× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48f7be0521aad955fbc9af57608a76d0c0222d5cf628b2448b9a04071e2d77a3
File name: SIntf32.dll
Detection ratio: 0 / 45
Analysis date: 2013-03-20 09:54:01 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Yandex 20130319
AhnLab-V3 20130319
AntiVir 20130320
Antiy-AVL 20130317
Avast 20130320
AVG 20130320
BitDefender 20130320
ByteHero 20130315
CAT-QuickHeal 20130320
ClamAV 20130320
Commtouch 20130320
Comodo 20130320
DrWeb 20130320
Emsisoft 20130320
eSafe 20130319
ESET-NOD32 20130320
F-Prot 20130320
F-Secure 20130320
Fortinet 20130320
GData 20130320
Ikarus 20130320
Jiangmin 20130320
K7AntiVirus 20130319
Kaspersky 20130320
Kingsoft 20130318
Malwarebytes 20130320
McAfee 20130320
McAfee-GW-Edition 20130320
Microsoft 20130320
eScan 20130320
NANO-Antivirus 20130320
Norman 20130320
nProtect 20130320
Panda 20130320
PCTools 20130320
Sophos AV 20130320
SUPERAntiSpyware 20130320
Symantec 20130320
TheHacker 20130320
TotalDefense 20130320
TrendMicro 20130320
TrendMicro-HouseCall 20130320
VBA32 20130319
VIPRE 20130320
ViRobot 20130320
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
F-PROT Petite
PEiD Petite v2.1 (2)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-11-22 09:16:40
Entry Point 0x0000710B
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
GlobalAlloc
wsprintfA
MessageBoxA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:11:22 10:16:40+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
12288

SubsystemVersion
4.0

EntryPoint
0x710b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 9a7a95e48e629a075c6d883d0ee524c8
SHA1 8dd7c09354a5b9396ceb5ceefb11dde9aee1f2dc
SHA256 48f7be0521aad955fbc9af57608a76d0c0222d5cf628b2448b9a04071e2d77a3
ssdeep
384:g/iwCe8zdTyBsyqAIZhgJYGRPOdhHDOjPDpFycsHni3UUj6xc:JWsyqAggJ1Od1Gzytn3xc

authentihash 3696042daa294a7459bb7f8c98e747a3d5925d3e816a0655a129e4d9d9c44dfd
imphash 48eca3f37c55a216625fd7fd27c8863c
File size 16.8 KB ( 17212 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
pedll petite

VirusTotal metadata
First submission 2006-11-30 05:54:22 UTC ( 10 years, 11 months ago )
Last submission 2017-02-20 15:06:29 UTC ( 9 months ago )
File names SIntf32.dll
SIntf32.dll
file-124215_dll
sintf32.dll
SIntf32.dll_
file-3780371_dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!