× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1b65ad2dd44098bb3407d85678b85393736bd322278c53ea96965fedb047f2b
File name: TIDY extension
Detection ratio: 0 / 55
Analysis date: 2015-04-29 09:19:59 UTC ( 4 years ago )
Antivirus Result Update
Ad-Aware 20150504
AegisLab 20150504
Yandex 20150504
AhnLab-V3 20150504
Alibaba 20150503
ALYac 20150504
Antiy-AVL 20150504
Avast 20150504
AVG 20150504
AVware 20150504
Baidu-International 20150504
BitDefender 20150504
Bkav 20150504
ByteHero 20150504
CAT-QuickHeal 20150504
ClamAV 20150504
CMC 20150501
Comodo 20150504
Cyren 20150504
DrWeb 20150504
Emsisoft 20150504
ESET-NOD32 20150504
F-Prot 20150504
F-Secure 20150504
Fortinet 20150504
GData 20150504
Ikarus 20150504
Jiangmin 20150504
K7AntiVirus 20150504
K7GW 20150504
Kaspersky 20150504
Kingsoft 20150504
McAfee 20150504
McAfee-GW-Edition 20150504
Microsoft 20150504
eScan 20150504
NANO-Antivirus 20150504
Norman 20150504
nProtect 20150504
Panda 20150504
Qihoo-360 20150504
Rising 20150504
Sophos AV 20150504
SUPERAntiSpyware 20150504
Symantec 20150504
Tencent 20150504
TheHacker 20150504
TotalDefense 20150430
TrendMicro 20150504
TrendMicro-HouseCall 20150504
VBA32 20150504
VIPRE 20150504
ViRobot 20150504
Zillya 20150504
Zoner 20150504
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © 1997-2014 The PHP Group

Publisher The PHP Group
Product PHP
Original name php_tidy.dll
Internal name TIDY extension
File version 5.6.8
Description tidy
Comments Thanks to John Coggeshall, Ilia Alshanetsky
PE header basic information
Target machine x64
Compilation timestamp 2015-04-15 22:22:41
Entry Point 0x000210A4
Number of sections 6
PE sections
PE imports
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
IsProcessorFeaturePresent
GetCurrentThreadId
DecodePointer
_malloc_crt
malloc
sscanf
fgetc
realloc
__crtTerminateProcess
memset
fclose
__dllonexit
_stricmp
fprintf
isdigit
fopen
feof
__clean_type_info_names_internal
_amsg_exit
fputc
__C_specific_handler
_lock
_onexit
isalpha
exit
sprintf
_initterm_e
isspace
strchr
_unlock
free
getenv
atoi
memcpy
__crtUnhandledException
__crtCapturePreviousContext
_vsnprintf
strstr
__iob_func
__crtCaptureCurrentContext
_calloc_crt
__crt_debugger_hook
__CppXcptFilter
_initterm
php_info_print_table_end
_array_init
zend_get_std_object_handlers
zend_hash_get_current_key_ex
zend_register_ini_entries
php_check_open_basedir
zend_object_std_init
add_assoc_long_ex
php_output_handler_alias_register
php_output_handler_create_internal
php_info_print_table_start
_zval_dtor_func
zval_used_for_init
rebuild_object_properties
zend_register_internal_class_ex
_efree
_php_stream_free
object_properties_init
_convert_to_string
_estrndup
_php_stream_open_wrapper_ex
OnUpdateBool
php_info_print_table_header
zend_new_interned_string
_emalloc
compiler_globals
php_output_get_status
zend_register_long_constant
php_output_handler_started
display_ini_entries
zend_object_store_get_object
zend_unregister_ini_entries
add_next_index_zval
_php_stream_copy_to_mem
add_assoc_string_ex
add_assoc_bool_ex
_erealloc
zend_strndup
_zend_hash_add_or_update
php_info_print_table_row
zend_objects_destroy_object
zend_parse_method_parameters
zend_hash_move_forward_ex
OnUpdateString
_object_init_ex
convert_to_long
_zval_copy_ctor_func
zend_object_std_dtor
zend_hash_get_current_data_ex
zend_parse_parameters
zend_objects_store_put
php_error_docref0
php_output_handler_start
_estrdup
zend_hash_internal_pointer_reset_ex
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
PHP

SubsystemVersion
6.0

Comments
Thanks to John Coggeshall, Ilia Alshanetsky

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.6.8.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
tidy

CharacterSet
Unicode

InitializedDataSize
135680

FileOS
Win32

EntryPoint
0x210a4

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2014 The PHP Group

FileVersion
5.6.8

URL
http://www.php.net

TimeStamp
2015:04:15 23:22:41+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
TIDY extension

ProductVersion
5.6.8

UninitializedDataSize
0

OSVersion
6.0

OriginalFilename
php_tidy.dll

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
The PHP Group

CodeSize
146944

ProductName
PHP

ProductVersionNumber
5.6.8.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 d2c7c194600d084dd8dd308a31b744b7
SHA1 684bfc901b2317c17bf69f263704efd603126b2b
SHA256 c1b65ad2dd44098bb3407d85678b85393736bd322278c53ea96965fedb047f2b
ssdeep
3072:GNKVCs1jeIuQxM0aa0H9bHjp0h7ZW/fXhXpyMg71Z7gFjYzb3NVWQ1lNE:G8Zjeqxw1t0hluE1dgF8zb3NVNf

authentihash 0d955ca4d6f8167322070fae5edb7c913ac474079727527a1e0bcb7f4d0cd6a0
imphash e6b3e5bdcdf732d98312ae3528755fa3
File size 274.5 KB ( 281088 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2015-04-16 06:12:20 UTC ( 4 years, 1 month ago )
Last submission 2015-04-16 06:12:20 UTC ( 4 years, 1 month ago )
File names TIDY extension
php_tidy.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!