× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87e98815d0e8485202161b838d1a28ad412d1e641d76fb41154f09257dcc1b9c
File name: eclipse_1017a.dll
Detection ratio: 0 / 55
Analysis date: 2014-11-10 18:18:02 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware 20141110
AegisLab 20141110
Yandex 20141110
AhnLab-V3 20141110
Antiy-AVL 20141110
Avast 20141110
AVG 20141110
Avira (no cloud) 20141110
AVware 20141110
Baidu-International 20141107
BitDefender 20141110
Bkav 20141110
ByteHero 20141110
CAT-QuickHeal 20141110
ClamAV 20141110
CMC 20141110
Comodo 20141110
Cyren 20141110
DrWeb 20141110
Emsisoft 20141110
ESET-NOD32 20141110
F-Prot 20141110
F-Secure 20141110
Fortinet 20141110
GData 20141110
Ikarus 20141110
Jiangmin 20141109
K7AntiVirus 20141110
K7GW 20141110
Kaspersky 20141110
Kingsoft 20141110
Malwarebytes 20141110
McAfee 20141110
McAfee-GW-Edition 20141110
Microsoft 20141110
eScan 20141110
NANO-Antivirus 20141110
Norman 20141110
nProtect 20141110
Panda 20141110
Qihoo-360 20141110
Rising 20141110
Sophos AV 20141110
SUPERAntiSpyware 20141110
Symantec 20141110
Tencent 20141110
TheHacker 20141110
TotalDefense 20141110
TrendMicro 20141110
TrendMicro-HouseCall 20141110
VBA32 20141110
VIPRE 20141110
ViRobot 20141110
Zillya 20141110
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-23 17:45:45
Entry Point 0x0000B70E
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
GetObjectA
GetDeviceCaps
GetObjectW
GetStdHandle
LoadLibraryW
GetExitCodeProcess
FindFirstFileW
LoadLibraryA
GetStartupInfoA
GetCurrentProcessId
OpenProcess
AllocConsole
GetStartupInfoW
MapViewOfFile
GetProcAddress
CreateFileMappingW
WideCharToMultiByte
SetEnvironmentVariableW
GetModuleHandleA
FindNextFileW
GetCurrentProcess
FindFirstFileA
CreateFileMappingA
FindNextFileA
DuplicateHandle
GetModuleHandleW
SetEnvironmentVariableA
FreeLibrary
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
CreateProcessW
FindClose
GetEnvironmentVariableW
CloseHandle
strncmp
malloc
sscanf
wprintf
_getcwd
memset
fclose
strcat
_stricmp
exit
wcstol
toupper
printf
fgets
swprintf
fopen
strlen
towupper
strncpy
strtol
_wcsdup
_wgetenv
wcslen
wcscmp
_strdup
sprintf
realloc
strrchr
_wstat
wcsncpy
wcsrchr
strchr
_wcsicmp
_fdopen
wcschr
_adjust_fdiv
free
getenv
wcscat
wcsncmp
_wfopen
_wgetcwd
_open_osfhandle
memcpy
_stat
strstr
_errno
swscanf
wcscpy
strcpy
wcsstr
_initterm
strcmp
fgetws
_iob
GetMessageA
SetClassLongW
KillTimer
GetMessageW
ShowWindow
SetClassLongA
SetWindowPos
GetSystemMetrics
MessageBoxW
PeekMessageW
DispatchMessageA
MessageBoxA
PeekMessageA
TranslateMessage
GetDC
ReleaseDC
SendMessageW
SendMessageA
SetTimer
BringWindowToTop
DispatchMessageW
CreateWindowExA
LoadImageW
LoadIconA
LoadImageA
LoadIconW
CreateWindowExW
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:05:23 18:45:45+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

FileAccessDate
2014:11:10 19:21:01+01:00

EntryPoint
0xb70e

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:10 19:21:01+01:00

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 70ca9f5df788b1745f99474ecff8ca0a
SHA1 7319cc9d0372dbb8d009bab73a6590b1c29e8995
SHA256 87e98815d0e8485202161b838d1a28ad412d1e641d76fb41154f09257dcc1b9c
ssdeep
1536:+CEbREmBAT04dfHnuCOPPf6yiLkIDiJgSgXvf:ibvBIdvnPOnf6LkIeJgSM

authentihash eadbc53181860611886a1405c4f706489ab6e159c646121955f352170e2a6b67
imphash 4d59d413bb61bfa8578d81345441eba0
File size 68.0 KB ( 69632 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2012-04-29 17:47:32 UTC ( 6 years, 8 months ago )
Last submission 2012-09-03 04:38:34 UTC ( 6 years, 4 months ago )
File names sbse____.rja
eclipse_1017a.dll
eclipse_1017a.dll
eclipse_1017a.dll
70ca9f5df788b1745f99474ecff8ca0a
297df598-4c9e-4c1b-b295-87b50e5d05beeclipse_1017a.dll
eclipse_1017a-{1b33efdd-0d48-473c-8f06-3e4f828c1c13}-v461333454.dll
eclipse_1017a.dll
eclipse_1017a.dll
eclipse_1017a.dll
eclipse_1017a.dll
eclipse_1017a.dll
87E98815D0E8485202161B838D1A28AD412D1E641D76FB41154F09257DCC1B9C
ecli6466.rra
eclipse_1017a.dll
eclipse_1017a-{1b33efdd-0d48-473c-8f06-3e4f828c1c13}-v461335058.dll
eclipse_1017a.dll
eclipse_1017a.dll
7ee5251a-3128-4650-9762-d0d638d34f0beclipse_1017a.dll
bit7e2c.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!