× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc1babf0cfa71ffeb737b3326ed19126558f9fb94ab1a756d32a884a1d8062dd
File name: particle.dll
Detection ratio: 0 / 42
Analysis date: 2012-08-28 03:55:53 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 20120827
AntiVir 20120828
Antiy-AVL 20120828
Avast 20120828
AVG 20120828
BitDefender 20120828
ByteHero 20120827
CAT-QuickHeal 20120828
ClamAV 20120828
Commtouch 20120828
Comodo 20120828
DrWeb 20120828
Emsisoft 20120828
eSafe 20120826
ESET-NOD32 20120827
F-Prot 20120827
F-Secure 20120828
Fortinet 20120828
GData 20120828
Ikarus 20120828
Jiangmin 20120828
K7AntiVirus 20120827
Kaspersky 20120828
McAfee 20120828
McAfee-GW-Edition 20120827
Microsoft 20120828
Norman 20120827
nProtect 20120827
Panda 20120827
PCTools 20120828
Rising 20120828
Sophos AV 20120828
SUPERAntiSpyware 20120828
Symantec 20120828
TheHacker 20120826
TotalDefense 20120827
TrendMicro 20120828
TrendMicro-HouseCall 20120828
VBA32 20120827
VIPRE 20120826
ViRobot 20120828
VirusBuster 20120827
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2007 Autodesk, Inc. All rights reserved.

Publisher Autodesk, Inc.
Product 3ds Max
Original name particle.dll
Internal name particle
File version 12.0.0.106
Description Particle system support
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-12 21:11:28
Entry Point 0x00007543
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
_malloc_crt
__dllonexit
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
_encode_pointer
??_V@YAXPAX@Z
_initterm_e
_adjust_fdiv
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
_decode_pointer
_encoded_null
__CppXcptFilter
_initterm
GetAsyncKeyState
??YBox3@@QAEAAV0@ABVPoint3@@@Z
??D@YA?AVPoint3@@ABV0@ABVMatrix3@@@Z
??ABox3@@QBE?AVPoint3@@H@Z
??0Point3@@QAE@ABV0@@Z
?Length@@YAMABVPoint3@@@Z
??0Box3@@QAE@XZ
??0Point3@@QAE@XZ
?TBCopy@@YAHPAPAUTabHdr@@HHPAXH@Z
??_UMaxHeapOperators@@SAPAXI@Z
?TBDelete@@YAHPAPAUTabHdr@@HHH@Z
?TBMakeSize@@YAHPAPAUTabHdr@@HH@Z
?TBSetCount@@YAXPAPAUTabHdr@@HHH@Z
?TBInsertAt@@YAHPAPAUTabHdr@@HHPAXHH@Z
??_VMaxHeapOperators@@SAXPAX@Z
?zfree@@YAXPAPAX@Z
?setEdgeVisFlags@Face@@QAEXHHH@Z
?setNumVerts@Mesh@@QAEHHHH@Z
?setNumTVerts@Mesh@@QAEHHH@Z
?setNumFaces@Mesh@@QAEHHHH@Z
?setNumTVFaces@Mesh@@QAEHHHH@Z
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
CodeSize
28160

SubsystemVersion
5.0

InitializedDataSize
8192

ImageVersion
0.0

PrivateBuildData
Renoir with PDBs MAX_R106_RL 03-12-2009 16:38

FileVersionNumber
12.0.0.106

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
particle.dll

ProductName
3ds Max

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0.0.106

TimeStamp
2009:03:12 14:11:28-07:00

FileType
Win32 DLL

PEType
PE32

InternalName
particle

ProductVersion
12.0.0.106

FileDescription
Particle system support

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2007 Autodesk, Inc. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Autodesk, Inc.

LegalTrademarks
Discreet, Autodesk, Inc., Kinetix, 3D Studio MAX, Autodesk VIZ, Biped, Character Studio, Heidi, Kinetix, Physique, plasma, 3ds max, DWG Unplugged, FLI, FLIC, and DXF are either registered trademarks or trademarks of Discreet Logic Inc./Autodesk, Inc.

FileSubtype
0

ProductVersionNumber
12.0.0.106

EntryPoint
0x7543

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 eed9cea3dfa13aeaf28eadc2e0055d89
SHA1 d8c1b7dc50c0278b0550de16007084dbca5d38c5
SHA256 cc1babf0cfa71ffeb737b3326ed19126558f9fb94ab1a756d32a884a1d8062dd
ssdeep
768:bn8BONRUf+jMEik7TwWzdrnxhbVT9BppY/EAL7qOtHCAoY2:M0RUIMGTJRDrx3rYTqOthoY2

File size 36.5 KB ( 37376 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission UTC ( ago )
Last submission UTC ( ago )
File names particle.dll
aa
particle
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!