× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9774e4388d69ea712b27a45fd07b89c8b6431879d12e47c087edf526c3f44c67
File name: qjpeg4.dll_dip_staged
Detection ratio: 0 / 48
Analysis date: 2013-10-12 17:41:15 UTC ( 5 years, 5 months ago )
Antivirus Result Update
Yandex 20131012
AhnLab-V3 20131012
AntiVir 20131012
Antiy-AVL 20131012
Avast 20131012
AVG 20131012
Baidu-International 20131012
BitDefender 20131012
Bkav 20131012
ByteHero 20130924
CAT-QuickHeal 20131011
ClamAV 20131012
Commtouch 20131012
Comodo 20131012
DrWeb 20131012
Emsisoft 20131012
ESET-NOD32 20131012
F-Prot 20131012
F-Secure 20131012
Fortinet 20131012
GData 20131012
Ikarus 20131012
Jiangmin 20131012
K7AntiVirus 20131011
K7GW 20131011
Kaspersky 20131012
Kingsoft 20130829
Malwarebytes 20131012
McAfee 20131012
McAfee-GW-Edition 20131012
Microsoft 20131012
eScan 20131012
NANO-Antivirus 20131012
Norman 20131012
nProtect 20131011
Panda 20131012
PCTools 20131002
Rising 20131012
Sophos AV 20131012
SUPERAntiSpyware 20131012
Symantec 20131012
TheHacker 20131011
TotalDefense 20131011
TrendMicro 20131012
TrendMicro-HouseCall 20131012
VBA32 20131011
VIPRE 20131012
ViRobot 20131012
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies).

Publisher Nokia Corporation and/or its subsidiary(-ies)
Product Qt4
Original name qjpeg4.dll
File version 4.8.2.0
Description C++ application development framework.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-14 19:58:01
Entry Point 0x0002E019
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
DecodePointer
GetCurrentProcessId
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
EncodePointer
_malloc_crt
malloc
sscanf
memset
fread
__dllonexit
fprintf
_setjmp3
fflush
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
fwrite
_lock
_onexit
exit
sprintf
_initterm_e
ferror
??_V@YAXPAX@Z
_CxxThrowException
longjmp
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
getenv
__CxxFrameHandler3
_except_handler4_common
memcpy
__iob_func
__CxxLongjmpUnwind
_encoded_null
__CppXcptFilter
_initterm
??0QVariant@@QAE@ABVQRect@@@Z
?write@QIODevice@@QAE_JPBD_J@Z
?detach@QListData@@QAEPAUData@1@H@Z
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?read@QIODevice@@QAE_JPAD_J@Z
?append@QListData@@QAEPAPAXXZ
??1QByteArray@@QAE@XZ
?free@QString@@CAXPAUData@1@@Z
?qWarning@@YAXPBDZZ
??4QVariant@@QAEAAV0@$$QAV0@@Z
?isWritable@QIODevice@@QBE_NXZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?toSize@QVariant@@QBE?AVQSize@@XZ
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?removeGuard@QMetaObject@@SAXPAPAVQObject@@@Z
??1QVariant@@QAE@XZ
?peek@QIODevice@@QAE_JPAD_J@Z
??IQRect@@QBE?AV0@ABV0@@Z
?fromLatin1_helper@QString@@CAPAUData@1@PBDH@Z
??0QByteArray@@QAE@PBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?toRect@QVariant@@QBE?AVQRect@@XZ
??1QString@@QAE@XZ
?shared_null@QListData@@2UData@1@A
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?isOpen@QIODevice@@QBE_NXZ
??0QVariant@@QAE@H@Z
?qDetectCPUFeatures@@YAIXZ
?free@QVectorData@@SAXPAU1@H@Z
??0QString@@QAE@ABV0@@Z
??0QVariant@@QAE@XZ
??0QVariant@@QAE@ABV0@@Z
?staticMetaObject@QBuffer@@2UQMetaObject@@B
?changeGuard@QMetaObject@@SAXPAPAVQObject@@PAV2@@Z
?qFree@@YAXPAX@Z
??0QVariant@@QAE@ABVQSize@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?toInt@QVariant@@QBEHPA_N@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?isReadable@QIODevice@@QBE_NXZ
?data@QBuffer@@QBEABVQByteArray@@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
?copy@QImage@@QBE?AV1@HHHH@Z
?scaled@QImage@@QBE?AV1@ABVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?copy@QImage@@QBE?AV1@ABVQRect@@@Z
?dotsPerMeterX@QImage@@QBEHXZ
??1QImageIOHandler@@UAE@XZ
?metaObject@QImageIOPlugin@@UBEPBUQMetaObject@@XZ
?setColorCount@QImage@@QAEXH@Z
?setColor@QImage@@QAEXHI@Z
??0QImage@@QAE@ABVQSize@@W4Format@0@@Z
?jumpToImage@QImageIOHandler@@UAE_NH@Z
?width@QImage@@QBEHXZ
?dotsPerMeterY@QImage@@QBEHXZ
?size@QImage@@QBE?AVQSize@@XZ
?format@QImage@@QBE?AW4Format@1@XZ
?currentImageNumber@QImageIOHandler@@UBEHXZ
??1QImage@@UAE@XZ
?jumpToNextImage@QImageIOHandler@@UAE_NXZ
?constScanLine@QImage@@QBEPBEH@Z
?isNull@QImage@@QBE_NXZ
??0QImageIOHandler@@QAE@XZ
?loopCount@QImageIOHandler@@UBEHXZ
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?setDotsPerMeterY@QImage@@QAEXH@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z
?colorCount@QImage@@QBEHXZ
?scanLine@QImage@@QAEPAEH@Z
??4QImage@@QAEAAV0@$$QAV0@@Z
?height@QImage@@QBEHXZ
?imageCount@QImageIOHandler@@UBEHXZ
?nextImageDelay@QImageIOHandler@@UBEHXZ
??1QImageIOPlugin@@UAE@XZ
?colorTable@QImage@@QBE?AV?$QVector@I@@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?setDotsPerMeterX@QImage@@QAEXH@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?convertToFormat@QImage@@QBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
4.82

FileSubtype
0

FileVersionNumber
4.8.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
24064

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.8.2.0

TimeStamp
2013:02:14 20:58:01+01:00

FileType
Win32 DLL

PEType
PE32

FileDescription
C++ application development framework.

OSVersion
5.1

OriginalFilename
qjpeg4.dll

LegalCopyright
Copyright (C) 2012 Nokia Corporation and/or its subsidiary(-ies).

MachineType
Intel 386 or later, and compatibles

CompanyName
Nokia Corporation and/or its subsidiary(-ies)

CodeSize
186880

ProductName
Qt4

ProductVersionNumber
4.8.2.0

EntryPoint
0x2e019

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 b22e8e4bdd3b65c2ca51967f03c5e68e
SHA1 87c1a0715928a519e5f2c074c285852abfa0fdbf
SHA256 9774e4388d69ea712b27a45fd07b89c8b6431879d12e47c087edf526c3f44c67
ssdeep
6144:DDLbKEoMDUZn1/yoWs2DvI8i9WomsOQAAvW84AS+i8OfM:vdUF16oWfvJi9WoN

File size 207.0 KB ( 211968 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2013-10-12 17:41:15 UTC ( 5 years, 5 months ago )
Last submission 2013-10-12 17:41:15 UTC ( 5 years, 5 months ago )
File names qjpeg4.dll
qjpeg4.dll
qjpeg4.dll
qjpeg4.dll_dip_staged
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!