× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa8d2f70838a5debf36e209552291db29dcc27df9d4f11c35b10822d4e503599
File name: node
Detection ratio: 0 / 66
Analysis date: 2018-09-06 07:47:21 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180906
AegisLab 20180906
AhnLab-V3 20180906
Alibaba 20180713
Antiy-AVL 20180906
Arcabit 20180906
Avast 20180906
Avast-Mobile 20180906
AVG 20180906
Avira (no cloud) 20180906
AVware 20180906
Babable 20180902
Baidu 20180906
BitDefender 20180906
Bkav 20180905
CAT-QuickHeal 20180905
ClamAV 20180906
CMC 20180905
Comodo 20180905
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180906
Cyren 20180906
DrWeb 20180906
eGambit 20180906
Emsisoft 20180906
Endgame 20180730
ESET-NOD32 20180906
F-Prot 20180906
F-Secure 20180906
Fortinet 20180906
GData 20180906
Ikarus 20180905
Sophos ML 20180717
Jiangmin 20180906
K7AntiVirus 20180906
K7GW 20180906
Kaspersky 20180906
Kingsoft 20180906
Malwarebytes 20180906
MAX 20180906
McAfee 20180906
McAfee-GW-Edition 20180906
Microsoft 20180906
eScan 20180906
NANO-Antivirus 20180906
Palo Alto Networks (Known Signatures) 20180906
Panda 20180905
Qihoo-360 20180906
Rising 20180906
SentinelOne (Static ML) 20180830
Sophos AV 20180906
SUPERAntiSpyware 20180906
Symantec 20180906
Symantec Mobile Insight 20180905
TACHYON 20180906
Tencent 20180906
TheHacker 20180904
TotalDefense 20180906
TrendMicro 20180906
TrendMicro-HouseCall 20180906
Trustlook 20180906
VBA32 20180905
ViRobot 20180906
Webroot 20180906
Yandex 20180905
Zillya 20180904
ZoneAlarm by Check Point 20180906
Zoner 20180905
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright Node.js contributors. MIT license.

Product Node.js
Original name node.exe
Internal name node
File version 5.1.1
Description Node.js: Server-side JavaScript
PE header basic information
Target machine x64
Compilation timestamp 2016-02-19 09:51:23
Entry Point 0x006842F0
Number of sections 7
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
RegCloseKey
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
CryptGenRandom
CryptAcquireContextW
RegOpenKeyExA
ReportEventW
RegQueryValueExW
InitializeSecurityDescriptor
GetDeviceCaps
DeleteObject
GetDIBits
CreateCompatibleBitmap
GetObjectW
GetAdaptersAddresses
GetStdHandle
FileTimeToSystemTime
SetEvent
CreateJobObjectW
EncodePointer
GetConsoleTitleW
SetConsoleCursorPosition
GetFileAttributesW
SetInformationJobObject
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetConsoleCursorInfo
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetLocaleInfoW
GetTempPathA
WideCharToMultiByte
WriteFile
GetTimeZoneInformation
WaitForSingleObject
GetSystemTimeAsFileTime
GetThreadTimes
GlobalMemoryStatusEx
GetThreadPriority
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
FindClose
TlsGetValue
CancelIo
QueueUserWorkItem
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
SetConsoleTextAttribute
PeekNamedPipe
DeviceIoControl
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
ReadConsoleInputW
LoadLibraryA
VerSetConditionMask
SetConsoleCtrlHandler
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FormatMessageA
RegisterWaitForSingleObject
CreateSemaphoreA
SetEnvironmentVariableW
MoveFileExW
SetNamedPipeHandleState
CreateSemaphoreW
IsProcessorFeaturePresent
GetSystemInfo
DecodePointer
GlobalMemoryStatus
SetCurrentDirectoryW
ReadConsoleW
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
EnterCriticalSection
GetSystemTime
LoadLibraryW
OpenThread
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
GetGeoInfoW
WriteConsoleInputW
CreateRemoteThread
SystemTimeToFileTime
GetWindowsDirectoryW
SetHandleInformation
GetFileSize
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
WaitForMultipleObjects
GetNamedPipeHandleStateW
FillConsoleOutputAttribute
CreateFileMappingW
AssignProcessToJobObject
WaitNamedPipeW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateHardLinkW
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GetProcAddress
GetConsoleScreenBufferInfo
CreateEventW
ReadDirectoryChangesW
CreateFileW
CreateEventA
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
GetCurrencyFormatW
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
CreateNamedPipeW
ResumeThread
UnregisterWaitEx
GetTimeFormatW
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GetUserGeoID
CreateNamedPipeA
Process32NextW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
SetFileTime
SetConsoleCursorInfo
Process32FirstW
GetCurrentThread
SuspendThread
SetConsoleTitleW
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
GetLongPathNameW
UnregisterWait
SetConsoleMode
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
ResetEvent
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@H@2@_JHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Nan
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??0_Lockit@std@@QEAA@H@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?_Winerror_map@std@@YAPEBDH@Z
_FNan
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0_Container_base12@std@@QEAA@XZ
_Inf
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?_Xlength_error@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@H@2@V32@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
??_7ios_base@std@@6B@
_lock
nearbyint
strncpy_s
fclose
_time64
_snwprintf
strtoul
fflush
fsetpos
_fmode
__timezone
strtol
fputc
strtod
fwrite
_wcsdup
fputs
pow
isspace
_close
_CxxThrowException
wcspbrk
_fileno
_aligned_free
memcpy_s
wcsncmp
__doserrno
_umask
_wfopen
_write
??8type_info@@QEBA_NAEBV0@@Z
memcpy
strstr
__RTtypeid
memmove
signal
sin
__crt_debugger_hook
modf
_initterm
strcmp
memchr
strncmp
fgetc
_hypot
memset
_wcsnicmp
strcat
strerror
__RTDynamicCast
_vsnprintf_s
_setmode
_stat64i32
fgets
__clean_type_info_names_internal
strchr
asin
_dsign
fgetpos
isxdigit
ftell
exit
sprintf
strlen
strrchr
fopen_s
_initterm_e
_set_invalid_parameter_handler
_lrotr
fmod
ferror
_fdtest
ungetc
_aligned_malloc
free
_lrotl
realloc
_gmtime64
sprintf_s
cos
_vsnprintf
__CxxFrameHandler3
vsprintf
_read
??9type_info@@QEBA_NAEBV0@@Z
strcpy
bsearch
_exit
isupper
rand
_scalb
_vsnwprintf
raise
_wrmdir
__dllonexit
_open_osfhandle
ldexp
printf
fopen
sqrtf
strncpy
__C_specific_handler
isalnum
_HUGE
qsort
_tzset
_onexit
wcslen
_snprintf
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
memcmp
_lseeki64
wcschr
wcsncpy
??3@YAXPEAX@Z
getenv
atoi
vfprintf
atol
_purecall
_stricmp
lrint
__crtUnhandledException
??_U@YAPEAX_K@Z
__crtCaptureCurrentContext
wcscpy
_beginthreadex
_localtime64
_strnicmp
_unlock_file
__tzname
_malloc_crt
malloc
__iob_func
sscanf
acos
__crtTerminateProcess
fread
abort
fprintf
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
isdigit
??_V@YAXPEAX@Z
tan
feof
rand_s
_amsg_exit
?terminate@@YAXXZ
atan2
_fdsign
_vscprintf
fseek
sqrt
_get_osfhandle
??2@YAPEAX_K@Z
_strdup
_errno
rewind
_getpid
wcsrchr
strncat
tolower
atan
_localtime64_s
_unlock
_wcsrev
_fseeki64
log
calloc
ceil
_getch
__crtCapturePreviousContext
_dtest
_wmkdir
wcstombs
floor
_lock_file
_calloc_crt
setvbuf
exp
__CppXcptFilter
wcsstr
_wchmod
GetProcessMemoryInfo
ReleaseDC
GetProcessWindowStation
MessageBoxW
GetDC
GetUserObjectInformationW
GetUserProfileDirectoryW
timeGetTime
htonl
shutdown
WSARecvFrom
WSARecv
ioctlsocket
WSAStartup
connect
getsockname
WSADuplicateSocketW
htons
getpeername
select
gethostname
getsockopt
FreeAddrInfoW
recv
ntohl
inet_addr
send
WSASend
ntohs
WSAGetLastError
listen
__WSAFDIsSet
GetNameInfoW
WSASetLastError
closesocket
WSAIoctl
GetAddrInfoW
setsockopt
socket
bind
WSASendTo
recvfrom
WSASocketW
PE exports
Number of PE resources by type
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
4514816

ImageVersion
0.0

ProductName
Node.js

FileVersionNumber
5.1.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, DLL

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
dll

OriginalFileName
node.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.1

TimeStamp
2016:02:19 10:51:23+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
node

ProductVersion
5.1.1

FileDescription
Node.js: Server-side JavaScript

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Node.js contributors. MIT license.

MachineType
AMD AMD64

CompanyName
Node.js

CodeSize
7927296

FileSubtype
0

ProductVersionNumber
5.1.1.0

EntryPoint
0x6842f0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 a675ec8d8d7621fd828d47484f83995e
SHA1 209308c32598e8cfa4df6001c4fd4d329d05e149
SHA256 fa8d2f70838a5debf36e209552291db29dcc27df9d4f11c35b10822d4e503599
ssdeep
196608:7v83USXGhMTyhKc6dHa/ai3GbWnhRwlhE3OkDxhARyI:7v83USXGhMT6Kc6dHya6Gb8RwlhE3OkA

authentihash 318aea1ccb41b46e325cf910c08bf3c57e1f587aa1d088c1c2f51725237a8f86
imphash 95a392370512fbc842fc53057fcd6660
File size 11.8 MB ( 12386816 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
64bits assembly pedll

VirusTotal metadata
First submission 2016-02-24 10:39:40 UTC ( 3 years ago )
Last submission 2017-10-04 08:24:47 UTC ( 1 year, 5 months ago )
File names node
tempc
node.dll
tempe
tempd
tempi
node.dll
node.dll
node.dll
node.dll
node.dll
node.dll
node.dll
node.exe
node.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!