× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6674fa428c32382c9118a14e9df9c1731fb6f143b37a0b049fd147057b8e3cc3
File name: pdf.dll
Detection ratio: 0 / 56
Analysis date: 2016-03-15 09:29:58 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware 20160315
AegisLab 20160315
Yandex 20160314
AhnLab-V3 20160314
Alibaba 20160315
ALYac 20160315
Antiy-AVL 20160315
Arcabit 20160315
Avast 20160315
AVG 20160315
Avira (no cloud) 20160315
AVware 20160315
Baidu 20160314
Baidu-International 20160315
BitDefender 20160315
Bkav 20160312
ByteHero 20160315
CAT-QuickHeal 20160314
ClamAV 20160311
CMC 20160314
Comodo 20160315
Cyren 20160315
DrWeb 20160315
ESET-NOD32 20160315
F-Prot 20160315
F-Secure 20160315
Fortinet 20160315
GData 20160315
Ikarus 20160315
Jiangmin 20160315
K7AntiVirus 20160315
K7GW 20160315
Kaspersky 20160315
Malwarebytes 20160315
McAfee 20160315
McAfee-GW-Edition 20160315
Microsoft 20160315
eScan 20160315
NANO-Antivirus 20160315
nProtect 20160314
Panda 20160314
Qihoo-360 20160315
Rising 20160315
Sophos AV 20160315
SUPERAntiSpyware 20160315
Symantec 20160315
Tencent 20160315
TheHacker 20160314
TotalDefense 20160315
TrendMicro 20160315
TrendMicro-HouseCall 20160315
VBA32 20160314
VIPRE 20160315
ViRobot 20160315
Zillya 20160314
Zoner 20160315
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-24 03:56:37
Entry Point 0x00315ACE
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetTextMetricsW
SetStretchBltMode
CreatePen
SaveDC
CreateFontIndirectA
LineTo
EndPath
GetClipBox
GetObjectType
GetDeviceCaps
EnumFontFamiliesExA
DeleteDC
RestoreDC
PolyBezierTo
GetCharWidthW
GetRegionData
GetObjectW
BitBlt
GetTextFaceA
SetDIBitsToDevice
MoveToEx
IntersectClipRect
FillPath
CreateBitmap
CreateFontA
SetMiterLimit
GetOutlineTextMetricsW
GetDIBits
SelectClipRgn
CreateCompatibleDC
StrokeAndFillPath
StretchDIBits
StrokePath
ExtEscape
CreateRectRgn
CloseFigure
SelectObject
SetPolyFillMode
CreateSolidBrush
WidenPath
ExtCreatePen
GetClipRgn
GetFontData
BeginPath
DeleteObject
CreateCompatibleBitmap
SelectClipPath
GetLastError
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetCurrencyFormatW
CreateFileMappingW
FileTimeToSystemTime
LoadLibraryW
OpenThread
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
LoadLibraryA
GetUserGeoID
GetGeoInfoW
GetSystemDirectoryA
SystemTimeToTzSpecificLocalTime
RaiseException
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetThreadLocale
GetLocaleInfoA
GetCurrentProcessId
CreateSemaphoreA
DeleteFileA
GetDateFormatW
GetTempFileNameA
MultiByteToWideChar
GetProcAddress
GetSystemInfo
GetCurrentThread
SuspendThread
GetTimeFormatW
GetTempPathA
QueryPerformanceFrequency
ReleaseSemaphore
WideCharToMultiByte
MapViewOfFile
LoadLibraryExA
GetTimeZoneInformation
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
GetACP
DecodePointer
OutputDebugStringA
ResumeThread
FreeLibrary
GetThreadPriority
CreateEventW
ResetEvent
InitializeCriticalSection
UnmapViewOfFile
GetThreadContext
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
GetNumberFormatW
SetLastError
LeaveCriticalSection
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?width@ios_base@std@@QBE_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??Bid@locale@std@@QAEIXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Syserror_map@std@@YAPBDH@Z
_Inf
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAPBDH@Z
_Nan
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z
?width@ios_base@std@@QAE_J_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?good@ios_base@std@@QBE_NXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_FNan
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1_Lockit@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?flags@ios_base@std@@QBEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Xbad_alloc@std@@YAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??_7ios_base@std@@6B@
fseek
nearbyint
strncpy_s
??1type_info@@UAE@XZ
fclose
_time64
_libm_sse2_sin_precise
strtoul
fflush
_CIfmod
__timezone
strtol
fputc
strtod
fwrite
lrintf
_strlwr
isspace
sprintf
rand_s
??3@YAXPAX@Z
_aligned_free
memcpy_s
memcpy
__RTtypeid
strstr
_dpcomp
memmove
remove
_libm_sse2_cos_precise
modf
_libm_sse2_acos_precise
memchr
strncmp
_libm_sse2_atan_precise
fgetc
memset
wcschr
_stricmp
__RTDynamicCast
_vsnprintf_s
__clean_type_info_names_internal
strchr
_dsign
??2@YAPAXI@Z
fgetpos
fsetpos
??9type_info@@QBE_NABV0@@Z
ftell
exit
??_V@YAXPAX@Z
strrchr
fopen_s
_initterm_e
_crt_debugger_hook
free
__CxxFrameHandler3
_except_handler4_common
_aligned_malloc
_libm_sse2_log10_precise
_libm_sse2_log_precise
_gmtime64
sprintf_s
_vsnprintf
bsearch
_initterm
rand
_scalb
raise
roundf
realloc
__dllonexit
ldexp
_setjmp3
printf
fopen
_vsnwprintf
strncpy
_itoa
log
_HUGE
qsort
_tzset
_onexit
_libm_sse2_asin_precise
_libm_sse2_sqrt_precise
getenv
atoi
vfprintf
atol
_purecall
lrint
__crtUnhandledException
_libm_sse2_pow_precise
_libm_sse2_tan_precise
_beginthreadex
ungetc
_unlock_file
__tzname
_malloc_crt
malloc
__iob_func
_CIatan2
__crtTerminateProcess
fread
abort
fprintf
isdigit
strncat
_localtime64_s
_except1
_fdsign
_lock
sqrt
_strdup
rewind
_amsg_exit
longjmp
?terminate@@YAXXZ
_unlock
??8type_info@@QBE_NABV0@@Z
_fseeki64
calloc
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
ceil
_dtest
wcstombs
floor
_lock_file
_calloc_crt
exp
__CppXcptFilter
setvbuf
timeGetTime
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:09:24 04:56:37+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
5493248

LinkerVersion
12.0

FileTypeExtension
dll

InitializedDataSize
2758144

SubsystemVersion
5.1

EntryPoint
0x315ace

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 bb3736e6c754df30870ec8e04ddc9506
SHA1 3986aa801fc0c42d50a403a064a8f30e5c65cf8d
SHA256 6674fa428c32382c9118a14e9df9c1731fb6f143b37a0b049fd147057b8e3cc3
ssdeep
196608:ggt9xmgdP42N5K35r2D5vxzS6v/Tq2zofcqCYCel2gT:gQmgdQ2K3h2D5vxzHv/po3Pvj

authentihash af1c42260e90c5bbc1ea971c75ea03ddf73c95af1de61b78d0c2baf5a84c25b3
imphash d43f529acba97268c93d937713e4977c
File size 7.8 MB ( 8225280 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (53.4%)
Win64 Executable (generic) (35.5%)
Win32 Executable (generic) (5.8%)
Generic Win/DOS Executable (2.5%)
DOS Executable Generic (2.5%)
Tags
pedll

VirusTotal metadata
First submission 2015-10-04 06:27:31 UTC ( 3 years, 5 months ago )
Last submission 2015-10-04 06:27:31 UTC ( 3 years, 5 months ago )
File names pdf.dll.10272_1.31980.partial
is-3mvjk.tmp
is-skhjv.tmp
pdf.dll
is-9b6dv.tmp
pdf.dll
tmpckac37
6674FA428C32382C9118A14E9DF9C1731FB6F143B37A0B049FD147057B8E3CC3
is-h7rjf.tmp
is-ag7og.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!