Antivirus scan for 82d3956825775b2a3e546a54fa9e32e7d5fd6d94b6f37a1754f188464ae0313d at 2018-11-14 03:03:07 UTC

Antivirus	Result	Update
Ad-Aware		20181112
AegisLab		20181114
AhnLab-V3		20181114
Alibaba		20180921
ALYac		20181114
Antiy-AVL		20181114
Arcabit		20181114
Avast		20181114
Avast-Mobile		20181113
AVG		20181114
Avira (no cloud)		20181114
Babable		20180918
Baidu		20181112
BitDefender		20181114
Bkav		20181113
CAT-QuickHeal		20181113
ClamAV		20181114
CMC		20181113
CrowdStrike Falcon (ML)		20181022
Cybereason		20180225
Cylance		20181114
Cyren		20181114
DrWeb		20181114
eGambit		20181114
Emsisoft		20181114
Endgame		20181108
ESET-NOD32		20181113
F-Prot		20181114
F-Secure		20181114
Fortinet		20181114
GData		20181114
Ikarus		20181113
Sophos ML		20181108
Jiangmin		20181114
K7AntiVirus		20181113
K7GW		20181113
Kaspersky		20181113
Kingsoft		20181114
Malwarebytes		20181113
MAX		20181114
McAfee		20181113
McAfee-GW-Edition		20181113
Microsoft		20181114
eScan		20181114
NANO-Antivirus		20181114
Palo Alto Networks (Known Signatures)		20181114
Panda		20181113
Qihoo-360		20181114
Rising		20181114
SentinelOne (Static ML)		20181011
Sophos AV		20181113
SUPERAntiSpyware		20181114
Symantec		20181114
Symantec Mobile Insight		20181108
TACHYON		20181114
Tencent		20181114
TheHacker		20181113
TotalDefense		20181113
TrendMicro		20181114
TrendMicro-HouseCall		20181114
Trustlook		20181114
VBA32		20181113
VIPRE		20181114
ViRobot		20181113
Webroot		20181114
Yandex		20181113
Zillya		20181113
ZoneAlarm by Check Point		20181114
Zoner		20181114

The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.

FileVersionInfo properties

Product GTK+

Original name libgdk_pixbuf-2.0-0.dll

Internal name libgdk_pixbuf-2.0-0

File version 2.16.6.0

Description GIMP Toolkit

Packers identified

F-PROT UPX

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2011-06-14 03:24:29

Entry Point 0x00032070

Number of sections 3

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

UPX0 4096 135168 0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 139264 69632 66560 7.91 b762d063a81a8cd16771e3520b3dfd2e

.rsrc 208896 8192 6144 4.80 08c0919a681dedf063a2fbd4c53d1891

Overlays

MD5 ec2ee17380374b4cfa0d7eadc17519cf

File type ASCII text

Offset 73216

Size 14

Entropy 3.09

PE imports

[+] KERNEL32.DLL

[+] OLE32.dll

[+] libgio-2.0-0.dll

[+] libglib-2.0-0.dll

[+] libgmodule-2.0-0.dll

[+] libgobject-2.0-0.dll

[+] libpng14-14.dll

[+] msvcrt.dll

PE exports

gdk_colorspace_get_type

gdk_interp_type_get_type

gdk_pixbuf_add_alpha

gdk_pixbuf_alpha_mode_get_type

gdk_pixbuf_animation_get_height

gdk_pixbuf_animation_get_iter

gdk_pixbuf_animation_get_static_image

gdk_pixbuf_animation_get_type

gdk_pixbuf_animation_get_width

gdk_pixbuf_animation_is_static_image

Number of PE resources by type

RT_VERSION 1

Number of PE resources by language

ENGLISH US 1

PE resources

72e9898250827fd8220af14187d5d36d03878474cccdaea4f70eb4d01b11fb24 data

ExifTool file metadata

UninitializedDataSize

135168

LinkerVersion

2.56

ImageVersion

1.0

FileSubtype

FileVersionNumber

2.16.6.0

LanguageCode

English (U.S.)

FileFlagsMask

0x0000

FileDescription

GIMP Toolkit

ImageFileCharacteristics

Executable, No line numbers, No symbols, 32-bit, No debug, DLL

CharacterSet

Unicode

InitializedDataSize

8192

EntryPoint

0x32070

OriginalFileName

libgdk_pixbuf-2.0-0.dll

MIMEType

application/octet-stream

LegalCopyright

FileVersion

2.16.6.0

TimeStamp

2011:06:14 04:24:29+01:00

FileType

Win32 DLL

PEType

PE32

InternalName

libgdk_pixbuf-2.0-0

ProductVersion

2.16.6

SubsystemVersion

4.0

OSVersion

4.0

FileOS

Win32

Subsystem

Windows command line

MachineType

Intel 386 or later, and compatibles

CompanyName

The GTK developer community

CodeSize

69632

ProductName

GTK+

ProductVersionNumber

2.16.6.0

FileTypeExtension

dll

ObjectFileType

Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers

While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.

6ddca324434ffa506cf7dc4e51db7935

20cf8728c55a8743aac86fb8d30ea898

ad113848834e7e877bd02fbf5f71f6d8

e7698c44f686354f3bfb9fcdd69dc61a

17ddac2b01ecb5bcbc1324db4df292ad

0e738171134ed11075977d1a9e5f8dfe

85d47eb257b06094f052e0c8aefa3bee

f696e7504b8684d420e58cac586dc6c2

fc0e6be0e2e46e6796704a1ca816dad5

4e10fb1a015b49ac68f76c1a3f4d9c0f

Execution parents

This file was created during the sandboxed execution of the following files.

07ccfbd05d677cedae8eb12f5990943b891ca3de71bd62bb969754a9a0cafc90

Compressed bundles

This file was also submitted to VirusTotal in the following compressed file bundles.

02845dc1541278cfb18c4d0a9f473462f5a77c4016dfe1f50a5a35329ab0c17f

02ff9722d2b40c95b46d041fdb75ec367dc0ec4ea10221ee22160680d4ebb981

03ec0038f07289c2ff80519a407334b01e50adb4bfda033c2e5e44e7ad19c6b4

062ffcdf16ae98a678c261f189ae9a8b9b460daae0914a769b3da9bd2b751640

0b6ae81d5457d36165426794c744ed78238a20c8bff5d231549ea199982e6c49

0e1099f32d730bc5724f5ff790dd46d0a50ced5671445028b5e1da76f9c4ba12

12079c0e9c9ccff4e02c2425f6ef086cebef1a0349cc47192f311c93f3b8ad2a

12d94fcb658f6e14754d9b7844ac7ad12da05fa2c2650e8fd8595f4a0fc12a81

14533da1bcb7f4b896b0478c56959d1a2a24fd3cb99bb6f99f228dd278891fc7

15585c2b55832dece5cdd357053a13281fd8f89d47eb276c4622647a54b1046a

File identification

MD5 b76d717da3aba8cd851c7dbb3583a3df

SHA1 2d91b658508c64b9de2233e3174b38814f622024

SHA256 82d3956825775b2a3e546a54fa9e32e7d5fd6d94b6f37a1754f188464ae0313d

ssdeep

1536:Op4L0ppJ4RjCEAiPE8Axikfg//9pLSWdglHL4TGDTr:y4QnkjCviPE8Kimi/whZXr

authentihash 48dd043249219feee7a483bc7aa45734fe3dd660f01ae73342ac2d44c8ef3f1c

imphash 555e2916107165c1c1be112a355d5c9e

File size 71.5 KB ( 73230 bytes )

File type Win32 DLL

Magic literal

PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID	UPX compressed Win32 Executable (38.2%) Win32 EXE Yoda's Crypter (37.5%) Win32 Dynamic Link Library (generic) (9.2%) Win32 Executable (generic) (6.3%) OS/2 Executable (generic) (2.8%)

VirusTotal metadata

First submission 2011-06-15 19:53:24 UTC ( 7 years, 8 months ago )

Last submission 2018-05-17 04:28:06 UTC ( 9 months, 1 week ago )

File names

smona131139552539169155339
libgdk_pixbuf_2.0_0.dll
smona132555480350775730288
smona131738789370746820906
smona131623031922449576594
libgdk_pixbuf-2.0-0.dll
libgdk_pixbuf-2.0-0
libgdk_pixbuf-2.0-0.dll.tmp
libgdk_pixbuf-2.0-0.dll
file-3259048_dll
smona132581986149196226928
b76d717da3aba8cd851c7dbb3583a3df
fwi3mwcqrrsltxrcgprroszyqfhweibe.dll
smona132521486427719942134
smona131473293512259096435
smona132268122735887671264
smona_82d3956825775b2a3e546a54fa9e32e7d5fd6d94b6f37a1754f188464ae0313d.bin
smona132762932649547280867
smona132778978793373752471
smona131427881462268391344
file-2743156_dll
14F1EE9D0E18D8FB1ECC01E4C7B7FE00938A511F.dll
smona132100384565511170815

Advanced heuristic and reputation engines

ClamAV

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight

SHA256:	82d3956825775b2a3e546a54fa9e32e7d5fd6d94b6f37a1754f188464ae0313d
File name:	libgdk_pixbuf-2.0-0
Detection ratio:	0 / 67
Analysis date:	2018-11-14 03:03:07 UTC ( 3 months, 1 week ago )

Ciphered bundle

FileVersionInfo properties

Packers identified

PE header basic information

PE sections

Overlays

PE imports

PE exports

Number of PE resources by type

Number of PE resources by language

PE resources

ExifTool file metadata

CarbonBlack CarbonBlack acts as a surveillance camera for computers

Execution parents

Compressed bundles

File identification

VirusTotal metadata

Advanced heuristic and reputation engines

Leave your comment...

Recover your password

Join VirusTotal Community

Sign in