× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe5ceefedcec83d40bd63a7cc2d4ae4012b3f59f1098638056fdc1a477d405f7
File name: libeay32
Detection ratio: 0 / 66
Analysis date: 2018-10-16 14:15:19 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181016
AegisLab 20181016
AhnLab-V3 20181016
Alibaba 20180921
ALYac 20181016
Antiy-AVL 20181016
Arcabit 20181016
Avast 20181016
Avast-Mobile 20181016
AVG 20181016
Avira (no cloud) 20181016
Babable 20180918
Baidu 20181015
BitDefender 20181016
Bkav 20181016
CAT-QuickHeal 20181013
ClamAV 20181016
CMC 20181016
Comodo 20181016
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181016
Cyren 20181016
DrWeb 20181016
eGambit 20181016
Emsisoft 20181016
Endgame 20180730
ESET-NOD32 20181016
F-Prot 20181016
F-Secure 20181016
Fortinet 20181016
GData 20181016
Ikarus 20181016
Sophos ML 20180717
Jiangmin 20181016
K7AntiVirus 20181016
K7GW 20181016
Kaspersky 20181016
Kingsoft 20181016
Malwarebytes 20181016
MAX 20181016
McAfee 20181016
McAfee-GW-Edition 20181016
Microsoft 20181016
eScan 20181016
NANO-Antivirus 20181016
Palo Alto Networks (Known Signatures) 20181016
Panda 20181016
Qihoo-360 20181016
Rising 20181016
SentinelOne (Static ML) 20181011
Sophos AV 20181016
SUPERAntiSpyware 20181015
Symantec 20181016
Symantec Mobile Insight 20181001
TACHYON 20181016
Tencent 20181016
TheHacker 20181015
TotalDefense 20181016
TrendMicro 20181016
TrendMicro-HouseCall 20181016
Trustlook 20181016
VBA32 20181016
ViRobot 20181016
Webroot 20181016
Yandex 20181015
Zillya 20181015
ZoneAlarm by Check Point 20181016
Zoner 20181015
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

Product The OpenSSL Toolkit
Original name libeay32.dll
Internal name libeay32
File version 1.0.1m
Description OpenSSL Shared Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-19 16:07:10
Entry Point 0x000BEBB0
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptGetUserKey
CryptReleaseContext
CryptAcquireContextA
DeregisterEventSource
CryptEnumProvidersA
CryptExportKey
CryptSetHashParam
RegisterEventSourceA
CryptDestroyHash
CryptDecrypt
ReportEventA
CryptGetProvParam
CryptSignHashA
CryptCreateHash
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
GetObjectA
CreateDCA
GetBitmapBits
DeleteDC
SelectObject
GetDeviceCaps
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
GetStdHandle
FlushConsoleInputBuffer
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
LoadLibraryA
GetCurrentProcessId
ExitProcess
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileA
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
DecodePointer
GetVersion
GlobalMemoryStatus
FindClose
GetFileType
GetTickCount
GetCurrentThreadId
SetLastError
strncmp
_malloc_crt
malloc
_lock
sscanf
toupper
_initterm
realloc
__crtTerminateProcess
memset
fclose
_time64
__dllonexit
_stricmp
fgets
fprintf
_stat64i32
strtoul
printf
isdigit
_getch
fflush
isxdigit
feof
__clean_type_info_names_internal
strchr
fopen
raise
_ftime64
_errno
fwrite
_chmod
fseek
qsort
_open
_onexit
fputs
ftell
_amsg_exit
_snprintf
strncpy
_fileno
strrchr
_getpid
isspace
sprintf
strtol
fread
tolower
_fdopen
_crt_debugger_hook
ferror
free
getenv
wcsstr
_except_handler4_common
atoi
vfprintf
_unlock
_wfopen
perror
_write
signal
memcpy
_gmtime64
__crtUnhandledException
_vsnprintf
strstr
isalnum
memmove
_initterm_e
_read
__iob_func
strerror
_calloc_crt
_localtime64
__CppXcptFilter
_strnicmp
_setmode
_exit
isupper
strcmp
memchr
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
htonl
accept
ioctlsocket
WSAStartup
connect
shutdown
htons
WSAGetLastError
getsockopt
closesocket
ntohl
send
ntohs
listen
WSACleanup
gethostbyname
WSASetLastError
recv
setsockopt
socket
bind
recvfrom
sendto
getservbyname
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
437760

ImageVersion
0.0

ProductName
The OpenSSL Toolkit

FileVersionNumber
1.0.1.13

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
dll

OriginalFileName
libeay32.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1.0.1m

TimeStamp
2015:03:19 17:07:10+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
libeay32

ProductVersion
1.0.1m

FileDescription
OpenSSL Shared Library

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright 1998-2005 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
The OpenSSL Project, http://www.openssl.org/

CodeSize
870912

FileSubtype
0

ProductVersionNumber
1.0.1.13

EntryPoint
0xbebb0

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 d02143376cdea15b313a398a4caf3735
SHA1 6ed82e6c999974154cccd1b0809e518bf234eafb
SHA256 fe5ceefedcec83d40bd63a7cc2d4ae4012b3f59f1098638056fdc1a477d405f7
ssdeep
24576:x1EIUsgnWi+3YhVl/lISyzMwIxboqM//+CsUwGBUgPrNg3tPP7NrhPMLwX/:1gnHc/MwI9oLjVjNktPP7NrhMLwX/

authentihash 6cf50a9cccee57c2d89909cf3f62c4279804f091bbc1b14c7570d428a428a0e6
imphash 521bfabc1d026a3067796f3e01f523c1
File size 1.2 MB ( 1297408 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll

VirusTotal metadata
First submission 2015-03-20 14:12:42 UTC ( 4 years, 2 months ago )
Last submission 2015-03-20 14:12:42 UTC ( 4 years, 2 months ago )
File names sbs_ve_ambr_20150429231213.027_ 13552
libeay32.dll
sbs_ve_ambr_20150630003759.759_ 76731
libeay32.dll
sbs_ve_ambr_20150522210603.374_ 14284
sbs_ve_ambr_20150714115631.516_ 122575
sbs_ve_ambr_20150622003357.698_ 74832
libeay32
sbs_ve_ambr_20150613210306.641_ 15072
sbs_ve_ambr_20150508210452.987_ 2840
sbs_ve_ambr_20150527210311.631_ 6894
libeay32.dll
sbs_ve_ambr_20150606000729.203_ 248
libeay32.dll
libeay32.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!