× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f14da22b176220b0088f59f0d2d289bd9d904288aed67a60743b36cc8e90755f
File name: php_ldap.dll
Detection ratio: 0 / 57
Analysis date: 2015-08-29 11:18:56 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20150830
AegisLab 20150830
Yandex 20150829
AhnLab-V3 20150830
Alibaba 20150828
ALYac 20150830
Antiy-AVL 20150830
Arcabit 20150830
Avast 20150830
AVG 20150830
Avira (no cloud) 20150830
AVware 20150830
Baidu-International 20150830
BitDefender 20150830
Bkav 20150829
ByteHero 20150830
CAT-QuickHeal 20150829
ClamAV 20150830
CMC 20150827
Comodo 20150830
Cyren 20150830
DrWeb 20150830
Emsisoft 20150830
ESET-NOD32 20150830
F-Prot 20150829
F-Secure 20150829
Fortinet 20150830
GData 20150830
Ikarus 20150830
Jiangmin 20150829
K7AntiVirus 20150830
K7GW 20150830
Kaspersky 20150830
Kingsoft 20150830
Malwarebytes 20150829
McAfee 20150830
McAfee-GW-Edition 20150830
Microsoft 20150830
eScan 20150830
NANO-Antivirus 20150830
nProtect 20150828
Panda 20150830
Qihoo-360 20150830
Rising 20150830
Sophos AV 20150830
SUPERAntiSpyware 20150829
Symantec 20150829
Tencent 20150830
TheHacker 20150828
TotalDefense 20150830
TrendMicro 20150830
TrendMicro-HouseCall 20150830
VBA32 20150829
VIPRE 20150830
ViRobot 20150830
Zillya 20150830
Zoner 20150830
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2014 The PHP Group

Publisher The PHP Group
Product PHP
Original name php_ldap.dll
Internal name LDAP extension
File version 5.6.12
Description LDAP
Comments Thanks to Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-06 19:17:40
Entry Point 0x0001A275
Number of sections 5
PE sections
PE imports
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
IsProcessorFeaturePresent
GetCurrentThreadId
DecodePointer
Ord(2023)
Ord(298)
Ord(2291)
Ord(129)
Ord(648)
Ord(66)
Ord(3686)
Ord(356)
Ord(3846)
Ord(204)
Ord(1653)
Ord(2596)
Ord(576)
Ord(2254)
Ord(1182)
Ord(2075)
Ord(566)
Ord(78)
Ord(510)
Ord(484)
Ord(657)
Ord(486)
Ord(395)
Ord(578)
Ord(1016)
Ord(653)
Ord(467)
Ord(1216)
Ord(248)
Ord(649)
Ord(254)
Ord(1654)
Ord(1238)
Ord(82)
Ord(362)
Ord(585)
Ord(224)
Ord(680)
Ord(206)
Ord(1882)
Ord(641)
Ord(176)
Ord(181)
Ord(161)
Ord(866)
Ord(470)
Ord(228)
Ord(1017)
Ord(2253)
Ord(150)
Ord(1015)
Ord(466)
Ord(3823)
_malloc_crt
__sys_nerr
malloc
realloc
__crtTerminateProcess
memset
fclose
_time64
__dllonexit
_stricmp
isdigit
isprint
fprintf
strchr
strtoul
fgets
fflush
fopen
__clean_type_info_names_internal
_amsg_exit
strncpy
isalnum
_errno
strncmp
_lock
qsort
_onexit
fputs
__sys_errlist
sprintf
strrchr
_ctime64
_initterm_e
isspace
_close
strtol
_unlock
_crt_debugger_hook
free
getenv
_except_handler4_common
atoi
calloc
_write
memcpy
__crtUnhandledException
_snprintf
_vsnprintf
memmove
_read
__iob_func
_calloc_crt
_wassert
__CppXcptFilter
_strnicmp
_initterm
strcmp
memchr
Ord(48)
Ord(231)
Ord(12)
Ord(58)
Ord(83)
Ord(111)
Ord(142)
Ord(74)
Ord(180)
Ord(78)
Ord(30)
Ord(40)
Ord(127)
Ord(35)
Ord(157)
Ord(75)
Ord(49)
Ord(24)
Ord(77)
Ord(61)
Ord(141)
Ord(6)
Ord(98)
Ord(15)
Ord(96)
Ord(177)
Ord(176)
Ord(43)
Ord(286)
Ord(183)
Ord(128)
Ord(38)
Ord(21)
Ord(108)
Ord(16)
Ord(73)
Ord(8)
htonl
ioctlsocket
WSAStartup
connect
shutdown
htons
WSASetLastError
WSAGetLastError
gethostname
getsockopt
recv
inet_addr
send
select
gethostbyaddr
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
closesocket
setsockopt
socket
inet_ntoa
sasl_getprop
sasl_decode
sasl_global_listmech
sasl_client_start
sasl_client_init
sasl_encode
sasl_version
sasl_errstring
sasl_dispose
sasl_errdetail
sasl_client_new
sasl_client_step
sasl_setprop
zend_hash_get_current_key_ex
_array_init
add_next_index_zval
zend_register_ini_entries
_zend_hash_index_update_or_next_insert
zend_unregister_ini_entries
zend_hash_get_current_key_type_ex
zend_register_list_destructors_ex
add_assoc_long_ex
_ecalloc
zend_fetch_resource
php_info_print_table_start
_zval_dtor_func
add_index_stringl
executor_globals
_efree
zend_hash_num_elements
_estrndup
convert_to_boolean
_convert_to_string
add_index_string
zend_register_string_constant
_emalloc
ap_php_snprintf
compiler_globals
add_next_index_string
zend_register_long_constant
display_link_numbers
display_ini_entries
php_info_print_table_end
add_assoc_string_ex
add_assoc_bool_ex
add_next_index_bool
zend_hash_exists
zend_hash_find
zend_hash_index_find
_zend_list_delete
_zend_hash_add_or_update
php_info_print_table_row
_zend_list_addref
OnUpdateLong
zend_hash_move_forward_ex
_safe_emalloc
_estrdup
convert_to_long
_zval_copy_ctor_func
add_next_index_stringl
zend_hash_get_current_data_ex
zend_register_resource
zend_parse_parameters
php_error_docref0
add_assoc_stringl_ex
php_strtolower
zend_hash_internal_pointer_reset_ex
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
CodeSize
123392

SubsystemVersion
6.0

Comments
Thanks to Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas

InitializedDataSize
55808

ImageVersion
0.0

ProductName
PHP

FileVersionNumber
5.6.12.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
dll

OriginalFileName
php_ldap.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.6.12

URL
http://www.php.net

TimeStamp
2015:08:06 20:17:40+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
LDAP extension

ProductVersion
5.6.12

FileDescription
LDAP

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright 1997-2014 The PHP Group

MachineType
Intel 386 or later, and compatibles

CompanyName
The PHP Group

LegalTrademarks
PHP

FileSubtype
0

ProductVersionNumber
5.6.12.0

EntryPoint
0x1a275

ObjectFileType
Dynamic link library

File identification
MD5 5eb0bc13fac7bd1de78c48c764c29c2a
SHA1 940dde509de849637ce5595f93fbfc4c57901650
SHA256 f14da22b176220b0088f59f0d2d289bd9d904288aed67a60743b36cc8e90755f
ssdeep
3072:fLKrm4R2FBuY31be2VkKPedU9UDwLjbOB8pLX9z0hIGTnOU8NxgITeWu6J5UJXDX:wrkBuY31bzkaaUSDwLjg8p7RF3y1oAvP

authentihash 7d94eb377aadc19e6ff7cb23ffb26ec655fa23f4593352da46b080f6941c28cf
imphash ed7d4249dbaa4999c65c7a8e0fc7feff
File size 176.0 KB ( 180224 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2015-08-07 06:04:55 UTC ( 3 years, 9 months ago )
Last submission 2015-08-07 06:04:55 UTC ( 3 years, 9 months ago )
File names LDAP extension
php_ldap.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!