× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
File name: libgcc_s_dw2-1.dll
Detection ratio: 0 / 66
Analysis date: 2018-12-08 04:30:44 UTC ( 1 week, 2 days ago )
Antivirus Result Update
Ad-Aware 20181208
AegisLab 20181207
AhnLab-V3 20181207
Alibaba 20180921
Antiy-AVL 20181207
Arcabit 20181208
Avast 20181208
Avast-Mobile 20181207
AVG 20181208
Avira (no cloud) 20181208
Babable 20180918
Baidu 20181207
BitDefender 20181208
Bkav 20181206
CAT-QuickHeal 20181207
ClamAV 20181208
CMC 20181207
Comodo 20181207
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181208
Cyren 20181208
DrWeb 20181208
eGambit 20181208
Emsisoft 20181208
Endgame 20181108
ESET-NOD32 20181208
F-Prot 20181208
F-Secure 20181208
Fortinet 20181208
GData 20181208
Ikarus 20181208
Sophos ML 20181128
Jiangmin 20181208
K7AntiVirus 20181207
K7GW 20181208
Kaspersky 20181208
Kingsoft 20181208
Malwarebytes 20181208
MAX 20181208
McAfee 20181208
McAfee-GW-Edition 20181208
Microsoft 20181208
eScan 20181208
NANO-Antivirus 20181208
Palo Alto Networks (Known Signatures) 20181208
Panda 20181207
Qihoo-360 20181208
Rising 20181208
SentinelOne (Static ML) 20181011
Sophos AV 20181208
SUPERAntiSpyware 20181205
Symantec 20181208
Symantec Mobile Insight 20181207
TACHYON 20181208
Tencent 20181208
TheHacker 20181202
TotalDefense 20181207
Trapmine 20181205
TrendMicro 20181208
TrendMicro-HouseCall 20181207
Trustlook 20181208
VBA32 20181207
ViRobot 20181207
Webroot 20181208
Zillya 20181206
ZoneAlarm by Check Point 20181208
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-02 01:30:53
Entry Point 0x00001058
Number of sections 10
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
TlsAlloc
VirtualProtect
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
malloc
_errno
fwrite
__dllonexit
abort
free
vfprintf
realloc
calloc
fflush
_iob
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2011:12:02 02:30:53+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
96768

LinkerVersion
2.21

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, No debug, DLL

EntryPoint
0x1058

InitializedDataSize
117760

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 000abdf5d3e31514801b44b954e1cf91
SHA1 89ebff9d7806e8550adde0ce111733909a205a5d
SHA256 63843b68b9887080c6d6abe74abd4382312c2082d92b5f527ba13fd90ea5c956
ssdeep
3072:ou768hn2xXOjzXa6VhSlmBuqwNKvp7Ag9MSspV:H766sXOjzV+lmBZwNKvp7AwM

authentihash 116bb6b14630fba9ebf462523a7794aa7fce1582d76ce73938c54e51a6d80cb6
imphash be24466d210a5d342c48b1c5ea8928aa
File size 116.0 KB ( 118784 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll

VirusTotal metadata
First submission 2012-01-11 14:52:41 UTC ( 6 years, 11 months ago )
Last submission 2018-12-08 04:30:44 UTC ( 1 week, 2 days ago )
File names 86.tmp
sbs_ve_ambr_20160129083219.577_ 64131
sbs_ve_ambr_20160018092108.228_ 170417
sbs_ve_ambr_20151017231515.667_ 332380
is-1jjli.tmp
sbs_ve_ambr_20160111215905.593_ 201037
sbs_ve_ambr_20151127215829.649_ 262393
AdbWinApi.dll
sbs_ve_ambr_20160302083329.427_ 286279
sbs_ve_ambr_20151108215459.573_ 262390
sbs_ve_ambr_20151101215422.365_ 170097
sbs_ve_ambr_20160124182418.503_ 344799
sbs_ve_ambr_20150815223141.239_ 317671
sbs_ve_ambr_20160102224333.780_ 322267
42.tmp
229.tmp
sbs_ve_ambr_20150911215714.786_ 373794
sbs_ve_ambr_20160121214024.763_ 199954
sbs_ve_ambr_20160015004629.406_ 184585
sbs_ve_ambr_20160128213833.581_ 213992
sbs_ve_ambr_20150910170555.841_ 339262
sbs_ve_ambr_20151108220908.594_ 323828
libgcc_s_dw2-1.dll
is-ri3fr.tmp
sbs_ve_ambr_20150915220115.432_ 138774
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!