× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 916a58e9bd8327792e4fdb83d4439536ce88ddc3a6cdc69cae579af7088078dd
File name: gentee.dll
Detection ratio: 0 / 66
Analysis date: 2019-04-20 20:27:12 UTC ( 5 hours, 44 minutes ago )
Antivirus Result Update
Acronis 20190419
Ad-Aware 20190420
AegisLab 20190420
AhnLab-V3 20190420
Alibaba 20190402
ALYac 20190420
Antiy-AVL 20190419
Arcabit 20190420
Avast 20190420
Avast-Mobile 20190415
AVG 20190420
Avira (no cloud) 20190420
Babable 20180918
Baidu 20190318
BitDefender 20190420
Bkav 20190420
CAT-QuickHeal 20190420
ClamAV 20190420
CMC 20190321
Comodo 20190420
CrowdStrike Falcon (ML) 20190212
Cybereason 20180308
Cyren 20190420
DrWeb 20190420
eGambit 20190420
Emsisoft 20190420
Endgame 20190403
ESET-NOD32 20190420
F-Secure 20190420
FireEye 20190420
Fortinet 20190420
GData 20190420
Ikarus 20190420
Sophos ML 20190313
Jiangmin 20190420
K7AntiVirus 20190420
K7GW 20190420
Kaspersky 20190420
Kingsoft 20190420
Malwarebytes 20190420
MAX 20190420
McAfee 20190420
McAfee-GW-Edition 20190420
Microsoft 20190420
eScan 20190420
NANO-Antivirus 20190420
Palo Alto Networks (Known Signatures) 20190420
Panda 20190420
Qihoo-360 20190420
Rising 20190420
SentinelOne (Static ML) 20190420
Sophos AV 20190420
SUPERAntiSpyware 20190418
Symantec Mobile Insight 20190418
TACHYON 20190420
Tencent 20190420
TheHacker 20190419
TotalDefense 20190416
Trapmine 20190325
TrendMicro-HouseCall 20190420
Trustlook 20190420
VBA32 20190419
VIPRE 20190419
ViRobot 20190420
Yandex 20190419
Zillya 20190419
ZoneAlarm by Check Point 20190420
Zoner 20190420
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-10-06 06:39:18
Entry Point 0x00008BA1
Number of sections 4
PE sections
PE imports
EnumFontFamiliesExA
ExitThread
IsDBCSLeadByte
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReadFile
HeapCreate
GetFileAttributesA
GetLastError
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetFileSize
SetHandleCount
AllocConsole
CreateDirectoryA
DeleteFileA
CreateThread
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
ReadConsoleA
CompareStringW
GetTempPathA
RaiseException
GetCPInfo
SetEnvironmentVariableW
GetStringTypeA
SetFilePointer
FindFirstFileA
WriteFile
InterlockedIncrement
CloseHandle
SetStdHandle
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
GetFullPathNameA
GetOEMCP
TerminateProcess
RemoveDirectoryA
WriteConsoleA
WideCharToMultiByte
GetCurrentProcess
InitializeCriticalSection
SetConsoleMode
SetLastError
VirtualFree
FindClose
InterlockedDecrement
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetModuleHandleA
CompareStringA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
SetFocus
GetMessageA
GetParent
EnumWindows
CreateDialogIndirectParamA
DefWindowProcA
SetWindowPos
CharLowerA
GetWindowRect
DispatchMessageA
ClientToScreen
EnumChildWindows
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
GetWindowLongA
IsWindowVisible
SendMessageA
GetClientRect
CreateDialogParamA
CharLowerBuffA
RegisterClassA
wsprintfA
LoadCursorA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetTopWindow
DialogBoxIndirectParamA
CoUninitialize
CoInitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:10:06 08:39:18+02:00

FileType
Win32 DLL

PEType
PE32

CodeSize
69632

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
32768

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x8ba1

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
File identification
MD5 427d8406efd63d3ed906c565c73fd610
SHA1 58b4d079e9e672cdf3bd234a15ee23d0f6393b86
SHA256 916a58e9bd8327792e4fdb83d4439536ce88ddc3a6cdc69cae579af7088078dd
ssdeep
1536:HUAaKDLiaDxHH8Bc2kf13ELp4GUqPnGqT43Xj2zT23dt0TrEX4ozi24:wImSHH8BSop4GUX/Iozi

authentihash 10812dad633a4c2fb890a391384ac11f2517a73dcded3e8e97f3379428719dc4
imphash b3314b8b126f1b0f2130e0fd83986a89
File size 96.0 KB ( 98304 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
armadillo pedll

VirusTotal metadata
First submission 2009-05-22 21:17:43 UTC ( 9 years, 11 months ago )
Last submission 2019-04-20 20:27:12 UTC ( 5 hours, 44 minutes ago )
File names sbs_ve_ambr_20160122160325.281_ 6
sbs_ve_ambr_20160124181934.010_ 28003
sbs_ve_ambr_20160212132951.618_ 165
sbs_ve_ambr_20160207080258.397_ 3
sbs_ve_ambr_20160203181856.170_ 28005
sbs_ve_ambr_20160126002721.093_ 115851
sbs_ve_ambr_20160203181858.698_ 28007
sbs_ve_ambr_20160126184557.887_ 68775
sbs_ve_ambr_20160207181504.578_ 16881
sbs_ve_ambr_20160124181933.591_ 28001
sbs_ve_ambr_20160122050902.797_ 53
sbs_ve_ambr_20160204062121.103_ 4
sbs_ve_ambr_20160201090923.596_ 156
sbs_ve_ambr_20160122185600.273_ 158827
sbs_ve_ambr_20160207181503.908_ 16879
sbs_ve_ambr_20160126184603.096_ 68783
sbs_ve_ambr_20160207181501.599_ 16875
sbs_ve_ambr_20160203181206.957_ 19155
sbs_ve_ambr_20160124181937.772_ 28009
sbs_ve_ambr_20160120214310.289_ 151
sbs_ve_ambr_20160203181858.338_ 28009
sbs_ve_ambr_20160126184055.570_ 113948
sbs_ve_ambr_20160201090923.361_ 158
sbs_ve_ambr_20160207181502.254_ 16877
sbs_ve_ambr_20160125054453.230_ 68
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!