× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8bdffae6deb8f093ffbd15e73f14d7b61337b3f9b54fe89861cf9e4e94c120bd
File name: f12810
Detection ratio: 0 / 67
Analysis date: 2019-03-19 17:41:03 UTC ( 10 hours, 13 minutes ago )
Antivirus Result Update
Acronis 20190319
Ad-Aware 20190319
AegisLab 20190319
AhnLab-V3 20190319
Alibaba 20190306
ALYac 20190319
Antiy-AVL 20190319
Arcabit 20190319
Avast 20190319
Avast-Mobile 20190319
AVG 20190319
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
BitDefender 20190319
Bkav 20190318
CAT-QuickHeal 20190319
ClamAV 20190319
CMC 20190319
Comodo 20190319
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190319
Cyren 20190319
DrWeb 20190319
eGambit 20190319
Emsisoft 20190319
Endgame 20190215
ESET-NOD32 20190319
F-Prot 20190319
F-Secure 20190319
Fortinet 20190319
GData 20190319
Ikarus 20190319
Sophos ML 20190313
Jiangmin 20190319
K7AntiVirus 20190319
K7GW 20190319
Kaspersky 20190319
Kingsoft 20190319
Malwarebytes 20190319
MAX 20190319
McAfee 20190319
McAfee-GW-Edition 20190319
Microsoft 20190319
eScan 20190319
NANO-Antivirus 20190319
Palo Alto Networks (Known Signatures) 20190319
Panda 20190319
Qihoo-360 20190319
Rising 20190319
SentinelOne (Static ML) 20190317
Sophos AV 20190319
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
Tencent 20190319
TheHacker 20190319
TotalDefense 20190318
Trapmine 20190301
TrendMicro 20190319
TrendMicro-HouseCall 20190319
Trustlook 20190319
VBA32 20190319
ViRobot 20190319
Yandex 20190318
Zillya 20190319
ZoneAlarm by Check Point 20190319
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-04-15 17:41:44
Entry Point 0x00001400
Number of sections 11
PE sections
PE imports
GetLastError
EnterCriticalSection
QueryPerformanceCounter
GetTickCount
VirtualProtect
RtlAddFunctionTable
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
_yn
malloc
_putenv
sinh
setlocale
_jn
_hypot
wctomb
strxfrm
_finite
__dllonexit
_fpclass
abort
fprintf
strtoul
tan
strlen
clock
strcmp
_amsg_exit
asin
_errno
fwrite
_lock
_onexit
frexp
_nextafter
_y1
asctime
__setusermatherr
_ctime64
log10
_tzname
strtol
tanh
atan
_unlock
free
getenv
sprintf
vfprintf
_j0
_j1
calloc
cosh
strcoll
acos
_logb
_y0
wcstombs
mbtowc
_mktime64
mbstowcs
localeconv
__iob_func
memcpy
mblen
__mb_cur_max
_initterm
signal
Perl_sv_setnv_mg
Perl_sv_magic
win32_getenv
Perl_warn
Perl_sv_setuv_mg
Perl_sv_setpvn
Perl_sv_grow
Perl_sv_2iv_flags
Perl_my_setlocale
Perl_newXS_deffile
Perl_new_numeric
Perl_newSVuv
Perl_sv_backoff
Perl_newCONSTSUB
Perl_savepv
Perl_is_invariant_string
Perl_hv_common
Perl_newSVnv
Perl_ckwarn_d
Perl_sv_2uv_flags
Perl_set_numeric_standard
Perl_set_numeric_local
Perl_caller_cx
Perl_sv_derived_from
PL_curinterp
Perl_stack_grow
PL_nan
Perl_newRV
Perl_my_strftime
Perl_sv_setnv
Perl_sv_newmortal
Perl_sv_usepvn_flags
Perl_newSVpvn_flags
Perl_mg_set
Perl_newSVpvf_nocontext
Perl_xs_handshake
Perl_new_ctype
Perl_getcwd_sv
Perl_is_utf8_string
Perl_sv_setiv_mg
Perl_sv_setpv
Perl__is_cur_LC_category_utf8
Perl_get_context
Perl_block_gimme
Perl_warner
Perl_xs_boot_epilog
Perl_sv_free2
win32_async_check
Perl_mro_method_changed_in
Perl_save_pushptr
Perl_newSVpvn
Perl_sv_upgrade
Perl_sv_2pv_flags
Perl_sv_isa
Perl_sv_2nv_flags
Perl_croak_sv
Perl_taint_proper
PL_inf
Perl_new_collate
Perl_croak
Perl_sv_setiv
Perl_newSV
Perl_hv_common_key_len
Perl_newSVrv
Perl_croak_nocontext
Perl_newSVpv
Perl_cvgv_from_hek
Perl_get_hv
Perl_newSV_type
Perl_sv_2mortal
Perl_newSViv
Perl_croak_xs_usage
Perl_mg_get
Perl_init_tm
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
dll

TimeStamp
2018:04:15 19:41:44+02:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
68096

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, No debug, DLL

EntryPoint
0x1400

InitializedDataSize
107520

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
5632

Compressed bundles
File identification
MD5 86c0d7f5aa66231a800b1f1f253a3cab
SHA1 71b14a3a84f556406f0c93351de8130de55662f7
SHA256 8bdffae6deb8f093ffbd15e73f14d7b61337b3f9b54fe89861cf9e4e94c120bd
ssdeep
768:OJz+NCtg0UbqOaT7UsUk6alWWt1UvAthieUF6NffVeA3ikBJPcbrkqaTdVZi7RvJ:OZ1xjUkYAthieUF6Ndzc4RNYPr38293

authentihash 8c3ab930f985e9cc650949762874fbbc1bc458f19cc74d16741686deeb2504d1
imphash 2cbc2c2a3cc5891dee384df6f90f9106
File size 106.0 KB ( 108544 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (55.0%)
Microsoft Visual C++ compiled executable (generic) (32.9%)
OS/2 Executable (generic) (4.0%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2018-04-25 02:29:32 UTC ( 10 months, 4 weeks ago )
Last submission 2018-04-25 02:29:32 UTC ( 10 months, 4 weeks ago )
File names f12810
POSIX.xs.dll
POSIX.xs.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!