
Decrypt.dll
iscrypt.dll
_iscrypt.dll
is-n6515.tmp
smona132204155904664293435
output.15237486.txt
smona131663558005245733383
_iscrypt.dll
ISCrypt.dll
smona132552770935119363483
file-3302229_dll
smona_2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc.bin
A69559718AB506675E907FE49DEB71E9
ISCrypt.dll
is-np27e.tmp
is-6oqep.tmp
_iscrypt
_iscrypt.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!