× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566
File name: cab.fmt
Detection ratio: 0 / 57
Analysis date: 2016-08-30 06:24:41 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware 20160830
AegisLab 20160830
AhnLab-V3 20160829
Alibaba 20160829
ALYac 20160830
Antiy-AVL 20160830
Arcabit 20160830
Avast 20160830
AVG 20160830
Avira (no cloud) 20160830
AVware 20160830
Baidu 20160830
BitDefender 20160830
Bkav 20160829
CAT-QuickHeal 20160830
ClamAV 20160830
CMC 20160830
Comodo 20160830
Cyren 20160830
DrWeb 20160829
Emsisoft 20160830
ESET-NOD32 20160830
F-Prot 20160830
F-Secure 20160830
Fortinet 20160830
GData 20160830
Ikarus 20160829
Sophos ML 20160830
Jiangmin 20160830
K7AntiVirus 20160830
K7GW 20160830
Kaspersky 20160830
Kingsoft 20160830
Malwarebytes 20160830
McAfee 20160830
McAfee-GW-Edition 20160830
Microsoft 20160830
eScan 20160830
NANO-Antivirus 20160830
nProtect 20160830
Panda 20160829
Qihoo-360 20160830
Rising 20160830
Sophos AV 20160830
SUPERAntiSpyware 20160830
Symantec 20160830
Tencent 20160830
TheHacker 20160829
TotalDefense 20160830
TrendMicro 20160830
TrendMicro-HouseCall 20160830
VBA32 20160829
VIPRE 20160830
ViRobot 20160830
Yandex 20160828
Zillya 20160829
Zoner 20160830
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2012

Product WinRAR
Internal name cab.fmt
File version 4.11.0
Description CAB format support
PE header basic information
Target machine x64
Compilation timestamp 2012-02-17 14:55:05
Entry Point 0x00002F44
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
DosDateTimeToFileTime
GetConsoleOutputCP
SetHandleCount
lstrcmpiA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
CreateDirectoryA
FlushFileBuffers
GetEnvironmentStringsW
FlsSetValue
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
SetFileTime
DeleteFileA
RtlVirtualUnwind
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
GetConsoleCP
SetStdHandle
SetEndOfFile
RtlUnwindEx
WideCharToMultiByte
GetStringTypeA
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetFileAttributesA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GetStringTypeW
LocalFileTimeToFileTime
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
FlsGetValue
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
21504

ImageVersion
0.0

ProductName
WinRAR

FileVersionNumber
4.11.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.11.0

TimeStamp
2012:02:17 15:55:05+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
cab.fmt

FileDescription
CAB format support

OSVersion
5.2

FileOS
Win32

LegalCopyright
Copyright Alexander Roshal 1993-2012

MachineType
AMD AMD64

CompanyName
Alexander Roshal

CodeSize
46592

FileSubtype
0

ProductVersionNumber
4.11.0.0

EntryPoint
0x2f44

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 df0446e1ce896f130b6af0bfee2bb820
SHA1 14f003119ceb6da83fab3749032d983a3d598035
SHA256 e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566
ssdeep
1536:D/AxjbHLx42jrmMVvwKmJn6d54QwExaXrNB0xVypmfKbe:D/Axjx42jrm4m653A7NMVypXb

authentihash 5d5feeade8241b49adb379db5bf669f6aef01268cf07b81e3dfa77d43a095dbc
imphash 4541e8d60be7740d541feeac795476e3
File size 67.5 KB ( 69120 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2012-02-25 00:03:49 UTC ( 5 years, 9 months ago )
Last submission 2014-06-14 20:18:12 UTC ( 3 years, 6 months ago )
File names smona_e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566.bin
aa
file-3962847_fmt
cab.fmt
cab.fmt
cab.fmt
favdac.tmp
df0446e1ce896f130b6af0bfee2bb820
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!