× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c97e1ab93e2d18a76b4bb1c8c43605d7de94d3baaeae0c9e28fd750e943d0335
File name: pywintypes27.dll
Detection ratio: 0 / 67
Analysis date: 2018-11-14 03:05:35 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast 20181114
Avast-Mobile 20181113
AVG 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181112
BitDefender 20181114
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181114
CMC 20181113
CrowdStrike Falcon (ML) 20181022
Cybereason 20180308
Cylance 20181114
Cyren 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
Endgame 20181108
ESET-NOD32 20181113
F-Prot 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181113
McAfee-GW-Edition 20181113
Microsoft 20181114
eScan 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181114
Panda 20181113
Qihoo-360 20181114
Rising 20181114
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181114
Symantec 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181113
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181113
VIPRE 20181114
ViRobot 20181113
Webroot 20181114
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product PyWin32
Original name pywintypes27.dll
Internal name pywintypes27.dll
File version 2.7.218.0
Comments http://pywin32.sourceforge.net
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-27 03:20:06
Entry Point 0x0000BDD6
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorOwner
RegCloseKey
GetExplicitEntriesFromAclW
CopySid
GetSecurityDescriptorControl
GetAce
GetLengthSid
InitializeAcl
GetAclInformation
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
InitializeSid
GetSecurityDescriptorGroup
MakeAbsoluteSD
IsValidSid
GetSecurityDescriptorOwner
SetSecurityDescriptorSacl
GetAuditedPermissionsFromAclW
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthority
AddAuditAccessAce
DeleteAce
IsValidAcl
SetEntriesInAclW
SetSecurityDescriptorGroup
MakeSelfRelativeSD
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
IsTextUnicode
GetEffectiveRightsFromAclW
AddAce
IsValidSecurityDescriptor
GetLastError
EnterCriticalSection
FileTimeToSystemTime
lstrlenA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SystemTimeToFileTime
TlsAlloc
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
DosDateTimeToFileTime
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetTimeFormatA
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
TlsGetValue
Sleep
FormatMessageA
TlsSetValue
CloseHandle
GetCurrentThreadId
LocalAlloc
SetLastError
LeaveCriticalSection
_malloc_crt
malloc
realloc
memset
__dllonexit
_snwprintf
fprintf
strncpy
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
_encode_pointer
__clean_type_info_names_internal
_strdup
_decode_pointer
_crt_debugger_hook
_adjust_fdiv
_unlock
wcsncpy
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
memcpy
_mktime64
_initterm_e
__iob_func
_encoded_null
_localtime64
__CppXcptFilter
_initterm
strftime
SysFreeString
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
wsprintfA
wsprintfW
CLSIDFromString
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
PyDict_SetItem
PyExc_MemoryError
PyArg_ParseTuple
PyList_New
PyExc_WindowsError
PyExc_AttributeError
PyObject_GenericSetAttr
PyTuple_GetItem
PySequence_Tuple
PyInt_AsLong
PyImport_ImportModule
PyExc_NotImplementedError
PyErr_Occurred
PyDict_GetItemString
PyMapping_Check
PyErr_Restore
PyUnicode_DecodeMBCS
PyErr_WarnEx
PyList_Append
PyUnicodeUCS2_AsWideChar
PyObject_GenericGetAttr
PyEval_InitThreads
PySequence_GetItem
PyFloat_FromDouble
PyErr_Fetch
PyExc_SystemError
PyErr_NoMemory
PyErr_SetString
PyLong_AsLongLong
PyEval_RestoreThread
PyErr_SetObject
PyErr_BadArgument
PyType_Type
_Py_ZeroStruct
_Py_NoneStruct
PySequence_Check
PyObject_HasAttrString
PyEval_SaveThread
PyBool_FromLong
PyObject_CallObject
_Py_NotImplementedStruct
PyString_AsStringAndSize
PyEval_CallObjectWithKeywords
PyInt_AsUnsignedLongMask
PyTuple_New
PyExc_ValueError
PyRun_StringFlags
Py_FatalError
PyUnicodeUCS2_FromWideChar
PyEval_AcquireThread
PyThreadState_New
PyCallable_Check
PyExc_PendingDeprecationWarning
PyModule_GetDict
PyUnicodeUCS2_AsUnicode
PyString_Size
PyObject_Print
PyUnicode_Type
PyObject_AsReadBuffer
PyType_Ready
PyMem_Free
PyLong_AsUnsignedLong
PyDict_SetItemString
PyString_AsString
_Py_TrueStruct
PyObject_CheckReadBuffer
PyTuple_SetItem
Py_MakePendingCalls
Py_InitModule4
PyThreadState_Delete
PyModule_AddIntConstant
PyErr_Clear
PyString_FromString
PyThreadState_Clear
PyLong_AsUnsignedLongLong
PyExc_Exception
PyExc_TypeError
PyLong_FromUnsignedLong
_Py_HashPointer
PyMem_Malloc
PyErr_Format
PyString_FromStringAndSize
Py_BuildValue
PyObject_GetAttrString
PyObject_AsWriteBuffer
PyArg_ParseTupleAndKeywords
PyLong_FromUnsignedLongLong
PyDict_New
PyNumber_Check
PyInt_FromLong
PyThreadState_Swap
PyLong_FromLongLong
PyEval_ReleaseThread
PyUnicode_EncodeMBCS
PySequence_Size
PyObject_CallMethod
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
http://pywin32.sourceforge.net

InitializedDataSize
61440

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.7.218.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

EntryPoint
0xbdd6

OriginalFileName
pywintypes27.dll

MIMEType
application/octet-stream

FileVersion
2.7.218.0

TimeStamp
2012:10:27 04:20:06+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
pywintypes27.dll

ProductVersion
2.7.218.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
47616

ProductName
PyWin32

ProductVersionNumber
2.7.218.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 f0469abb4f2914c78ce875a430425958
SHA1 97ae25198aa240ff4464c29622a4b045efba7581
SHA256 c97e1ab93e2d18a76b4bb1c8c43605d7de94d3baaeae0c9e28fd750e943d0335
ssdeep
3072:VJ3S1M+tYU06cwxxKEYLRjM/HRxo3Y7bi0tr70fsNOK9dZp+PJP:VxSRtYU0bwxxKEYLRjyCY7bi0B70ENOO

authentihash 2f2bb000f0a36fc422c48b9b2b63d657692765173d86ef8d5814efbb2b8d6853
imphash 65d2f170b5141415ae2f3c82705ce2ed
File size 107.5 KB ( 110080 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Python Dynamic module (56.2%)
Win32 Executable MS Visual C++ (generic) (17.9%)
Win64 Executable (generic) (15.9%)
Win32 Dynamic Link Library (generic) (3.7%)
Win32 Executable (generic) (2.5%)
Tags
pedll

VirusTotal metadata
First submission 2012-11-07 08:00:25 UTC ( 6 years, 1 month ago )
Last submission 2018-07-25 01:05:08 UTC ( 4 months, 3 weeks ago )
File names pywintypes27.dll
pywintypes27.dll
pywintypes27.dll.8E774A6E_B9EA_4FB1_B865_BDA02EBB8203
imm-flt-1199875
svn-eeef355a
imm-flt-1200348
pywintypes27.dl_
PyWinTypes27.dll
svn-76bba3d9
PyWinTypes27.dll
PyWinTypes27.dll
f0469abb4f2914c78ce875a430425958.dll
imm-flt-1201044
PyWinTypes27_97AE25198AA240FF4464C29622A4B045EFBA7581.dll
is-kpst4.tmp
is-ciocl.tmp
PyWinTypes27.dll
pywintypes27.dll
PYWINTYPES27.DLL
pywintypes27.dll
PyWinTypes27.dll
C97E1AB93E2D18A76B4BB1C8C43605D7DE94D3BAAEAE0C9E28FD750E943D0335.DAT
pywintypes27.dll
f0469abb4f2914c78ce875a430425958
PyWinTypes27.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!