× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce85a008c5755e45c4ff316f26a0c3e36ac27e60f3df0e1dc9cfecc695ace26a
File name: NLog.dll
Detection ratio: 0 / 67
Analysis date: 2018-11-02 03:53:14 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20181102
AegisLab 20181102
AhnLab-V3 20181101
Alibaba 20180921
ALYac 20181102
Antiy-AVL 20181102
Arcabit 20181102
Avast 20181102
Avast-Mobile 20181101
AVG 20181102
Avira (no cloud) 20181102
Babable 20180918
Baidu 20181101
BitDefender 20181102
Bkav 20181101
CAT-QuickHeal 20181031
ClamAV 20181101
CMC 20181101
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181102
Cyren 20181102
DrWeb 20181102
eGambit 20181102
Emsisoft 20181102
Endgame 20180730
ESET-NOD32 20181102
F-Prot 20181102
F-Secure 20181102
Fortinet 20181102
GData 20181102
Ikarus 20181101
Sophos ML 20180717
Jiangmin 20181102
K7AntiVirus 20181101
K7GW 20181102
Kaspersky 20181102
Kingsoft 20181102
Malwarebytes 20181102
MAX 20181102
McAfee 20181102
McAfee-GW-Edition 20181102
Microsoft 20181102
eScan 20181102
NANO-Antivirus 20181102
Palo Alto Networks (Known Signatures) 20181102
Panda 20181101
Qihoo-360 20181102
Rising 20181102
SentinelOne (Static ML) 20181011
Sophos AV 20181101
SUPERAntiSpyware 20181031
Symantec 20181101
Symantec Mobile Insight 20181030
TACHYON 20181102
Tencent 20181102
TheHacker 20181031
TotalDefense 20181101
TrendMicro 20181102
TrendMicro-HouseCall 20181102
Trustlook 20181102
VBA32 20181101
VIPRE 20181031
ViRobot 20181101
Webroot 20181102
Yandex 20181101
Zillya 20181101
ZoneAlarm by Check Point 20181102
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2004-2016 Jaroslaw Kowalski, Kim Christensen, Julian Verdurmen

Product NLog v4.3.11
Original name NLog.dll
Internal name NLog.dll
File version 4.3.3566
Description NLog for .NET Framework 4.5
Comments NLog
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-07 21:11:37
Entry Point 0x00087E0E
Number of sections 3
.NET details
Module Version ID 8b26cd5c-bb3a-4460-b584-8a33095e8b30
PE sections
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
NLog

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.3566.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
NLog for .NET Framework 4.5

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
1536

EntryPoint
0x87e0e

OriginalFileName
NLog.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2004-2016 Jaroslaw Kowalski, Kim Christensen, Julian Verdurmen

FileVersion
4.3.3566

TimeStamp
2016:11:07 22:11:37+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
NLog.dll

ProductVersion
4.3.11

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
NLog

CodeSize
548864

ProductName
NLog v4.3.11

ProductVersionNumber
4.3.11.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
4.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 7c63e70d3fe233a1c5308b1b29d51d54
SHA1 db4c20c2bfb3deb189db6e544a91b4282ca25df1
SHA256 ce85a008c5755e45c4ff316f26a0c3e36ac27e60f3df0e1dc9cfecc695ace26a
ssdeep
6144:CoLVeKyWGgVwCivPpUsQD/ojgAdOZnQvTnUew7CPsputU4JWDpszKnsAwH22S:oKyWGzRPpUsQDw9euYvj

authentihash 45e005975e97b6c3d0fab792148440d22f7ba0205324ab852df1f3488ba2b8db
imphash dae02f32a21e03ce65412f6e56942daa
File size 538.0 KB ( 550912 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (84.0%)
Win64 Executable (generic) (9.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
OS/2 Executable (generic) (0.7%)
Tags
assembly pedll

VirusTotal metadata
First submission 2016-11-08 11:09:14 UTC ( 2 years, 3 months ago )
Last submission 2017-03-10 00:17:04 UTC ( 1 year, 11 months ago )
File names nlog.dll.3940_1.18591.partial
NLog.dll
nlog.dll.6572_1.67755.partial
NLog.dll
nlog-{6a81f1e0-1cce-4f37-8418-58f32501185d}-v7740536.dll
nlog.dll.21724_1.17350.partial
nlog.dll.1288_11.309735.partial
nlog-{6a81f1e0-1cce-4f37-8418-58f32501185d}-v7740554.dll
nlog.dll.8732_1.18629.partial
nlog.dll.a913a96e_5528_44e8_aa59_ea7efd86a545
nlog.dll.8344_1.5560.partial
nlog.dll.1556_1.2585.partial
nlog.dll.1004_1.64.partial
nlog.dll.6624_7.30230.partial
nlog-{6a81f1e0-1cce-4f37-8418-58f32501185d}-v7740505.dll
prf27c3.tmp
NLog.dll
NLog.dll
nlog.dll.11348_1.6654.partial
NLog.dll
nlog.dll.14200_1.16744.partial
nlog.dll.8772_1.2283.partial
nlog.dll.1572_118.357311.partial
nlog.dll.15708_1.367.partial
nlog.dll.9644_1.6348.partial
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!