× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b26ca21250d7cf0a86957937d515c131cb5cc6fc6bcdcd778a540e7acc53c2a9
File name: b26ca21250d7cf0a_srassetshelper.dll
Detection ratio: 2 / 67
Analysis date: 2018-01-04 16:13:48 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
ESET-NOD32 a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted 20180104
Rising Malware.Undefined!8.C (TFE:5:X6cgLad595Q) 20180104
Ad-Aware 20171225
AegisLab 20180104
AhnLab-V3 20180104
Alibaba 20180104
ALYac 20180104
Antiy-AVL 20180103
Arcabit 20180104
Avast 20180104
Avast-Mobile 20180104
AVG 20180104
Avira (no cloud) 20180104
AVware 20180103
Baidu 20180104
BitDefender 20180104
Bkav 20180104
CAT-QuickHeal 20180104
ClamAV 20180104
CMC 20180104
Comodo 20180104
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180104
Cyren 20180104
DrWeb 20180104
eGambit 20180104
Emsisoft 20180104
Endgame 20171130
F-Prot 20180104
F-Secure 20180104
Fortinet 20180104
GData 20180104
Ikarus 20180104
Sophos ML 20170914
Jiangmin 20180104
K7AntiVirus 20180104
K7GW 20180104
Kaspersky 20180104
Kingsoft 20180104
Malwarebytes 20180104
MAX 20180104
McAfee 20180102
McAfee-GW-Edition 20180104
Microsoft 20180104
eScan 20180104
NANO-Antivirus 20180104
nProtect 20180104
Palo Alto Networks (Known Signatures) 20180104
Panda 20180104
Qihoo-360 20180104
SentinelOne (Static ML) 20171224
Sophos AV 20180104
SUPERAntiSpyware 20180104
Symantec 20180104
Tencent 20180104
TheHacker 20180103
TotalDefense 20180104
TrendMicro 20180104
TrendMicro-HouseCall 20180104
Trustlook 20180104
VBA32 20180104
VIPRE 20180104
ViRobot 20180104
Webroot 20180104
WhiteArmor 20171226
Yandex 20171229
Zillya 20180104
ZoneAlarm by Check Point 20180104
Zoner 20180104
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-26 13:39:27
Entry Point 0x000AF8B9
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
GetSystemDefaultLCID
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SetLastError
GetSystemTime
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LockFileEx
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
CreateMutexA
GetModuleHandleA
GlobalAddAtomW
MoveFileExW
SetUnhandledExceptionFilter
GetCurrentProcess
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CloseHandle
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
lstrcmpA
FindFirstFileA
CompareStringA
CreateFileMappingA
FindNextFileA
IsValidLocale
lstrcmpW
GetUserDefaultLCID
GetLongPathNameW
GetPrivateProfileSectionW
RemoveDirectoryA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
FindNextFileW
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
SHFileOperationW
SHGetSpecialFolderPathW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
SystemParametersInfoA
DrawTextExW
GetPropW
LoadBitmapW
GetFocus
DefWindowProcW
CopyRect
GetCapture
GetMenuState
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
SetPropW
GetParent
GetWindowThreadProcessId
ValidateRect
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GrayStringW
GetWindowRect
EnableWindow
SetMenu
SetWindowPos
AdjustWindowRectEx
IsWindowEnabled
GetWindow
PostMessageW
GetSysColor
SendMessageW
RegisterClassW
GetDC
GetKeyState
GetMenuItemCount
ReleaseDC
GetDlgCtrlID
CheckMenuItem
GetMenu
GetClassLongW
GetMenuCheckMarkDimensions
GetLastActivePopup
WinHelpW
GetWindowPlacement
GetMessageTime
SetWindowTextW
GetDlgItem
RemovePropW
DrawTextW
MessageBoxW
IsIconic
ClientToScreen
CallNextHookEx
GetSubMenu
CallWindowProcW
GetClassNameW
UnregisterClassW
GetMenuItemID
GetTopWindow
ModifyMenuW
GetClientRect
GetWindowTextW
EnableMenuItem
GetSysColorBrush
SetWindowsHookExW
LoadCursorW
LoadIconW
GetClassInfoW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
SetForegroundWindow
PtInRect
UnhookWindowsHookEx
DispatchMessageW
DestroyWindow
ClosePrinter
DocumentPropertiesW
OpenPrinterW
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2011:05:26 14:39:27+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
874496

LinkerVersion
9.0

EntryPoint
0xaf8b9

InitializedDataSize
210432

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 72412b526bcc716382e62b7939dcfd8f
SHA1 4c608af800dcbfafaf964581b6823aad45d72f6e
SHA256 b26ca21250d7cf0a86957937d515c131cb5cc6fc6bcdcd778a540e7acc53c2a9
ssdeep
24576:sN6p0kRTaA0Yf60loh06us+Xx+Or1iC7JuO2MfZvBijjiuCVvqC:djwewXMfqjjiuCVh

authentihash b1fc95ef2729cc7187ab71c4295ac35b30ac166a74bb6bec213a3a1ce79c4bf9
imphash 5f4be9da4cef3b4f8b5292f4ec09f500
File size 1.0 MB ( 1085952 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2011-06-05 16:43:37 UTC ( 7 years, 3 months ago )
Last submission 2018-01-04 16:13:48 UTC ( 8 months, 3 weeks ago )
File names srassetshelper.dll
SRAssetsHelper.dll
ebe12d3a-9174-f1ee-9cdd-0fac09045d4d_1d27ef479e9ac15
SRAssetsHelper.dll
SRAssetsHelper.dll
SRAssetsHelper.dll
SRAssetsHelper.dll
SRAssetsHelper.dll_1
SRAssetsHelper (2).dll
SRAssetsHelper.dll
b26ca21250d7cf0a_srassetshelper.dll
SRAssetsHelper.dll
SRASSE~1.DLL
SRAssetsHelper.dll
SRAssetsHelper.dll
D3B4960900B59C20920B10C42414930069E9AE24.dll
scan_file
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!