× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 65b2922def343ec143945d049009aa002180ff71a09ec316a425538c23cdbf1a
File name: dinput8.dll
Detection ratio: 0 / 56
Analysis date: 2016-03-19 18:41:37 UTC ( 8 months, 3 weeks ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
ALYac 20160319
AVG 20160319
AVware 20160319
Ad-Aware 20160319
AegisLab 20160319
Yandex 20160316
AhnLab-V3 20160319
Alibaba 20160318
Antiy-AVL 20160319
Arcabit 20160319
Avast 20160319
Avira (no cloud) 20160319
Baidu 20160318
Baidu-International 20160319
BitDefender 20160319
Bkav 20160319
ByteHero 20160319
CAT-QuickHeal 20160319
CMC 20160316
ClamAV 20160319
Comodo 20160319
Cyren 20160319
DrWeb 20160319
ESET-NOD32 20160319
Emsisoft 20160319
F-Prot 20160319
F-Secure 20160319
Fortinet 20160319
GData 20160319
Ikarus 20160319
Jiangmin 20160319
K7AntiVirus 20160319
K7GW 20160319
Kaspersky 20160319
Malwarebytes 20160319
McAfee 20160319
McAfee-GW-Edition 20160319
eScan 20160319
Microsoft 20160319
NANO-Antivirus 20160319
Panda 20160319
Qihoo-360 20160319
Rising 20160319
SUPERAntiSpyware 20160319
Sophos 20160319
Symantec 20160319
Tencent 20160319
TheHacker 20160319
TrendMicro 20160319
TrendMicro-HouseCall 20160319
VBA32 20160318
VIPRE 20160319
ViRobot 20160319
Zillya 20160318
Zoner 20160319
nProtect 20160318
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-16 07:11:40
Entry Point 0x000039E7
Number of sections 5
PE sections
PE imports
[+] KERNEL32.dll
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
SetHandleCount
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetConsoleMode
FreeEnvironmentStringsW
GetCurrentProcessId
LCMapStringW
OpenProcess
WriteConsoleW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
ReadProcessMemory
GetCommandLineA
GetProcAddress
VirtualProtectEx
HeapDestroy
SetStdHandle
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetConsoleOutputCP
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
OutputDebugStringA
GetOEMCP
TerminateProcess
GetModuleFileNameA
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
[+] USER32.dll
GetWindowThreadProcessId
FindWindowA
SetWindowTextA
GetParent
GetWindow
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2009:01:16 08:11:40+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
60928

LinkerVersion
9.0

EntryPoint
0x39e7

InitializedDataSize
26112

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 bc4e79380d7c60eef9bc71a9ad62bc17
SHA1 925825e0d08cb9a7aaf286583e493621a5d260c7
SHA256 65b2922def343ec143945d049009aa002180ff71a09ec316a425538c23cdbf1a
ssdeep
1536:e+MSfFiD+GogJSCVHnM7OvNlkkL8Ic5eX:eOEKgJTh8Ic5e

authentihash 4d46461ba15bf2ea71aa6d475ada62fa0e6f82475b8c5a1ce5f5b422fbe9500e
imphash ab8ef4ad4e59af4ca2da78c2fa5ce5d5
File size 86.0 KB ( 88064 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2009-03-17 05:03:07 UTC ( 7 years, 9 months ago )
Last submission 2016-11-20 15:25:20 UTC ( 3 weeks, 1 day ago )
File names smona131698146611656106277
smona132053918234238602822
smona131688954794559509171
smona131363182564099273849
smona131828387020249681405
smona131938160074374258905
smona131388744051284809167
smona131320815895380681415
dinput8.dll
mando.dll
smona131095180501639448431
smona131195560989144121198
dinput8.dll
smona131734374271026836635
file-3075055_dll
smona131051023620816169004
smona132171601862455955877
bc4e79380d7c60eef9bc71a9ad62bc17
smona132052345688948921808
smona130887360804190365162
smona131396072055997833473
smona131020529785441542952
smona131619950689789920515
smona131886138275564386341
smona130695783135104598318
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy