× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 419f47a07629b0ff2e575229b96916b282b0dfa60ea42099df8225ede2b563fb
File name: php_ldap.dll
Detection ratio: 0 / 53
Analysis date: 2016-08-05 19:18:04 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20160805
AegisLab 20160805
AhnLab-V3 20160805
Alibaba 20160805
ALYac 20160805
Antiy-AVL 20160805
Arcabit 20160805
Avast 20160805
AVG 20160805
Avira (no cloud) 20160805
AVware 20160805
Baidu 20160805
BitDefender 20160805
Bkav 20160805
CAT-QuickHeal 20160805
ClamAV 20160805
CMC 20160804
Comodo 20160805
Cyren 20160805
DrWeb 20160805
Emsisoft 20160805
ESET-NOD32 20160805
F-Prot 20160805
F-Secure 20160805
Fortinet 20160805
GData 20160805
Ikarus 20160805
Jiangmin 20160805
K7AntiVirus 20160805
K7GW 20160805
Kaspersky 20160805
Kingsoft 20160805
Malwarebytes 20160805
McAfee 20160805
McAfee-GW-Edition 20160805
Microsoft 20160805
eScan 20160805
NANO-Antivirus 20160805
nProtect 20160805
Panda 20160805
Qihoo-360 20160805
Sophos AV 20160805
SUPERAntiSpyware 20160805
Symantec 20160805
Tencent 20160805
TheHacker 20160804
TrendMicro 20160805
TrendMicro-HouseCall 20160805
VBA32 20160805
VIPRE 20160805
ViRobot 20160805
Zillya 20160805
Zoner 20160805
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2014 The PHP Group

Product PHP
Original name php_ldap.dll
Internal name LDAP extension
File version 5.6.8
Description LDAP
Comments Thanks to Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-15 22:16:28
Entry Point 0x00019DAB
Number of sections 5
PE sections
PE imports
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
IsProcessorFeaturePresent
GetCurrentThreadId
DecodePointer
Ord(2023)
Ord(298)
Ord(2291)
Ord(129)
Ord(648)
Ord(66)
Ord(3686)
Ord(356)
Ord(3846)
Ord(204)
Ord(1653)
Ord(2596)
Ord(576)
Ord(2254)
Ord(1182)
Ord(2075)
Ord(566)
Ord(78)
Ord(510)
Ord(484)
Ord(657)
Ord(486)
Ord(395)
Ord(578)
Ord(1016)
Ord(653)
Ord(467)
Ord(1216)
Ord(248)
Ord(649)
Ord(254)
Ord(1654)
Ord(1238)
Ord(82)
Ord(362)
Ord(585)
Ord(224)
Ord(680)
Ord(206)
Ord(1882)
Ord(641)
Ord(176)
Ord(181)
Ord(161)
Ord(866)
Ord(470)
Ord(228)
Ord(1017)
Ord(2253)
Ord(150)
Ord(1015)
Ord(466)
Ord(3823)
_malloc_crt
__sys_nerr
malloc
realloc
__crtTerminateProcess
memset
fclose
_time64
__dllonexit
_stricmp
isdigit
isprint
fprintf
strtoul
fgets
fflush
fopen
__clean_type_info_names_internal
_amsg_exit
strtol
isalnum
_errno
strncmp
_lock
qsort
_onexit
fputs
__sys_errlist
strncpy
strrchr
_ctime64
_initterm_e
isspace
_close
strchr
_unlock
_crt_debugger_hook
free
getenv
sprintf
_except_handler4_common
atoi
calloc
_write
memcpy
__crtUnhandledException
_snprintf
_vsnprintf
memmove
_read
__iob_func
_calloc_crt
_wassert
__CppXcptFilter
_strnicmp
_initterm
strcmp
memchr
Ord(48)
Ord(231)
Ord(12)
Ord(58)
Ord(83)
Ord(111)
Ord(142)
Ord(74)
Ord(180)
Ord(78)
Ord(30)
Ord(40)
Ord(127)
Ord(35)
Ord(157)
Ord(75)
Ord(49)
Ord(24)
Ord(77)
Ord(61)
Ord(141)
Ord(6)
Ord(98)
Ord(15)
Ord(96)
Ord(177)
Ord(176)
Ord(43)
Ord(286)
Ord(183)
Ord(128)
Ord(38)
Ord(21)
Ord(108)
Ord(16)
Ord(73)
Ord(8)
htonl
ioctlsocket
WSAStartup
connect
shutdown
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
recv
inet_addr
send
select
gethostbyaddr
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
closesocket
setsockopt
socket
inet_ntoa
sasl_getprop
sasl_decode
sasl_global_listmech
sasl_client_start
sasl_client_init
sasl_encode
sasl_version
sasl_errstring
sasl_dispose
sasl_errdetail
sasl_client_new
sasl_client_step
sasl_setprop
zend_hash_get_current_key_ex
_array_init
add_next_index_zval
zend_register_ini_entries
_zend_hash_index_update_or_next_insert
zend_unregister_ini_entries
zend_hash_get_current_key_type_ex
zend_register_list_destructors_ex
add_assoc_long_ex
_ecalloc
zend_fetch_resource
php_info_print_table_start
_zval_dtor_func
add_index_stringl
executor_globals
_efree
zend_hash_num_elements
_estrndup
convert_to_boolean
_convert_to_string
add_index_string
zend_register_string_constant
_emalloc
ap_php_snprintf
compiler_globals
add_next_index_string
zend_register_long_constant
display_link_numbers
display_ini_entries
php_info_print_table_end
add_assoc_string_ex
add_assoc_bool_ex
add_next_index_bool
zend_hash_exists
zend_hash_find
zend_hash_index_find
_zend_list_delete
_zend_hash_add_or_update
php_info_print_table_row
_zend_list_addref
OnUpdateLong
zend_hash_move_forward_ex
_safe_emalloc
_estrdup
convert_to_long
_zval_copy_ctor_func
add_next_index_stringl
zend_hash_get_current_data_ex
zend_register_resource
zend_parse_parameters
php_error_docref0
add_assoc_stringl_ex
php_strtolower
zend_hash_internal_pointer_reset_ex
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
PHP

SubsystemVersion
6.0

Comments
Thanks to Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.8.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LDAP

CharacterSet
Unicode

InitializedDataSize
56320

EntryPoint
0x19dab

OriginalFileName
php_ldap.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2014 The PHP Group

FileVersion
5.6.8

URL
http://www.php.net

TimeStamp
2015:04:15 23:16:28+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
LDAP extension

ProductVersion
5.6.8

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The PHP Group

CodeSize
123392

ProductName
PHP

ProductVersionNumber
5.6.8.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 0ed851b3c7f2dcd49e11528c805d5192
SHA1 cf55d20dd03a255a69106827dd288c575f83052a
SHA256 419f47a07629b0ff2e575229b96916b282b0dfa60ea42099df8225ede2b563fb
ssdeep
3072:dt1uKlI6JJXhBpQPmf3rl75U75o+E+2NgTMpKKuJ/8NxgITeGut5LGJPDSIRrcFY:hTl3JJXhBpRfZ75U7C9+2qMruJD5MSI0

authentihash a5f8f4f099dab6460663b7c004f18c897ebc8037793cff6ba377212e6cdfc944
imphash 85db68cf26061fda8aea1d7d4cd4347b
File size 175.5 KB ( 179712 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll

VirusTotal metadata
First submission 2015-04-16 06:12:26 UTC ( 4 years, 1 month ago )
Last submission 2016-08-05 19:18:04 UTC ( 2 years, 9 months ago )
File names LDAP extension
php_ldap.dll
php_ldap.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!