× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de09ede2330ad7f0bc692d30e5da8c97a6dc9a023af37075c2cf32cecfc4c7f1
File name: gsdll32.dll
Detection ratio: 0 / 54
Analysis date: 2015-11-12 11:23:41 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AegisLab 20151111
Yandex 20151111
AhnLab-V3 20151112
Alibaba 20151112
ALYac 20151112
Antiy-AVL 20151112
Arcabit 20151112
Avast 20151112
AVG 20151112
Avira (no cloud) 20151112
AVware 20151112
Baidu-International 20151111
BitDefender 20151112
Bkav 20151110
ByteHero 20151112
CAT-QuickHeal 20151110
ClamAV 20151112
CMC 20151109
Comodo 20151112
Cyren 20151112
DrWeb 20151112
Emsisoft 20151112
ESET-NOD32 20151112
F-Prot 20151112
F-Secure 20151112
Fortinet 20151112
GData 20151112
Ikarus 20151112
Jiangmin 20151111
K7AntiVirus 20151112
K7GW 20151112
Kaspersky 20151112
Malwarebytes 20151112
McAfee 20151112
McAfee-GW-Edition 20151112
Microsoft 20151112
eScan 20151112
NANO-Antivirus 20151112
nProtect 20151112
Panda 20151111
Qihoo-360 20151112
Rising 20151111
Sophos AV 20151112
SUPERAntiSpyware 20151112
Symantec 20151111
Tencent 20151112
TheHacker 20151110
TrendMicro 20151112
TrendMicro-HouseCall 20151112
VBA32 20151111
VIPRE 20151112
ViRobot 20151112
Zillya 20151111
Zoner 20151112
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-02-04 20:28:27
Entry Point 0x002162B0
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateICA
SetMapMode
PatBlt
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetBitmapBits
GetDeviceCaps
CreateDCA
DeleteDC
SetBkMode
EndDoc
StartPage
DeleteObject
SetDIBitsToDevice
GetTextFaceA
RealizePalette
SetTextColor
SetAbortProc
CreateBitmap
CreatePalette
SelectPalette
GetTextExtentPointA
CreateCompatibleDC
StretchDIBits
EndPage
SelectObject
StartDocA
ResetDCA
GetMapMode
AbortDoc
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
MoveFileA
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
SetFilePointer
CreateSemaphoreA
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
DeleteFileA
GetCPInfo
GlobalLock
GetProcessHeap
CompareStringW
GetFileInformationByHandle
FindFirstFileA
GetProfileStringA
CompareStringA
GetTempFileNameA
FindNextFileA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ReleaseDC
SetWindowTextA
SendDlgItemMessageA
DispatchMessageA
EndDialog
PostMessageA
MessageBoxA
PeekMessageA
GetDlgItem
IsDialogMessageA
CreateDialogParamA
TranslateMessage
DialogBoxParamA
ShowWindow
MessageBeep
GetDC
DestroyWindow
EnumPrintersA
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
DocumentPropertiesA
DeviceCapabilitiesA
WritePrinter
EndDocPrinter
ClosePrinter
AbortPrinter
PrintDlgA
PE exports
Number of PE resources by type
RT_ICON 18
RT_DIALOG 2
RT_GROUP_ICON 2
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:02:04 21:28:27+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2269184

LinkerVersion
8.0

FileTypeExtension
dll

InitializedDataSize
8814592

SubsystemVersion
4.0

EntryPoint
0x2162b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7f9005d8813a1def9878744f0cd5469c
SHA1 093d0607ee28e0eba2691aaafe2a73af71bddddb
SHA256 de09ede2330ad7f0bc692d30e5da8c97a6dc9a023af37075c2cf32cecfc4c7f1
ssdeep
196608:sNVTwKdWFUxSUfVeglAxLRABPwX9K9WSjGtEje:mVTw5UxRfVqxLqlwX9KAcSE

authentihash 6b369e0a3b31196ee732b4d2bbd18b85236275956183b3d77028405fc17d1483
imphash fbf212d60ca2bf4e1633cae4d523eae6
File size 10.5 MB ( 11042816 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
pedll

VirusTotal metadata
First submission 2010-03-24 18:06:53 UTC ( 8 years, 5 months ago )
Last submission 2018-07-04 10:49:27 UTC ( 1 month, 2 weeks ago )
File names smona_de09ede2330ad7f0bc692d30e5da8c97a6dc9a023af37075c2cf32cecfc4c7f1.bin
vs860b10.90q
de09ede2330ad7f0bc692d30e5da8c97a6dc9a023af37075c2cf32cecfc4c7f1-ev20001f.2.temp
gsdll32.dll
gsdll32.dll
vsmq07c7.3ih
vsmn1v6f.15h
file111
~vv1.tmp
vsmn1v6f.3hn
gsdll32.dll
gsdll32.dll.12060_1.11323.partial
gsdll32.dll
gsdll32.dll
_A2CE9CE0AB254C1286A003628BADE6D4
DE09EDE2330AD7F0BC692D30E5DA8C97A6DC9A023AF37075C2CF32CECFC4C7F1
gsdll32.dll
gsdll32.dll
gsdll32.dll
gsdll32.dll.deploy
_F6E5668DD56F41608ACB4C0B8F0B1AFA
Hmpsdll32.dll
gsdll32.dll.12060_1.28292.partial
55-gsdll32.dll
gsdll32.dll.12060_1.9258.partial
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!