× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd3f175e7d31a16e116616ab29c1b672ae4ed08d397fac014d1279b969af3b68
File name: SHFOLDER.dll.vir
Detection ratio: 0 / 56
Analysis date: 2015-02-04 13:45:46 UTC ( 2 years, 8 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20150204
AVG 20150204
AVware 20150204
Ad-Aware 20150204
AegisLab 20150204
Yandex 20150202
AhnLab-V3 20150204
Alibaba 20150203
Antiy-AVL 20150204
Avast 20150204
Avira (no cloud) 20150204
Baidu-International 20150204
BitDefender 20150204
Bkav 20150203
ByteHero 20150204
CAT-QuickHeal 20150204
CMC 20150202
ClamAV 20150204
Comodo 20150204
Cyren 20150204
DrWeb 20150204
ESET-NOD32 20150204
Emsisoft 20150204
F-Prot 20150204
F-Secure 20150204
Fortinet 20150204
GData 20150204
Ikarus 20150204
K7AntiVirus 20150204
K7GW 20150204
Kaspersky 20150204
Kingsoft 20150204
Malwarebytes 20150204
McAfee 20150204
McAfee-GW-Edition 20150204
eScan 20150204
Microsoft 20150204
NANO-Antivirus 20150204
Norman 20150204
Panda 20150204
Qihoo-360 20150204
Rising 20150203
SUPERAntiSpyware 20150204
Sophos AV 20150204
Symantec 20150204
Tencent 20150204
TheHacker 20150203
TotalDefense 20150204
TrendMicro 20150204
TrendMicro-HouseCall 20150204
VBA32 20150204
VIPRE 20150204
ViRobot 20150204
Zillya 20150204
Zoner 20150202
nProtect 20150204
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 1981-1999

Product Microsoft(R) Windows (R) 2000 Operating System
Original name shfolder.dll
Internal name shfolder
File version 5.50.4027.300
Description Shell Folder Service
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-12-03 14:01:29
Entry Point 0x000027F6
Number of sections 4
PE sections
Overlays
MD5 c9ce07602ac43fdfb2ab8f848a6dc8eb
File type ASCII text
Offset 22528
Size 272
Entropy 0.75
PE imports
SetSecurityDescriptorDacl
RegOpenKeyA
RegCloseKey
LookupAccountSidW
RegSetValueExW
RegQueryValueExA
AddAccessAllowedAce
SetFileSecurityW
RegSetValueExA
InitializeAcl
RegCreateKeyExA
GetAce
RegQueryValueExW
InitializeSecurityDescriptor
GetLastError
lstrcpynW
LoadLibraryA
lstrlenA
GetFileAttributesA
GlobalFree
FreeLibrary
GetSystemDefaultLangID
IsBadWritePtr
GetVersionExA
GetFileAttributesW
lstrlenW
GetWindowsDirectoryW
lstrcatA
LockResource
CreateDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
EnumResourceLanguagesW
EnumResourceNamesW
CompareStringW
WideCharToMultiByte
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindResourceExW
GetSystemDirectoryA
ExpandEnvironmentStringsA
LoadResource
lstrcpyA
GlobalAlloc
DisableThreadLibraryCalls
PE exports
Number of PE resources by type
RT_STRING 27
RT_VERSION 1
Number of PE resources by language
SWEDISH 1
HUNGARIAN DEFAULT 1
CZECH DEFAULT 1
FRENCH 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
DUTCH 1
ITALIAN 1
CATALAN DEFAULT 1
FINNISH DEFAULT 1
PORTUGUESE BRAZILIAN 1
ENGLISH US 1
SPANISH 1
KOREAN 1
BASQUE DEFAULT 1
PORTUGUESE 1
GERMAN 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
NORWEGIAN BOKMAL 1
CHINESE TRADITIONAL 1
NEUTRAL 1
SPANISH MODERN 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
12800

ImageVersion
5.0

ProductName
Microsoft(R) Windows (R) 2000 Operating System

FileVersionNumber
5.50.4027.300

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
5.12

FileTypeExtension
dll

OriginalFileName
shfolder.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.50.4027.300

TimeStamp
1999:12:03 15:01:29+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
shfolder

ProductVersion
5.50.4027.300

FileDescription
Shell Folder Service

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) Microsoft Corp. 1981-1999

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
8192

FileSubtype
0

ProductVersionNumber
5.50.4027.300

EntryPoint
0x27f6

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 153241df0b44d47db2aa2ee755ea62c9
SHA1 4a6beaf3cf09bbcc6acb2382dff47c034c27fafc
SHA256 fd3f175e7d31a16e116616ab29c1b672ae4ed08d397fac014d1279b969af3b68
ssdeep
384:+xYxDdSPrTWmmXZ6UJuHW3iWqHosHigH2nKwsHTGHib+GzHWYHjHqLHP0oqQGVPE:eYxDdwTWm8lJuEF

authentihash 2d2a6fe410fe0296734906b3f6899adf55ce6a2a4e305edf1a0fe05c701ecd87
imphash 95f81563369971605fb978131e2f7f51
File size 22.3 KB ( 22800 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
nsrl pedll trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with shfolder.dll as its name. The file belongs to the Press Windows product, more specifically in ['SW CD Press Windows English -3 #1 XP Inside Out'].
VirusTotal metadata
First submission 2009-03-02 22:58:41 UTC ( 8 years, 7 months ago )
Last submission 2017-10-06 23:24:06 UTC ( 1 week, 4 days ago )
File names Binary.WiseCustomCalla
shfolder.w2k
fd3f175e7d31a16e__shfoldr.dll
set8b8d.tmp
setd22a.tmp
set4f97.tmp
vscp1ub6.o08
vsdphugj.pmf
setb6db.tmp
set9433.tmp
vs5b13vq.8b0
_2282_153241df0b44d47db2aa2ee755ea62c9
ShFolder.dll
set1563.tmp
vs6q1bo2.h97
_ShFolder.dll
F5219_shfolder.dll
set474c.tmp
vs3l08sa.0aj
vsts0mrr.809
vso207o5.9oq
vsangm04.822
~glh0073.tmp
vshnhnug.rh9
seta0f7.tmp
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products pcAnywhere (Symantec)
Clean Sweep (Symantec)
System Works (Symantec)
DB2 UDB Enterprise Server Edition (IBM Inc.)
Norton SystemWorks (Symantec)
Norton SystemWorks 2005 (Symantec)
Norton AntiVirus 2005 (Symantec)
Adobe Photoshop Elements (Adobe Systems Incorporated)
Norton AntiSpam 2005 (Symantec)
Creative Suite 2 Premium (Adobe Systems Incorporated)
Norton Ghost 10.0 (Symantec)
Norton Internet Security 2006 (Symantec)
Norton AntiVirus 2006 (Symantec)
Norton Personal Firewall 2006 (Symantec)
Adobe Photoshop CS2 (Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (Adobe Systems Incorporated)
Adobe Creative Suite 3 Design Premium (Adobe Systems Incorporated)
Adobe Photoshop CS3 (Adobe Systems Incorporated)
Symantec pcAnywhere (Symantec)
Gateway Applications and Drivers E6300 Series (Gateway)
File names F4010_shfolder.dll
SHFOLDER.DLL
_2138_153241df0b44d47db2aa2ee755ea62c9
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!