× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48e5f6ddd26c54a8ac2243771fdd4ad348d59c6012411df83db57908fcf2fd97
File name: qtiff4.dll_dip_staged
Detection ratio: 0 / 47
Analysis date: 2013-10-12 17:44:34 UTC ( 5 years, 5 months ago )
Antivirus Result Update
Yandex 20131012
AhnLab-V3 20131012
AntiVir 20131012
Antiy-AVL 20131012
Avast 20131012
AVG 20131012
Baidu-International 20131012
BitDefender 20131012
Bkav 20131012
ByteHero 20130925
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch 20131012
Comodo 20131012
DrWeb 20131012
Emsisoft 20131012
ESET-NOD32 20131012
F-Prot 20131012
Fortinet 20131012
GData 20131012
Ikarus 20131012
Jiangmin 20131012
K7AntiVirus 20131011
K7GW 20131011
Kaspersky 20131012
Kingsoft 20130829
Malwarebytes 20131012
McAfee 20131012
McAfee-GW-Edition 20131012
Microsoft 20131012
eScan 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda 20131012
PCTools 20131002
Rising 20131012
Sophos AV 20131012
SUPERAntiSpyware 20131012
Symantec 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro 20131012
TrendMicro-HouseCall 20131012
VBA32 20131011
VIPRE 20131012
ViRobot 20131012
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies).

Publisher Nokia Corporation and/or its subsidiary(-ies)
Product Qt4
Original name qtiff4.dll
File version 4.8.2.0
Description C++ application development framework.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-14 19:58:18
Entry Point 0x00027851
Number of sections 5
PE sections
PE imports
GetSystemTimeAsFileTime
GlobalFree
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
GlobalSize
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
InterlockedCompareExchange
CreateFileMappingW
WideCharToMultiByte
MapViewOfFile
SetFilePointer
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
UnmapViewOfFile
CreateFileW
GlobalAlloc
Sleep
CreateFileA
EncodePointer
GetCurrentThreadId
GetFileSize
_malloc_crt
rand
_lfind
_CIatan2
memset
__dllonexit
isprint
fprintf
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
floor
??2@YAPAXI@Z
strncmp
_lock
qsort
_onexit
fputs
sprintf
_wassert
_initterm_e
free
strchr
_CxxThrowException
fputc
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
_CIsqrt
_CIlog
_except_handler4_common
vfprintf
memcpy
memmove
__CxxFrameHandler3
__iob_func
_CIpow
_CIexp
_encoded_null
bsearch
__CppXcptFilter
_initterm
?isWritable@QIODevice@@QBE_NXZ
?fromRawData@QByteArray@@SA?AV1@PBDH@Z
?write@QIODevice@@QAE_JPBD_J@Z
inflateEnd
?qBadAlloc@@YAXXZ
?detach@QListData@@QAEPAUData@1@H@Z
deflateReset
?peek@QIODevice@@QAE?AVQByteArray@@_J@Z
?qstrcmp@@YAHABVQByteArray@@PBD@Z
deflateInit_
?read@QIODevice@@QAE_JPAD_J@Z
?append@QListData@@QAEPAPAXXZ
inflateSync
inflateReset
??1QByteArray@@QAE@XZ
?free@QString@@CAXPAUData@1@@Z
?reallocate@QVectorData@@SAPAU1@PAU1@HHH@Z
deflateParams
?qWarning@@YAXPBDZZ
inflateInit_
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
deflateEnd
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?removeGuard@QMetaObject@@SAXPAPAVQObject@@@Z
inflate
?fromLatin1_helper@QString@@CAPAUData@1@PBDH@Z
?allocate@QVectorData@@SAPAU1@HH@Z
??0QByteArray@@QAE@PBD@Z
?connectNotify@QObject@@MAEXPBD@Z
??1QString@@QAE@XZ
?shared_null@QListData@@2UData@1@A
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?isOpen@QIODevice@@QBE_NXZ
??0QVariant@@QAE@H@Z
deflate
?free@QVectorData@@SAXPAU1@H@Z
??0QString@@QAE@ABV0@@Z
?type@QVariant@@QBE?AW4Type@1@XZ
?qMemSet@@YAPAXPAXHI@Z
??0QVariant@@QAE@XZ
?changeGuard@QMetaObject@@SAXPAPAVQObject@@PAV2@@Z
?qFree@@YAXPAX@Z
?qMalloc@@YAPAXI@Z
??0QVariant@@QAE@ABVQSize@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?toInt@QVariant@@QBEHPA_N@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?isReadable@QIODevice@@QBE_NXZ
?disconnectNotify@QObject@@MAEXPBD@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
??4QImage@@QAEAAV0@ABV0@@Z
?metaObject@QImageIOPlugin@@UBEPBUQMetaObject@@XZ
?jumpToImage@QImageIOHandler@@UAE_NH@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?transformed@QImage@@QBE?AV1@ABVQMatrix@@W4TransformationMode@Qt@@@Z
?logicalDpiY@QPaintDevice@@QBEHXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
?dotsPerMeterX@QImage@@QBEHXZ
??1QImageIOHandler@@UAE@XZ
?copy@QImage@@QBE?AV1@HHHH@Z
??0QMatrix@@QAE@XZ
?logicalDpiX@QPaintDevice@@QBEHXZ
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?width@QImage@@QBEHXZ
?dotsPerMeterY@QImage@@QBEHXZ
?size@QImage@@QBE?AVQSize@@XZ
?format@QImage@@QBE?AW4Format@1@XZ
?currentImageNumber@QImageIOHandler@@UBEHXZ
??1QImage@@UAE@XZ
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?jumpToNextImage@QImageIOHandler@@UAE_NXZ
?imageCount@QImageIOHandler@@UBEHXZ
?convertToFormat@QImage@@QBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
??0QImageIOHandler@@QAE@XZ
?setColorTable@QImage@@QAEXV?$QVector@I@@@Z
?setDotsPerMeterY@QImage@@QAEXH@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
?scanLine@QImage@@QAEPAEH@Z
?height@QImage@@QBEHXZ
?loopCount@QImageIOHandler@@UBEHXZ
?bits@QImage@@QAEPAEXZ
?nextImageDelay@QImageIOHandler@@UBEHXZ
??1QImageIOPlugin@@UAE@XZ
?mirrored@QImage@@QBE?AV1@_N0@Z
?colorTable@QImage@@QBE?AV?$QVector@I@@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?setDotsPerMeterX@QImage@@QAEXH@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?isNull@QImage@@QBE_NXZ
?rotate@QMatrix@@QAEAAV1@N@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
??0QImage@@QAE@HHW4Format@0@@Z
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
4.82

FileSubtype
0

FileVersionNumber
4.8.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151040

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.8.2.0

TimeStamp
2013:02:14 20:58:18+01:00

FileType
Win32 DLL

PEType
PE32

FileDescription
C++ application development framework.

OSVersion
5.1

OriginalFilename
qtiff4.dll

LegalCopyright
Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies).

MachineType
Intel 386 or later, and compatibles

CompanyName
Nokia Corporation and/or its subsidiary(-ies)

CodeSize
160256

ProductName
Qt4

ProductVersionNumber
4.8.2.0

EntryPoint
0x27851

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 24e6286b79bcad0c089c82b0e627d93d
SHA1 49de59abe1ca47383d9d58ab26c7b22cfc50946b
SHA256 48e5f6ddd26c54a8ac2243771fdd4ad348d59c6012411df83db57908fcf2fd97
ssdeep
6144:DtxfqDiJUnTQR2PyHhjPlPGPSQYU4I3tdMIZTOf4X+J:DtxfqWJUnTm26Pl+PhYU4D

File size 305.0 KB ( 312320 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-10-12 17:44:34 UTC ( 5 years, 5 months ago )
Last submission 2013-10-12 17:44:34 UTC ( 5 years, 5 months ago )
File names qtiff4.dll_dip_staged
qtiff4.dll
qtiff4.dll
qtiff4.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!