× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8523d5b51a7807d62843be9a5f19818d6529e4b791ef764372b42f7b21b3006
File name: .
Detection ratio: 12 / 70
Analysis date: 2018-12-06 18:15:47 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.llEj 20181206
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181206
DrWeb Trojan.Gozi.381 20181206
eGambit PE.Heur.InvalidSig 20181206
Emsisoft Trojan-Spy.Ursnif (A) 20181206
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.B04E.Malware.Gen 20181206
Rising Malware.Heuristic!ET#80% (RDM+:cmRtazo7mZjY2O7uxZQen95xU8EY) 20181206
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/EncPk-ANY 20181206
Ad-Aware 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast 20181206
Avast-Mobile 20181206
AVG 20181206
Avira (no cloud) 20181206
Babable 20180918
Baidu 20181206
BitDefender 20181206
Bkav 20181205
CAT-QuickHeal 20181206
ClamAV 20181206
CMC 20181205
Comodo 20181206
Cybereason 20180225
Cyren 20181206
ESET-NOD32 20181206
F-Prot 20181206
F-Secure 20181206
Fortinet 20181206
GData 20181206
Ikarus 20181206
Jiangmin 20181206
K7AntiVirus 20181206
K7GW 20181206
Kaspersky 20181206
Kingsoft 20181206
Malwarebytes 20181206
MAX 20181206
McAfee 20181206
McAfee-GW-Edition 20181206
Microsoft 20181206
eScan 20181206
NANO-Antivirus 20181206
Palo Alto Networks (Known Signatures) 20181206
Panda 20181206
SUPERAntiSpyware 20181205
Symantec 20181206
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trapmine 20181205
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181206
VIPRE 20181206
ViRobot 20181206
Webroot 20181206
Yandex 20181204
Zillya 20181206
ZoneAlarm by Check Point 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 1984-2002 Adobe Systems Incorporated

Product BIB
Original name BIB.dll
Internal name BIB
File version 1.1.8
Description Bravo Interface Binder
Signature verification The digital signature of the object did not verify.
Signing date 5:36 AM 2/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-17 12:46:27
Entry Point 0x00003480
Number of sections 7
PE sections
Overlays
MD5 aa0422672c5929e720a2d8e6568b58a8
File type data
Offset 151552
Size 6328
Entropy 7.41
PE imports
LookupPrivilegeDisplayNameW
GetTextCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetCurrentPositionEx
GetBkMode
GdiFlush
GetCharWidthA
GetBitmapBits
InterlockedExchange
LocalFree
GetVolumePathNameW
GetLastError
GetProcessAffinityMask
GetModuleFileNameA
LocalAlloc
GetFileInformationByHandle
GetPrivateProfileSectionNamesA
FreeLibrary
GetCommandLineA
GetStartupInfoA
DefineDosDeviceA
GetProcessWorkingSetSize
Sleep
GetProcAddress
GetStringTypeW
LoadLibraryA
GetPrivateProfileStringW
RaiseException
GetMessageA
GetForegroundWindow
ShowOwnedPopups
GetMenuItemCount
DrawTextW
EnumWindows
GetCursor
DeleteMenu
GetMenuStringA
GetShellWindow
InsertMenuItemW
GetDC
DrawTextExA
DeletePrinter
GetColorProfileHeader
strcoll
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.8.1

LanguageCode
Neutral 2

FileFlagsMask
0x003f

BuildDate
Wed Feb 27 2002 00:03:05

FileDescription
Bravo Interface Binder

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x3480

OriginalFileName
BIB.dll

MIMEType
application/octet-stream

LegalCopyright
1984-2002 Adobe Systems Incorporated

FileVersion
1.1.8

TimeStamp
2011:06:17 14:46:27+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
BIB

ProductVersion
1.1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

BuildVersion
24.66485

CodeSize
45056

ProductName
BIB

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 1efa971d24352a9833a8274a978d25fd
SHA1 1b9364e968ed8f1dda49a941b465f67276061f02
SHA256 e8523d5b51a7807d62843be9a5f19818d6529e4b791ef764372b42f7b21b3006
ssdeep
3072:8aDte7hdkXf/v+mIhdb8bPfV8t5YPDJqGozb1M:8aDte7hWv+hWLfiTY9Em

authentihash 28b290237eaef9e468ec3a8d6723906f0bf974bbd54b8cb7cb406caaee0050cf
imphash ff40c195d7e2322e07295c09843cdfe6
File size 154.2 KB ( 157880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-06 18:15:47 UTC ( 2 months, 1 week ago )
Last submission 2018-12-06 18:15:47 UTC ( 2 months, 1 week ago )
File names BIB.dll
BIB
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs