× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
File name: System.exe
Detection ratio: 0 / 49
Analysis date: 2013-12-19 04:38:29 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20131211
Yandex 20131217
AhnLab-V3 20131218
AntiVir 20131219
Antiy-AVL 20131218
Avast 20131219
AVG 20131218
Baidu-International 20131213
BitDefender 20131211
Bkav 20131218
ByteHero 20130613
CAT-QuickHeal 20131218
ClamAV 20131219
CMC 20131217
Commtouch 20131219
Comodo 20131219
DrWeb 20131219
Emsisoft 20131219
ESET-NOD32 20131219
F-Prot 20131219
F-Secure 20131219
Fortinet 20131218
GData 20131219
Ikarus 20131219
Jiangmin 20131219
K7AntiVirus 20131218
K7GW 20131218
Kaspersky 20131219
Kingsoft 20130829
Malwarebytes 20131219
McAfee 20131219
McAfee-GW-Edition 20131219
Microsoft 20131219
eScan 20131218
NANO-Antivirus 20131219
Norman 20131218
nProtect 20131218
Panda 20131218
Rising 20131218
Sophos AV 20131219
SUPERAntiSpyware 20131219
Symantec 20131219
TheHacker 20131218
TotalDefense 20131218
TrendMicro 20131219
TrendMicro-HouseCall 20131219
VBA32 20131218
VIPRE 20131219
ViRobot 20131219
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:21
Entry Point 0x00002930
Number of sections 4
PE sections
PE imports
GlobalSize
GetLastError
lstrlenA
WideCharToMultiByte
GetModuleHandleA
lstrcatA
GlobalFree
GlobalAlloc
FreeLibrary
lstrcpyA
MultiByteToWideChar
lstrcpynA
VirtualProtect
GetProcAddress
VirtualAlloc
LoadLibraryA
wsprintfA
CLSIDFromString
StringFromGUID2
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:50:21+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
7680

LinkerVersion
6.0

FileTypeExtension
dll

InitializedDataSize
2560

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

EntryPoint
0x2930

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
ssdeep
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

authentihash 6e0c6ca49942fbc9cad5189aeffc8882393d9acb756b08235898bcf474052689
imphash 2017f2acbdaa42ab3e4adeb8b4c37e7b
File size 11.0 KB ( 11264 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2009-12-06 22:40:15 UTC ( 9 years, 5 months ago )
Last submission 2019-05-20 22:22:48 UTC ( 19 minutes ago )
File names System.dll
system.dll
dc58d8ad81cacb0c_system.dll
System.dll
System.dll
System.dll
system.dll
system.dll
System.dll
System.dll
system.dll
system.dll
System.dll
System.dll
system.dll
system.dll
System.dll
system.dll
system.dll
System.dll
system.dll
System.dll
System.dll
System.dll
system.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!