× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc46f0bfff67fbfa7446363a7e4df086731fb55348a7c6003866733309c1579d
File name: 47C42A207AA401CBB47CB4050F957084
Detection ratio: 6 / 45
Analysis date: 2013-08-05 10:44:03 UTC ( 5 years ago ) View latest
Antivirus Result Update
ByteHero Trojan.Malware.Obscu.Gen.002 20130724
CAT-QuickHeal (Suspicious) - DNAScan 20130805
Kaspersky UDS:DangerousObject.Multi.Generic 20130805
Kingsoft Win32.Hack.Pmax.pd.(kcloud) 20130723
Panda Suspicious file 20130805
Sophos AV Mal/Generic-S 20130805
Yandex 20130804
AhnLab-V3 20130804
AntiVir 20130805
Antiy-AVL 20130802
Avast 20130805
AVG 20130805
BitDefender 20130805
ClamAV 20130805
Commtouch 20130805
Comodo 20130805
DrWeb 20130805
Emsisoft 20130805
ESET-NOD32 20130805
F-Prot 20130805
Fortinet 20130805
GData 20130805
Ikarus 20130805
Jiangmin 20130805
K7AntiVirus 20130802
K7GW 20130802
Malwarebytes 20130805
McAfee 20130805
McAfee-GW-Edition 20130805
Microsoft 20130805
eScan 20130805
NANO-Antivirus 20130805
Norman 20130805
nProtect 20130805
PCTools 20130804
Rising 20130805
SUPERAntiSpyware 20130805
Symantec 20130805
TheHacker 20130805
TotalDefense 20130805
TrendMicro 20130805
TrendMicro-HouseCall 20130805
VBA32 20130805
VIPRE 20130805
ViRobot 20130805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) Microsoft Corporation. All rights reserved.

Product Microsoft (C) Windows (C) Operating System
Original name bidispl.dll
Internal name bidispl.dll
File version 6.1.7600.16385
Description Bidispl DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-04 16:59:34
Entry Point 0x00001F73
Number of sections 7
PE sections
PE imports
SetBitmapBits
RectVisible
GetStockObject
CreateSolidBrush
gluNurbsCallback
gluOrtho2D
gluEndCurve
ImmGetRegisterWordStyleA
ImmGetProperty
ImmEnumInputContext
GetFileAttributesA
WriteProfileStringW
GetDriveTypeA
GetThreadLocale
SetEndOfFile
GetEnvironmentVariableW
glTexCoord3s
glEvalCoord2fv
glMap1d
Ord(59)
Ord(9)
VkKeyScanW
GetClassInfoExA
ChangeClipboardChain
MapVirtualKeyExW
DdeCreateStringHandleW
islower
_mbctoupper
exit
strtoul
isxdigit
CreatePointerMoniker
OleCreateLinkFromData
CoTaskMemAlloc
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
DUTCH NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
Unknown (048C)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
128000

EntryPoint
0x1f73

OriginalFileName
bidispl.dll

MIMEType
application/octet-stream

LegalCopyright
(C) Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385

TimeStamp
2013:08:04 17:59:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bidispl.dll

ProductVersion
6.1.7600.16385

FileDescription
Bidispl DLL

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft (C) Corporation

CodeSize
43520

ProductName
Microsoft (C) Windows (C) Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 47c42a207aa401cbb47cb4050f957084
SHA1 ca81e484911e5b42f533fa701ef81dc7792f08d3
SHA256 dc46f0bfff67fbfa7446363a7e4df086731fb55348a7c6003866733309c1579d
ssdeep
3072:HYhijnKQwMx3z3hHkP8wH3QagTrU7oD97Fq05vvIv6NDvpgpq81cYh+R0Mjms4RB:HYh4vwM93W0wH3Qjr8oD97Fq0hlNvpfZ

authentihash ea21f9adb6c9d3a881ea3e44926f336296ae970f87244725a55c77e5beed6e53
imphash 8df718af511dd94f50a8749153dd4d9e
File size 168.5 KB ( 172544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-05 10:44:03 UTC ( 5 years ago )
Last submission 2013-08-05 10:44:03 UTC ( 5 years ago )
File names bidispl.dll
47C42A207AA401CBB47CB4050F957084
notepad.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections