× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f4ee6e4e576047a2237433b931b4911a6c4e64bb27fcc2527e66b821acae7e0
File name: sfc.dll
Detection ratio: 7 / 45
Analysis date: 2013-03-21 03:51:22 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Banker-BKL [Trj] 20130321
CAT-QuickHeal TrojanSpy.Banker.alr 20130320
Fortinet Riskware/PatchedSFC 20130321
GData Win32:Banker-BKL 20130321
Kaspersky not-a-virus:RiskTool.Win32.SFCDisable.a 20130321
McAfee PatchedSFC 20130321
McAfee-GW-Edition PatchedSFC 20130321
AVG 20130320
Agnitum 20130320
AhnLab-V3 20130321
AntiVir 20130320
Antiy-AVL 20130317
BitDefender 20130321
ByteHero 20130320
ClamAV 20130320
Commtouch 20130320
Comodo 20130321
DrWeb 20130321
ESET-NOD32 20130321
Emsisoft 20130321
F-Prot 20130321
F-Secure 20130321
Ikarus 20130321
Jiangmin 20130320
K7AntiVirus 20130320
Kingsoft 20130318
Malwarebytes 20130321
MicroWorld-eScan 20130321
Microsoft 20130320
NANO-Antivirus 20130321
Norman 20130320
PCTools 20130321
Panda 20130320
SUPERAntiSpyware 20130321
Sophos 20130321
Symantec 20130321
TheHacker 20130321
TotalDefense 20130320
TrendMicro 20130321
TrendMicro-HouseCall 20130321
VBA32 20130320
VIPRE 20130321
ViRobot 20130321
eSafe 20130319
nProtect 20130321
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block
Copyright
Copyright (C) Microsoft Corp. 1981-1999

Publisher Microsoft Corporation
Product Microsoft(R) Windows (R) 2000 Operating System
Original name sfc.dll
Internal name sfc.dll
File version 5.00.2195.6922
Description Windows File Protection
Signature verification The digital signature of the object did not verify.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-20 21:20:02
Link date 10:20 PM 4/20/2004
Entry Point 0x00006780
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
GetFileSecurityW
RegCloseKey
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
FreeSid
ReportEventW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
AllocateAndInitializeSid
LookupPrivilegeValueW
CheckTokenMembership
RegQueryValueExW
InitializeSecurityDescriptor
GetSystemTime
GetLastError
EnterCriticalSection
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
GetTickCount
DisableThreadLibraryCalls
GetFileAttributesW
LoadLibraryA
GetCurrentProcess
GetDriveTypeW
LocalAlloc
DelayLoadFailureHook
SetErrorMode
CreateDirectoryW
GetProcAddress
GetComputerNameW
SetFilePointer
RaiseException
CreateThread
ExpandEnvironmentStringsW
InterlockedExchange
WriteFile
ResetEvent
GetComputerNameExW
GetModuleHandleW
SetEvent
LocalFree
FormatMessageW
CreateEventW
InitializeCriticalSection
OpenEventW
CreateFileW
GetDiskFreeSpaceExW
SetFileAttributesW
CloseHandle
GetCurrentThreadId
GetFileSize
SetLastError
LeaveCriticalSection
_except_handler3
_wcsicmp
_vsnwprintf
memmove
_wcsnicmp
wcsncpy
wcschr
wcscat
wcscpy
wcslen
wcscmp
swprintf
towlower
wcsstr
wcstoul
wcsrchr
I_RpcMapWin32Status
RpcBindingFree
NdrClientCall2
RpcServerUseProtseqEpW
RpcServerListen
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrServerCall2
RpcStringFreeW
RpcServerRegisterIf
RegisterWindowMessageW
GetUserObjectInformationW
UpdateWindow
EndDialog
FindWindowW
ShowWindow
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
MoveWindow
DialogBoxParamW
RegisterDeviceNotificationW
TranslateMessage
SetThreadDesktop
GetDlgItemTextW
PostMessageW
SetDlgItemTextW
OpenInputDesktop
CreateDialogParamW
SendMessageW
LoadStringW
GetDlgItem
IsDialogMessageW
CloseDesktop
UnregisterDeviceNotification
DispatchMessageW
MsgWaitForMultipleObjects
wsprintfW
SetForegroundWindow
LdrUnloadDll
RtlInitUnicodeString
RtlGetAce
NtSetEvent
NtSetInformationFile
NtCreateKey
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
NtCreateEvent
NtQueryValueKey
NtFsControlFile
RtlInitializeCriticalSection
NtMapViewOfSection
RtlLeaveCriticalSection
NtWaitForMultipleObjects
NtResetEvent
NtWriteFile
NtDeleteFile
RtlAllocateHeap
NtSetValueKey
NtOpenFile
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
NtUnmapViewOfSection
LdrFindResource_U
RtlStringFromGUID
RtlNtStatusToDosError
NtCreateFile
RtlFreeHeap
NtWaitForSingleObject
NtFlushBuffersFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlEnterCriticalSection
NtCreateSection
NtOpenKey
RtlReAllocateHeap
LdrGetProcedureAddress
RtlQueryInformationAcl
NtQuerySecurityObject
NtNotifyChangeDirectoryFile
LdrLoadDll
RtlInitString
NtQueryInformationFile
LdrAccessResource
NtClose
SfcGetFiles
PE exports
Number of PE resources by type
RT_ICON 12
RT_DIALOG 3
RT_STRING 3
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
ExifTool file metadata
SubsystemVersion
4.1

LinkerVersion
5.12

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
5.0.2195.6922

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53760

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp. 1981-1999

FileVersion
5.00.2195.6922

TimeStamp
2004:04:20 22:20:02+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
sfc.dll

FileAccessDate
2014:02:16 11:13:07+01:00

ProductVersion
5.00.2195.6922

FileDescription
Windows File Protection

OSVersion
5.0

FileCreateDate
2014:02:16 11:13:07+01:00

OriginalFilename
sfc.dll

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
48128

ProductName
Microsoft(R) Windows (R) 2000 Operating System

ProductVersionNumber
5.0.2195.6922

EntryPoint
0x6780

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cef34c1791fdfffd495ab71d281dd3c0
SHA1 d5c40ff8b69af6dc7ca21f77e6eda99e0fa6f0e0
SHA256 8f4ee6e4e576047a2237433b931b4911a6c4e64bb27fcc2527e66b821acae7e0
ssdeep
1536:8BOx0gaox85tC9JvLPDPZpDJPqXPZF3FwtKoN:KLg1xEtC9JvLrP7DmP3FwpN

imphash 280ab388597158c6d0c518ac29ecb334
File size 92.2 KB ( 94456 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-03-21 03:51:22 UTC ( 1 year, 1 month ago )
Last submission 2014-02-16 10:12:41 UTC ( 2 months, 1 week ago )
File names file-5535797_dll
sfc.dll
virussign.com_cef34c1791fdfffd495ab71d281dd3c0.vir
sfc.dll
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!