× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566
File name: cab.fmt
Detection ratio: 0 / 67
Analysis date: 2017-12-23 18:39:12 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware 20171223
AegisLab 20171223
AhnLab-V3 20171223
Alibaba 20171222
ALYac 20171223
Antiy-AVL 20171223
Arcabit 20171223
Avast 20171223
Avast-Mobile 20171223
AVG 20171223
Avira (no cloud) 20171223
AVware 20171223
Baidu 20171222
BitDefender 20171223
Bkav 20171222
CAT-QuickHeal 20171223
ClamAV 20171223
CMC 20171223
Comodo 20171223
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171223
Cyren 20171223
DrWeb 20171223
eGambit 20171223
Emsisoft 20171223
Endgame 20171130
ESET-NOD32 20171223
F-Prot 20171223
F-Secure 20171223
Fortinet 20171223
GData 20171223
Ikarus 20171223
Sophos ML 20170914
Jiangmin 20171221
K7AntiVirus 20171223
K7GW 20171223
Kaspersky 20171223
Kingsoft 20171223
Malwarebytes 20171223
MAX 20171223
McAfee 20171223
McAfee-GW-Edition 20171223
Microsoft 20171223
eScan 20171223
NANO-Antivirus 20171223
nProtect 20171223
Palo Alto Networks (Known Signatures) 20171223
Panda 20171223
Qihoo-360 20171223
Rising 20171223
SentinelOne (Static ML) 20171207
Sophos AV 20171223
SUPERAntiSpyware 20171223
Symantec 20171222
Symantec Mobile Insight 20171222
Tencent 20171223
TheHacker 20171219
TotalDefense 20171223
TrendMicro 20171223
TrendMicro-HouseCall 20171223
Trustlook 20171223
VBA32 20171222
VIPRE 20171223
ViRobot 20171223
Webroot 20171223
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
ZoneAlarm by Check Point 20171223
Zoner 20171223
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2012

Product WinRAR
Internal name cab.fmt
File version 4.11.0
Description CAB format support
PE header basic information
Target machine x64
Compilation timestamp 2012-02-17 14:55:05
Entry Point 0x00002F44
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
DosDateTimeToFileTime
GetConsoleOutputCP
SetHandleCount
lstrcmpiA
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
CreateDirectoryA
FlushFileBuffers
GetEnvironmentStringsW
FlsSetValue
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
FreeEnvironmentStringsA
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
SetFileTime
DeleteFileA
RtlVirtualUnwind
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
EncodePointer
GetProcessHeap
GetConsoleCP
SetStdHandle
SetEndOfFile
RtlUnwindEx
WideCharToMultiByte
GetStringTypeA
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetFileAttributesA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GetStringTypeW
LocalFileTimeToFileTime
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
FlsGetValue
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
21504

ImageVersion
0.0

ProductName
WinRAR

FileVersionNumber
4.11.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.11.0

TimeStamp
2012:02:17 15:55:05+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
cab.fmt

FileDescription
CAB format support

OSVersion
5.2

FileOS
Win32

LegalCopyright
Copyright Alexander Roshal 1993-2012

MachineType
AMD AMD64

CompanyName
Alexander Roshal

CodeSize
46592

FileSubtype
0

ProductVersionNumber
4.11.0.0

EntryPoint
0x2f44

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 df0446e1ce896f130b6af0bfee2bb820
SHA1 14f003119ceb6da83fab3749032d983a3d598035
SHA256 e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566
ssdeep
1536:D/AxjbHLx42jrmMVvwKmJn6d54QwExaXrNB0xVypmfKbe:D/Axjx42jrm4m653A7NMVypXb

authentihash 5d5feeade8241b49adb379db5bf669f6aef01268cf07b81e3dfa77d43a095dbc
imphash 4541e8d60be7740d541feeac795476e3
File size 67.5 KB ( 69120 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2012-02-25 00:03:49 UTC ( 6 years, 2 months ago )
Last submission 2014-06-14 20:18:12 UTC ( 3 years, 10 months ago )
File names smona_e89b5e3323b4642f0f9420529c1bd15f45ce1b393023773f349ac013880b7566.bin
aa
file-3962847_fmt
cab.fmt
cab.fmt
cab.fmt
favdac.tmp
df0446e1ce896f130b6af0bfee2bb820
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!