× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce5d345fc0200b6b119e802fb1b116b9363085e1795ab6b0d3be4db3d08ddc1d
File name: MSBuild.ExtensionPack.BizTalk.dll
Detection ratio: 0 / 57
Analysis date: 2016-11-21 10:15:39 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20161121
AegisLab 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161121
Antiy-AVL 20161121
Arcabit 20161121
Avast 20161121
AVG 20161121
Avira (no cloud) 20161121
AVware 20161121
Baidu 20161121
BitDefender 20161121
Bkav 20161121
CAT-QuickHeal 20161121
ClamAV 20161121
CMC 20161121
Comodo 20161121
CrowdStrike Falcon (ML) 20161024
Cyren 20161121
DrWeb 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
Fortinet 20161121
GData 20161121
Ikarus 20161121
Sophos ML 20161018
Jiangmin 20161121
K7AntiVirus 20161121
K7GW 20161121
Kaspersky 20161121
Kingsoft 20161121
Malwarebytes 20161121
McAfee 20161121
McAfee-GW-Edition 20161121
Microsoft 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161120
Qihoo-360 20161121
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
Symantec 20161121
Tencent 20161121
TheHacker 20161117
TotalDefense 20161121
TrendMicro 20161121
TrendMicro-HouseCall 20161121
Trustlook 20161121
VBA32 20161121
VIPRE 20161121
ViRobot 20161121
Yandex 20161121
Zillya 20161118
Zoner 20161121
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 - 2016 http://www.MSBuildExtensionPack.com

Product MSBuild Extension Pack 4.0
Original name MSBuild.ExtensionPack.BizTalk.dll
Internal name MSBuild.ExtensionPack.BizTalk.dll
File version 4.0.13.0
Description MSBuild.ExtensionPack.BizTalk
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-20 20:48:00
Entry Point 0x00010B7E
Number of sections 3
.NET details
Module Version ID 7e0707ba-9eea-45a3-9f9a-0073b8aa1ce7
TypeLib ID e707dcde-d1cd-11d2-bab9-00c04f8eceae
PE sections
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Mike Fourie

SubsystemVersion
4.0

InitializedDataSize
2048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.13.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
MSBuild.ExtensionPack.BizTalk

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0x10b7e

OriginalFileName
MSBuild.ExtensionPack.BizTalk.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008 - 2016 http://www.MSBuildExtensionPack.com

FileVersion
4.0.13.0

TimeStamp
2016:06:20 21:48:00+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSBuild.ExtensionPack.BizTalk.dll

ProductVersion
4.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
http://www.MSBuildExtensionPack.com

CodeSize
60416

ProductName
MSBuild Extension Pack 4.0

ProductVersionNumber
4.0.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
4.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 4c538a1b40d6b7c168c5035314d14808
SHA1 80b1902bc5cd62c093accbc40631466e2b48f6f3
SHA256 ce5d345fc0200b6b119e802fb1b116b9363085e1795ab6b0d3be4db3d08ddc1d
ssdeep
768:+/j1gLk6mHcJqhgi/JYr5BkcblFWm7m3//WTsx2iKy6qKPw1u+GHlKopySIySyIU:kCUcY2iKyaPw1uNMkyStSz0hfahKIy

authentihash d9df5499a28b3bc6697c615cbc4a94f6e4498d3a7320862e9841a9d4fc1a3a5f
imphash dae02f32a21e03ce65412f6e56942daa
File size 61.5 KB ( 62976 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (89.4%)
Windows screen saver (4.9%)
Win32 Dynamic Link Library (generic) (2.4%)
Win32 Executable (generic) (1.6%)
Generic Win/DOS Executable (0.7%)
Tags
assembly pedll

VirusTotal metadata
First submission 2016-07-04 11:17:11 UTC ( 2 years, 9 months ago )
Last submission 2016-07-04 11:17:11 UTC ( 2 years, 9 months ago )
File names MSBuild.ExtensionPack.BizTalk.dll
msbuild.extensionpack.biztalk.dll
msbuild.extensionpack.biztalk.dll
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!