× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7da870ad431d2bac13b40963ee5e7fec8fbc7ca7bc2b40308374ba5149e3651
File name: c7da870ad431d2ba_libeay32.dll
Detection ratio: 0 / 67
Analysis date: 2018-04-17 15:54:05 UTC ( 3 days, 8 hours ago )
Antivirus Result Update
Ad-Aware 20180417
AegisLab 20180417
AhnLab-V3 20180417
Alibaba 20180417
ALYac 20180417
Antiy-AVL 20180417
Arcabit 20180417
Avast 20180417
Avast-Mobile 20180417
AVG 20180417
Avira (no cloud) 20180417
AVware 20180417
Baidu 20180417
BitDefender 20180417
Bkav 20180410
CAT-QuickHeal 20180417
ClamAV 20180417
CMC 20180417
Comodo 20180417
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180417
Cyren 20180417
DrWeb 20180417
eGambit 20180417
Emsisoft 20180417
Endgame 20180403
ESET-NOD32 20180417
F-Prot 20180417
F-Secure 20180417
Fortinet 20180417
GData 20180417
Ikarus 20180417
Sophos ML 20180121
Jiangmin 20180417
K7AntiVirus 20180417
K7GW 20180417
Kaspersky 20180417
Kingsoft 20180417
Malwarebytes 20180417
MAX 20180417
McAfee 20180417
McAfee-GW-Edition 20180417
Microsoft 20180417
eScan 20180417
NANO-Antivirus 20180417
nProtect 20180417
Palo Alto Networks (Known Signatures) 20180417
Panda 20180417
Qihoo-360 20180417
Rising 20180417
SentinelOne (Static ML) 20180225
Sophos AV 20180417
SUPERAntiSpyware 20180417
Symantec 20180417
Symantec Mobile Insight 20180412
Tencent 20180417
TheHacker 20180415
TotalDefense 20180417
TrendMicro 20180417
TrendMicro-HouseCall 20180417
Trustlook 20180417
VBA32 20180414
VIPRE 20180417
ViRobot 20180417
Webroot 20180417
WhiteArmor 20180408
Yandex 20180417
Zillya 20180417
ZoneAlarm by Check Point 20180417
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

Product The OpenSSL Toolkit
Original name libeay32.dll
Internal name libeay32
File version 1.0.0k
Description OpenSSL shared library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-08 20:37:29
Entry Point 0x00001058
Number of sections 11
PE sections
PE imports
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetDeviceCaps
CreateDCA
DeleteDC
GetBitmapBits
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetObjectA
GetLastError
GetStdHandle
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
ExitProcess
VirtualProtect
GetVersionExA
LoadLibraryA
DeleteCriticalSection
GetCurrentProcessId
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
FindFirstFileA
CloseHandle
FindNextFileA
GetCurrentThreadId
GlobalMemoryStatus
InitializeCriticalSection
VirtualQuery
FindClose
TlsGetValue
GetFileType
GetTickCount
GetVersion
SetLastError
LeaveCriticalSection
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
WSAGetLastError
getsockopt
closesocket
ntohl
send
ntohs
listen
WSACleanup
gethostbyname
WSASetLastError
recv
setsockopt
socket
bind
recvfrom
sendto
getservbyname
strncmp
malloc
sscanf
realloc
fread
fclose
strcat
__dllonexit
_stricmp
fgets
abort
_setmode
strtoul
printf
_chmod
fflush
fopen
strlen
strncpy
tolower
strchr
fputc
_fdopen
_errno
fwrite
fseek
qsort
_open
fputs
ftell
_snprintf
sprintf
memcmp
exit
localtime
strtol
time
_isctype
strrchr
_pctype
gmtime
free
getenv
wcsstr
atoi
vfprintf
_wfopen
calloc
_write
_getch
raise
_stat
_vsnprintf
perror
memmove
setvbuf
_read
strerror
strcmp
strcpy
memchr
__mb_cur_max
_strnicmp
fprintf
_exit
signal
_ftime
_iob
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.22

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.11

UninitializedDataSize
11776

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1703424

EntryPoint
0x1058

OriginalFileName
libeay32.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2006 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

FileVersion
1.0.0k

TimeStamp
2013:02:08 21:37:29+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
libeay32

ProductVersion
1.0.0k

FileDescription
OpenSSL shared library

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
The OpenSSL Project, http://www.openssl.org/

CodeSize
1098240

ProductName
The OpenSSL Toolkit

ProductVersionNumber
1.0.0.11

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 a9f8f35cc2caf8dba7167b91420a680b
SHA1 6fd1de054c228e7d1a515b08377a4b4993e79c4b
SHA256 c7da870ad431d2bac13b40963ee5e7fec8fbc7ca7bc2b40308374ba5149e3651
ssdeep
49152:kwqSuGMVeZlrWohOGxzF9g4ojLis+x/FJuV2JI:rqSuGMVeZlrWohOGR9oPiRvJ

authentihash d3725fb924aa0cf277c9f57d601edb065b7803e994a0130c43d5ec579238f526
imphash 32323da9e3f4928cdcb316e2581c8f7b
File size 1.6 MB ( 1704448 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2013-02-11 16:04:51 UTC ( 5 years, 2 months ago )
Last submission 2018-04-17 15:54:05 UTC ( 3 days, 8 hours ago )
File names LIBEAY32.DLL
sbs_ve_ambr_20150118143307.435_ 53
is-ugu3m.tmp
sbs_ve_ambr_20150316173856.477_ 304
fil41A8FD062FC175887A14385F379E07A3
sbs_ve_ambr_20150222001929.226_ 156
libeay32.dll123_
_98EB990669CD4718BE71FD2C45FBBDD9
vti-rescan
imm-flt-63053
10936539
libf66b.tmp
sbs_ve_ambr_20150114183810.295_ 154
imm-flt-63113
149964674_LIBEAY32.DLL
sbs_ve_ambr_20150307180404.067_ 306
libeay32.dll
libeay32.dll
sbs_ve_ambr_20150301072614.196_ 989
sbs_ve_ambr_20150117154257.404_ 186
sbs_ve_ambr_20150114183817.126_ 301
108
47
45
sbs_ve_ambr_20150121153708.719_ 1053102
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!