× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
File name: system.dll
Detection ratio: 0 / 67
Analysis date: 2018-10-08 19:01:05 UTC ( 1 week, 2 days ago )
Antivirus Result Update
Ad-Aware 20181008
AegisLab 20181008
AhnLab-V3 20181008
Alibaba 20180921
ALYac 20181008
Antiy-AVL 20181008
Arcabit 20181008
Avast 20181008
Avast-Mobile 20181008
AVG 20181008
Avira (no cloud) 20181008
AVware 20180925
Babable 20180918
Baidu 20181008
BitDefender 20181008
Bkav 20181008
CAT-QuickHeal 20181008
ClamAV 20181008
CMC 20181008
Comodo 20181008
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181008
Cyren 20181008
DrWeb 20181008
eGambit 20181008
Emsisoft 20181008
Endgame 20180730
ESET-NOD32 20181008
F-Prot 20181008
F-Secure 20181008
Fortinet 20181008
GData 20181008
Ikarus 20181008
Sophos ML 20180717
Jiangmin 20181008
K7AntiVirus 20181008
K7GW 20181008
Kaspersky 20181008
Kingsoft 20181008
Malwarebytes 20181008
MAX 20181008
McAfee 20181008
McAfee-GW-Edition 20181008
Microsoft 20181008
eScan 20181008
NANO-Antivirus 20181008
Palo Alto Networks (Known Signatures) 20181008
Panda 20181008
Qihoo-360 20181008
Rising 20181008
SentinelOne (Static ML) 20180926
Sophos AV 20181008
SUPERAntiSpyware 20181006
Symantec 20181008
Symantec Mobile Insight 20181001
TACHYON 20181008
Tencent 20181008
TheHacker 20181008
TrendMicro 20181008
TrendMicro-HouseCall 20181008
Trustlook 20181008
VBA32 20181008
VIPRE 20181008
ViRobot 20181008
Webroot 20181008
Yandex 20181008
Zillya 20181008
ZoneAlarm by Check Point 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:35
Entry Point 0x00002728
Number of sections 4
PE sections
PE imports
GlobalSize
lstrcpynW
GetLastError
lstrcpyW
WideCharToMultiByte
VirtualAlloc
lstrcmpiW
LoadLibraryW
GlobalFree
GlobalAlloc
FreeLibrary
MultiByteToWideChar
lstrlenW
VirtualProtect
GetProcAddress
GetModuleHandleW
lstrcatW
wsprintfW
CLSIDFromString
StringFromGUID2
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:24 20:19:35+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
7680

LinkerVersion
10.0

FileTypeExtension
dll

InitializedDataSize
2560

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x2728

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 bf712f32249029466fa86756f5546950
SHA1 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA256 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
ssdeep
192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

authentihash 51ac3c380ac6b39faaaaaa67b698b3b5e33ba17c905979a5c0fb98c46b638e12
imphash 039bcbc605477e8e87ec550c2e60e748
File size 11.0 KB ( 11264 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2012-03-09 22:52:22 UTC ( 6 years, 7 months ago )
Last submission 2018-10-08 19:01:05 UTC ( 1 week, 2 days ago )
File names system.dll
system.dll
System.dll
system.dll
system.dll
system.dll
7851cb12fa4131f1_System.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
system.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!