× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd13bab79752c0deedfbc8a0c05f3e13afa5fec4503162dcaece124ec8968e10
File name: libiconv-2.dll
Detection ratio: 0 / 64
Analysis date: 2019-02-25 09:45:15 UTC ( 2 months, 4 weeks ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190224
AegisLab 20190224
AhnLab-V3 20190224
Alibaba 20180921
Antiy-AVL 20190225
Arcabit 20190224
Avast 20190224
Avast-Mobile 20190225
AVG 20190224
Avira (no cloud) 20190224
Babable 20180917
Baidu 20190214
BitDefender 20190224
CAT-QuickHeal 20190224
ClamAV 20190224
CMC 20190224
Comodo 20190224
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190225
Cyren 20190224
DrWeb 20190224
eGambit 20190225
Emsisoft 20190224
Endgame 20190215
ESET-NOD32 20190225
F-Secure 20190224
Fortinet 20190224
GData 20190224
Ikarus 20190225
Sophos ML 20181128
Jiangmin 20190224
K7AntiVirus 20190224
K7GW 20190224
Kaspersky 20190225
Kingsoft 20190225
Malwarebytes 20190224
MAX 20190225
McAfee 20190225
McAfee-GW-Edition 20190224
Microsoft 20190224
eScan 20190225
NANO-Antivirus 20190225
Palo Alto Networks (Known Signatures) 20190225
Panda 20190224
Qihoo-360 20190225
Rising 20190225
SentinelOne (Static ML) 20190203
Sophos AV 20190225
SUPERAntiSpyware 20190220
Symantec 20190224
Symantec Mobile Insight 20190220
TACHYON 20190224
Tencent 20190225
TheHacker 20190224
TotalDefense 20190224
Trapmine 20190123
Trustlook 20190225
VBA32 20190225
VIPRE 20190224
ViRobot 20190225
Webroot 20190225
Yandex 20190222
ZoneAlarm by Check Point 20190224
Zoner 20190224
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999-2009

Product libiconv: character set conversion library
Original name iconv.dll
Internal name iconv.dll
File version 1.14
Description LGPLed libiconv for Windows NT/2000/XP/Vista/7 and Windows 95/98/ME
Comments This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:12:30
Entry Point 0x00001410
Number of sections 11
PE sections
Overlays
MD5 7ccc5df01831c12623bea027b40073ec
File type data
Offset 1053184
Size 2745
Entropy 4.33
PE imports
GetLastError
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
IsDBCSLeadByteEx
WideCharToMultiByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetACP
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
__udivdi3
__umoddi3
__deregister_frame_info
__register_frame_info
strncmp
malloc
setlocale
__dllonexit
abort
strlen
_amsg_exit
fputc
_errno
fwrite
_lock
qsort
_onexit
wcslen
_strdup
memcmp
strchr
_unlock
free
getenv
atoi
vfprintf
calloc
memcpy
localeconv
strerror
__mb_cur_max
_initterm
strcmp
_iob
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
4096

LinkerVersion
2.25

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.14.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LGPLed libiconv for Windows NT/2000/XP/Vista/7 and Windows 95/98/ME

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug, DLL

CharacterSet
ASCII

InitializedDataSize
1052160

EntryPoint
0x1410

OriginalFileName
iconv.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1999-2009

FileVersion
1.14

TimeStamp
1970:01:01 10:12:30-08:00

FileType
Win32 DLL

PEType
PE32

InternalName
iconv.dll

ProductVersion
1.14

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Free Software Foundation

CodeSize
117248

ProductName
libiconv: character set conversion library

ProductVersionNumber
1.14.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 38e4eff9c925dec18f1cf728f5b3e0de
SHA1 d3cb88395213303ca177c69de26fea1abcc520fd
SHA256 bd13bab79752c0deedfbc8a0c05f3e13afa5fec4503162dcaece124ec8968e10
ssdeep
24576:yZ3BAUZLYRwPKDOlbbT0pGavkg3NyeuQ6l9fHOf3l:wBAUZLYWiDOSpGaXBuQQ9uV

authentihash 78acd6a5b7593e33c70d56ec187511c8858afc4a032da9f1af7d24d6bf36f127
imphash 34d0c4c6f75173d630b0cc7a43d49439
File size 1.0 MB ( 1055929 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll overlay

VirusTotal metadata
First submission 2015-08-04 13:01:00 UTC ( 3 years, 9 months ago )
Last submission 2019-02-25 09:45:15 UTC ( 2 months, 4 weeks ago )
File names is-p91t8.tmp
is-b57iq.tmp
is-o8fec.tmp
libiconv-2.dll
libiconv-2.dll
is-tlqmt.tmp
is-4ibc0.tmp
is-dmrf8.tmp
file_bin_16
is-49bsh.tmp
is-dslv6.tmp
file_bin_12
is-pg2cv.tmp
is-dhh1h.tmp
is-ktkpr.tmp
libiconv-2.dll
is-r66dl.tmp
is-gsmqj.tmp
is-2hogc.tmp
is-9klf1.tmp
is-pi97a.tmp
libiconv_2.dll
is-jbpnu.tmp
is-0or8g.tmp
bit2ccc.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!