× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81edea696a5d42d8641eabd03c57d11c4236915b484157d52743046344430a50
File name: Microsoft.VisualBasic.PowerPacks.dll
Detection ratio: 0 / 55
Analysis date: 2015-11-28 06:29:55 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151128
AegisLab 20151127
Yandex 20151127
AhnLab-V3 20151127
Alibaba 20151127
ALYac 20151128
Antiy-AVL 20151128
Arcabit 20151128
Avast 20151128
AVG 20151128
Avira (no cloud) 20151128
AVware 20151128
Baidu-International 20151127
BitDefender 20151128
Bkav 20151127
ByteHero 20151128
CAT-QuickHeal 20151126
ClamAV 20151128
CMC 20151127
Comodo 20151128
Cyren 20151128
DrWeb 20151128
Emsisoft 20151128
ESET-NOD32 20151128
F-Prot 20151128
F-Secure 20151128
Fortinet 20151128
GData 20151128
Ikarus 20151128
Jiangmin 20151127
K7AntiVirus 20151128
K7GW 20151128
Kaspersky 20151128
Malwarebytes 20151128
McAfee 20151128
McAfee-GW-Edition 20151128
Microsoft 20151128
eScan 20151128
NANO-Antivirus 20151128
nProtect 20151127
Panda 20151127
Qihoo-360 20151128
Rising 20151127
Sophos AV 20151128
SUPERAntiSpyware 20151128
Symantec 20151127
Tencent 20151128
TheHacker 20151127
TrendMicro 20151128
TrendMicro-HouseCall 20151128
VBA32 20151126
VIPRE 20151128
ViRobot 20151128
Zillya 20151127
Zoner 20151128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft (R) Visual Basic (R) 2005 Power Packs 3.0
Original name Microsoft.VisualBasic.PowerPacks.dll
Internal name Microsoft.VisualBasic.PowerPacks.dll
File version 3.0.30214.0
Description Microsoft.VisualBasic.PowerPacks.dll
Comments Microsoft.VisualBasic.PowerPacks.dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-14 05:07:38
Entry Point 0x000538EE
Number of sections 4
.NET details
Module Version ID dfa82dd7-bad4-4f30-8099-8678bf7802c3
PE sections
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Microsoft.VisualBasic.PowerPacks.dll

InitializedDataSize
12288

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.30214.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Microsoft.VisualBasic.PowerPacks.dll

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x538ee

OriginalFileName
Microsoft.VisualBasic.PowerPacks.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
3.0.30214.0

TimeStamp
2008:02:14 06:07:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Microsoft.VisualBasic.PowerPacks.dll

ProductVersion
3.0.30214.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
335872

ProductName
Microsoft (R) Visual Basic (R) 2005 Power Packs 3.0

ProductVersionNumber
3.0.30214.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
9.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 eb0ea347bc91d16dd49e696987de7fdc
SHA1 a2b2221d0983c3f2615ffeb9582c0fc4446dade8
SHA256 81edea696a5d42d8641eabd03c57d11c4236915b484157d52743046344430a50
ssdeep
6144:I7eC+b9bonfD3ir3O7lenLv1UWmJm73CRWKC1TS:IkJofDNenLvaWuBv

authentihash 637a823b224080d4d5c67ed407126b7250cb3b7b8ee00789ba5148e16b1696b2
imphash dae02f32a21e03ce65412f6e56942daa
File size 344.0 KB ( 352256 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (72.1%)
Win32 Executable MS Visual C++ (generic) (9.5%)
Win64 Executable (generic) (8.4%)
Windows screen saver (3.9%)
Win32 Dynamic Link Library (generic) (2.0%)
Tags
assembly pedll

VirusTotal metadata
First submission 2009-07-18 03:16:38 UTC ( 9 years, 7 months ago )
Last submission 2018-05-18 16:19:15 UTC ( 9 months ago )
File names _63D42D0EEE3B08EC9125116E66BB3923
0001ebc5.tmp
clamav-0430f3bcc38a237110358f5f23f7029e.tmp
_F5B8AAFE25E4F651AE3FE0885AC3B234
f046ad.rbf
_7761D418CAE2BA4BB39A29BB321B3DCE
_f8c3f29cf0af6927abdfaac0b1635b3f.27748_1.116696.partial
bita6fa.tmp
050320150917459048_microsoft.visualbasic.powerpacks.dll
microsoft.visualbasic.powerpacks.dll.deploy
_E3F6C2DE892E5B33CA6EA3B0B6C26F38
_1DE45BFBDB97F381B5BB98DBB703B90B
81edea696a5d42d8_microsoft.visualbasic.powerpacks.dll
_4352706722DA85F765E148B8CA50544E
is-kaklq.tmp
sbs_ve_ambr_20150615025632.629_ 33899
microsoft.visualbasic.powerpacks.dll
_481928F47C5899C30B308E4633DF99CD
_03CB61F2CF2B08B950451684E3BC60A3
tmpbejfqq
sbs_ve_ambr_20150912031202.614_ 264287
_F6A765BCEDC44DA9EE8D2E72455378D4
_1FA3E70D05E625F8BE92CB3D0F9DCC2A
_211225C68C0880CFE766A13476E1BBBD
eb0ea347bc91d16dd49e696987de7fdc___Microsoft.VisualBasic.PowerPacks.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!