× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ea5ec89b93e3fdd81e2c8313c43442d0e104c86202e3db119a3389bc3150396
File name: cgetenv.dll
Detection ratio: 0 / 56
Analysis date: 2016-06-04 08:55:44 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20160604
AegisLab 20160604
AhnLab-V3 20160603
Alibaba 20160603
ALYac 20160604
Antiy-AVL 20160604
Arcabit 20160604
Avast 20160604
AVG 20160604
Avira (no cloud) 20160603
AVware 20160604
Baidu 20160603
Baidu-International 20160604
BitDefender 20160604
Bkav 20160603
CAT-QuickHeal 20160604
ClamAV 20160604
CMC 20160602
Comodo 20160604
Cyren 20160604
DrWeb 20160604
Emsisoft 20160604
ESET-NOD32 20160604
F-Prot 20160604
F-Secure 20160604
Fortinet 20160604
GData 20160604
Ikarus 20160604
Jiangmin 20160604
K7AntiVirus 20160604
K7GW 20160604
Kaspersky 20160604
Kingsoft 20160604
Malwarebytes 20160604
McAfee 20160604
McAfee-GW-Edition 20160604
Microsoft 20160604
eScan 20160604
NANO-Antivirus 20160604
nProtect 20160603
Panda 20160604
Qihoo-360 20160604
Rising 20160604
Sophos AV 20160604
SUPERAntiSpyware 20160604
Symantec 20160604
Tencent 20160604
TheHacker 20160604
TrendMicro 20160604
TrendMicro-HouseCall 20160604
VBA32 20160603
VIPRE 20160604
ViRobot 20160604
Yandex 20160603
Zillya 20160603
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-12 09:29:29
Entry Point 0x000013D5
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
CompareStringW
WideCharToMultiByte
TlsFree
WriteFile
GetCurrentProcess
CompareStringA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
LeaveCriticalSection
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:07:12 10:29:29+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
12288

SubsystemVersion
4.0

EntryPoint
0x13d5

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 9aa5a972576efea6899dac9ebf77f5c2
SHA1 19f3a247610631e6fe6c9d25f020879668755825
SHA256 7ea5ec89b93e3fdd81e2c8313c43442d0e104c86202e3db119a3389bc3150396
ssdeep
384:/DGKHT/7TFpTNJpr4Lg9UmlaKxeo9iGNVsyrtmcb1goZvlhjW:/13TFp7WLMiGfsE7ZgoFlh6

authentihash 777432178debdf5daf24f7801885afca629a75066b12dd75d09f3fe9080e6dfb
imphash f72e77bd5216eade6b71bff9d99e33a7
File size 32.0 KB ( 32768 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2009-10-06 13:58:48 UTC ( 9 years, 4 months ago )
Last submission 2016-06-04 08:55:44 UTC ( 2 years, 8 months ago )
File names CGetEnv.dll
cgetenv.dll
vsqp0jo6.aio
aurkvlnf.exe
CGetEnv.dl_
CGetEnv.dll
CGetEnv.dll
CGetEnv.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!