× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36889a7e9a965e69a9d2652aca3c6390b5e469050c47e935c4b811f476102213
File name: vti-rescan
Detection ratio: 4 / 47
Analysis date: 2013-11-11 21:28:49 UTC ( 5 months, 1 week ago )
Antivirus Result Update
McAfee Artemis!355F728FAE74 20131111
McAfee-GW-Edition Artemis!355F728FAE74 20131111
Panda Suspicious file 20131111
Symantec Downloader 20131111
AVG 20131111
Agnitum 20131111
AhnLab-V3 20131111
AntiVir 20131111
Antiy-AVL 20131111
Avast 20131111
Baidu-International 20131111
BitDefender 20131111
Bkav 20131111
ByteHero 20131111
CAT-QuickHeal 20131111
ClamAV 20131111
Commtouch 20131111
Comodo 20131111
DrWeb 20131111
ESET-NOD32 20131111
Emsisoft 20131111
F-Prot 20131111
F-Secure 20131111
Fortinet 20131111
GData 20131111
Ikarus 20131111
Jiangmin 20131111
K7AntiVirus 20131111
K7GW 20131111
Kaspersky 20131111
Kingsoft 20130829
Malwarebytes 20131111
MicroWorld-eScan 20131111
Microsoft 20131111
NANO-Antivirus 20131111
Norman 20131111
Rising 20131111
SUPERAntiSpyware 20131111
Sophos 20131111
TheHacker 20131111
TotalDefense 20131108
TrendMicro 20131111
TrendMicro-HouseCall 20131111
VBA32 20131111
VIPRE 20131111
ViRobot 20131111
nProtect 20131111
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright Microsoft Corporation.

Publisher Bit9
Product Microsoft Drivers for PHP for SQL Server
Original name php_sqlsrv.dll
Internal name php_sqlsrv.dll
File version 3.0.1.0
Description Microsoft Drivers for PHP for SQL Server (SQLSRV Driver)
Comments This product includes PHP software that is freely available from http://www.php.net/software/. © 1997-2009 The PHP Group. All rights reserved.
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] Bit9
Status A certificate was explicitly revoked by its issuer.
Valid from 1:00 AM 1/27/2012
Valid to 12:59 AM 5/26/2013
Valid usage Code Signing
Algorithm SHA1
Thumbrint FBC678AA0F8246551D5595F34C3FF3374B86D38A
Serial number 7C C1 DB 2A D0 A2 90 A4 BF E7 A5 F3 36 D6 80 0C
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Valid from 1:00 AM 9/30/2010
Valid to 12:59 AM 1/2/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 14FCF0BB187D563B568EEA5FC888A53D288698D6
Serial number 4D 62 90 E5 8C 54 F0 F1 EB 17 34 1A 13 10 E6 A4
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] Certum Time-Stamping Authority
Status Valid
Valid from 1:58 PM 3/3/2009
Valid to 1:58 PM 3/3/2024
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 0D2CF962FB4D042F2F1401DE66EACBA80DA76112
Serial number 04 7A 55
[+] Certum
Status Valid
Valid from 11:46 AM 6/11/2002
Valid to 11:46 AM 6/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm SHA1
Thumbrint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-25 15:56:11
Entry Point 0x00018ECD
Number of sections 5
PE sections
PE imports
GetLastError
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
WideCharToMultiByte
GetSystemInfo
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
FormatMessageA
GetSystemTimeAsFileTime
GetVersionExA
MultiByteToWideChar
Sleep
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcessId
SetLastError
?get@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHAAN@Z
?_Incref@facet@locale@std@@QAEXXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1locale@std@@QAE@XZ
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHAAJ@Z
?id@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@QAEPAV123@XZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1_Lockit@std@@QAE@XZ
?id@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?_Id_cnt@id@locale@std@@0HA
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?get@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHAAN@Z
?put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DN@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?put@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WJ@Z
?id@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
?get@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHAAJ@Z
?put@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DJ@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?put@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WN@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
_purecall
strncmp
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
?what@exception@std@@UBEPBDXZ
memset
malloc
__dllonexit
_stricmp
?terminate@@YAXXZ
abort
fprintf
_invalid_parameter_noinfo
__clean_type_info_names_internal
_amsg_exit
??1bad_cast@std@@UAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_errno
??2@YAPAXI@Z
_lock
_onexit
exit
_crt_debugger_hook
_encode_pointer
strcpy_s
_decode_pointer
isspace
_CxxThrowException
memmove_s
_unlock
_adjust_fdiv
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
atoi
atol
sprintf_s
memcpy
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1exception@std@@UAE@XZ
_initterm_e
_set_errno
floor
??0exception@std@@QAE@ABQBD@Z
_malloc_crt
_encoded_null
__CppXcptFilter
_strnicmp
??0exception@std@@QAE@XZ
_initterm
Ord(48)
Ord(76)
Ord(111)
Ord(136)
Ord(5)
Ord(18)
Ord(24)
Ord(11)
Ord(39)
Ord(20)
Ord(31)
Ord(72)
Ord(119)
Ord(16)
Ord(9)
Ord(75)
Ord(49)
Ord(61)
Ord(141)
Ord(12)
Ord(43)
Ord(45)
Ord(8)
Ord(30)
Ord(29)
Ord(35)
Ord(27)
add_next_index_zval
php_register_url_stream_wrapper
zend_error
php_stream_wrapper_log_error
zend_register_ini_entries
add_index_zval
zend_unregister_ini_entries
zend_hash_get_current_key_type_ex
zend_register_list_destructors_ex
zend_ini_long
add_assoc_long_ex
zend_hash_internal_pointer_reset_ex
_php_stream_read
zend_fetch_resource
php_info_print_table_start
php_file_le_pstream
zval_used_for_init
executor_globals_id
zval_add_ref
zend_hash_num_elements
ts_resource_ex
_estrndup
zend_get_class_entry
_php_stream_free
convert_to_boolean
zend_call_function
_convert_to_string
ts_allocate_id
add_assoc_zval_ex
zend_register_string_constant
_php_stream_open_wrapper_ex
OnUpdateBool
php_info_print_table_header
_zend_hash_init
zend_hash_internal_pointer_end_ex
_array_init
zend_is_true
zend_register_long_constant
_zend_hash_index_update_or_next_insert
zend_str_tolower
display_ini_entries
php_info_print_table_end
zend_hash_next_free_element
_php_stream_eof
add_assoc_string_ex
_efree
zend_hash_clean
zend_hash_destroy
zend_hash_index_find
php_unregister_url_stream_wrapper
zend_hash_get_current_data_ex
convert_to_double
_zval_ptr_dtor
zend_hash_index_exists
call_user_function
zend_hash_del_key_or_index
_erealloc
OnUpdateLong
zend_ini_boolean_displayer_cb
zend_hash_move_forward_ex
add_next_index_long
php_log_err
zend_hash_apply
convert_to_long
zend_hash_get_current_key_ex
zend_lookup_class
_object_and_properties_init
_zend_list_find
_php_stream_alloc
zend_register_resource
zend_parse_parameters
add_assoc_null_ex
zend_merge_properties
php_file_le_stream
_emalloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
5.0

Comments
This product includes PHP software that is freely available from http://www.php.net/software/. 1997-2009 The PHP Group. All rights reserved.

InitializedDataSize
61440

ImageVersion
5.4

FileSubtype
0

FileVersionNumber
3.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Drivers for PHP for SQL Server (SQLSRV Driver)

CharacterSet
Unicode

LinkerVersion
9.0

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation.

FileVersion
3.0.1.0

URL
http://www.microsoft.com

TimeStamp
2012:07:25 16:56:11+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
php_sqlsrv.dll

ProductVersion
3.0.1

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
php_sqlsrv.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corp.

CodeSize
103936

ProductName
Microsoft Drivers for PHP for SQL Server

ProductVersionNumber
3.0.1.0

EntryPoint
0x18ecd

ObjectFileType
Dynamic link library

File identification
MD5 355f728fae741bc21f82809f57a4b4d5
SHA1 460492435a3a0e81cbc12e280fb07d6a039b8774
SHA256 36889a7e9a965e69a9d2652aca3c6390b5e469050c47e935c4b811f476102213
ssdeep
3072:ItR36A4UtjDqs9lYlK0HUHgkyyLQWckyIFPoIBHoKKH/OyZ29UH:8KA4oj7lnLZ+gFPLHoKKH/OyZsUH

File size 167.3 KB ( 171344 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-02-14 15:11:28 UTC ( 1 year, 2 months ago )
Last submission 2013-11-11 21:28:49 UTC ( 5 months, 1 week ago )
File names vti-rescan
php_sqlsrv.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!