× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c603a1b3184f897e5d79c21bab44b2cb816d679af2558191ab7092ff684290d5
File name: libgmp-10.dll
Detection ratio: 0 / 66
Analysis date: 2017-11-08 13:26:06 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware 20171108
AegisLab 20171108
AhnLab-V3 20171108
Alibaba 20170911
ALYac 20171108
Antiy-AVL 20171103
Arcabit 20171108
Avast 20171108
Avast-Mobile 20171108
AVG 20171108
Avira (no cloud) 20171108
AVware 20171108
Baidu 20171108
BitDefender 20171108
Bkav 20171108
CAT-QuickHeal 20171107
ClamAV 20171108
CMC 20171104
Comodo 20171108
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171108
Cyren 20171108
DrWeb 20171108
Emsisoft 20171108
Endgame 20171024
ESET-NOD32 20171108
F-Prot 20171108
F-Secure 20171108
Fortinet 20171108
GData 20171108
Ikarus 20171108
Sophos ML 20170914
Jiangmin 20171108
K7AntiVirus 20171108
K7GW 20171108
Kaspersky 20171108
Kingsoft 20171108
Malwarebytes 20171108
MAX 20171108
McAfee 20171108
McAfee-GW-Edition 20171108
Microsoft 20171108
eScan 20171108
NANO-Antivirus 20171108
nProtect 20171108
Palo Alto Networks (Known Signatures) 20171108
Panda 20171108
Qihoo-360 20171108
Rising 20171108
SentinelOne (Static ML) 20171019
Sophos AV 20171108
SUPERAntiSpyware 20171108
Symantec 20171108
Symantec Mobile Insight 20171107
Tencent 20171108
TheHacker 20171102
TotalDefense 20171108
TrendMicro 20171108
TrendMicro-HouseCall 20171108
Trustlook 20171108
VBA32 20171108
VIPRE 20171108
ViRobot 20171108
Webroot 20171108
WhiteArmor 20171104
Yandex 20171107
Zillya 20171107
ZoneAlarm by Check Point 20171108
Zoner 20171108
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 1970-01-01 00:00:16
Entry Point 0x000013D0
Number of sections 11
PE sections
PE imports
GetLastError
EnterCriticalSection
QueryPerformanceCounter
GetTickCount
VirtualProtect
RtlAddFunctionTable
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
malloc
getc
sscanf
fgetc
realloc
fread
__dllonexit
abort
fprintf
printf
isxdigit
strlen
_amsg_exit
fputc
raise
puts
strtol
fwrite
_lock
_onexit
putc
memmove
isspace
strchr
memset
_unlock
ferror
free
ungetc
vfprintf
calloc
strstr
memcpy
_vsnprintf
putchar
fscanf
localeconv
__iob_func
islower
_initterm
vsprintf
signal
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
1970:01:01 01:00:16+01:00

FileType
Win64 DLL

PEType
PE32+

CodeSize
431104

LinkerVersion
2.25

FileTypeExtension
dll

InitializedDataSize
552960

SubsystemVersion
5.2

EntryPoint
0x13d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
2560

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 0389f13d41c2e339aa95464a5cbc8283
SHA1 73bc9e6cb340bf5d1b1022a7063bcad3fc79363a
SHA256 c603a1b3184f897e5d79c21bab44b2cb816d679af2558191ab7092ff684290d5
ssdeep
12288:OW0ESTysawtmwqbFIqkU5ZH6rGbif7dY0aO2wnDh:MjaHThd6rffhY0aO2wnDh

authentihash d574c077f839f522e98fbdf11ea02ace520cadf6377f01ce45ba197e9128d0c6
imphash 81f4670925e9de79542c84aaca0dd63e
File size 541.0 KB ( 553984 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2017-03-02 20:29:23 UTC ( 1 year, 11 months ago )
Last submission 2017-03-02 20:29:23 UTC ( 1 year, 11 months ago )
File names libgmp-10.dll
libgmp-10.dll
libgmp-10.dll
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!