× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bebb3e26d3528d7b1f435e54a8e0f0a833d9e3b947e8cd0cb1fecfba22148b5
File name: libxml_plugin.dll
Detection ratio: 1 / 67
Analysis date: 2019-05-09 02:55:14 UTC ( 1 week, 5 days ago )
Antivirus Result Update
TheHacker Trojan/Boaxxe.bb 20190506
Acronis 20190504
Ad-Aware 20190509
AegisLab 20190509
AhnLab-V3 20190508
Alibaba 20190426
ALYac 20190509
Antiy-AVL 20190509
Arcabit 20190509
Avast 20190509
Avast-Mobile 20190508
AVG 20190509
Avira (no cloud) 20190509
Babable 20190424
Baidu 20190318
BitDefender 20190509
Bkav 20190508
CAT-QuickHeal 20190507
CMC 20190321
Comodo 20190509
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cyren 20190509
DrWeb 20190509
eGambit 20190509
Emsisoft 20190509
Endgame 20190403
ESET-NOD32 20190509
F-Prot 20190509
F-Secure 20190509
FireEye 20190509
Fortinet 20190509
GData 20190509
Sophos ML 20190313
Jiangmin 20190509
K7AntiVirus 20190508
K7GW 20190509
Kaspersky 20190509
Kingsoft 20190509
Malwarebytes 20190509
MAX 20190509
McAfee 20190503
McAfee-GW-Edition 20190508
Microsoft 20190509
eScan 20190509
NANO-Antivirus 20190509
Palo Alto Networks (Known Signatures) 20190509
Panda 20190508
Qihoo-360 20190509
Rising 20190509
SentinelOne (Static ML) 20190508
Sophos AV 20190509
SUPERAntiSpyware 20190507
Symantec 20190508
Symantec Mobile Insight 20190506
TACHYON 20190509
Tencent 20190509
TotalDefense 20190508
Trapmine 20190325
TrendMicro 20190510
TrendMicro-HouseCall 20190509
Trustlook 20190509
VBA32 20190504
ViRobot 20190508
Webroot 20190509
Yandex 20190501
Zillya 20190508
ZoneAlarm by Check Point 20190509
Zoner 20190508
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-13 00:13:14
Entry Point 0x000010C0
Number of sections 8
PE sections
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
TlsAlloc
VirtualProtect
GetVersionExA
DeleteCriticalSection
GetCurrentProcess
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
CreateMutexA
IsDBCSLeadByteEx
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
CloseHandle
DuplicateHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
LeaveCriticalSection
vlc_mutex_unlock
vlc_mutex_lock
stream_Read
vlc_Log
strncmp
rand
malloc
_putenv
_endthread
pow
_getcwd
_wfopen
fclose
strcat
__dllonexit
abort
fprintf
toupper
_fstat
sscanf
fflush
_commit
strlen
strncpy
wcslen
strchr
fputc
fopen
puts
_errno
fwrite
_beginthread
srand
_open
_findclose
fgetc
_strdup
memcmp
strrchr
_wstat
_filbuf
_close
fread
_fullpath
time
gmtime
free
getenv
memset
vfprintf
__lc_codepage
_write
realloc
memcpy
_stat
strpbrk
fputs
memmove
log10
_read
floor
_findnext
strcmp
_findfirst
strcpy
strspn
fmod
__mb_cur_max
localtime
_flsbuf
localeconv
memchr
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2012:12:13 01:13:14+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1048064

LinkerVersion
2.56

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x10c0

InitializedDataSize
1236480

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
6656

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 d81b7b88a73701310c227d841580e9ab
SHA1 12da2a273fd007b2361207a0a10889bd76167321
SHA256 4bebb3e26d3528d7b1f435e54a8e0f0a833d9e3b947e8cd0cb1fecfba22148b5
ssdeep
24576:vuBZWIEYJgRtmf9//pfTjjdRkl/N+fjAx/vH:oKto9npHjdRsN+rAx/f

authentihash 7c447ed8186bbaddc919691cc9fbe64b6086eab34753bfddbc0d76bb348d40a8
imphash ba96f9a191e5e3b4168c51d22dacf382
File size 1.2 MB ( 1238016 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
pedll

VirusTotal metadata
First submission 2013-01-28 13:56:51 UTC ( 6 years, 3 months ago )
Last submission 2016-12-20 19:31:52 UTC ( 2 years, 5 months ago )
File names file-5966729_dll
libxml_plugin.dll
file_VLC_57
51e791.rbf
4BEBB3E26D3528D7B1F435E54A8E0F0A833D9E3B947E8CD0CB1FECFBA22148B5
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
filA7773EE651BCC584657442ACB44AEF6E
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
libxml_plugin.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!