× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff5a738d38303a8d992ef552b1cbeab3d35e97f246c3282cc8b5ce05347f8594
File name: cairo.dll
Detection ratio: 0 / 56
Analysis date: 2015-11-30 21:18:10 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware 20151130
AegisLab 20151130
Yandex 20151130
AhnLab-V3 20151130
Alibaba 20151130
ALYac 20151130
Antiy-AVL 20151130
Arcabit 20151130
Avast 20151130
AVG 20151130
Avira (no cloud) 20151130
AVware 20151130
Baidu-International 20151130
BitDefender 20151130
Bkav 20151130
ByteHero 20151130
CAT-QuickHeal 20151130
ClamAV 20151130
CMC 20151130
Comodo 20151130
Cyren 20151130
DrWeb 20151130
Emsisoft 20151130
ESET-NOD32 20151130
F-Prot 20151130
F-Secure 20151130
Fortinet 20151130
GData 20151130
Ikarus 20151130
Jiangmin 20151130
K7AntiVirus 20151130
K7GW 20151130
Kaspersky 20151130
Malwarebytes 20151130
McAfee 20151130
McAfee-GW-Edition 20151130
Microsoft 20151130
eScan 20151130
NANO-Antivirus 20151130
nProtect 20151130
Panda 20151130
Qihoo-360 20151130
Rising 20151129
Sophos AV 20151130
SUPERAntiSpyware 20151130
Symantec 20151130
Tencent 20151130
TheHacker 20151127
TotalDefense 20151130
TrendMicro 20151130
TrendMicro-HouseCall 20151130
VBA32 20151130
VIPRE 20151130
ViRobot 20151130
Zillya 20151130
Zoner 20151130
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-03 16:51:21
Entry Point 0x000A8671
Number of sections 5
PE sections
PE imports
SetGraphicsMode
SetMapMode
CreateFontIndirectW
PatBlt
GetClipBox
SaveDC
GdiFlush
GetTextMetricsA
EndPath
SetStretchBltMode
ModifyWorldTransform
GetOutlineTextMetricsA
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
GetWorldTransform
SetWorldTransform
GetObjectW
IntersectClipRect
BitBlt
CreateDIBSection
ExtSelectClipRgn
SetTextColor
CreatePatternBrush
GetGlyphOutlineW
ExtTextOutW
FillPath
SelectClipPath
MoveToEx
GetStockObject
SetMiterLimit
StrokePath
GetGraphicsMode
ExtCreateRegion
SetTextAlign
SelectClipRgn
CreateCompatibleDC
PolyBezierTo
StretchBlt
GetFontUnicodeRanges
StretchDIBits
GetCharWidth32A
SetBrushOrgEx
ExtEscape
CreateRectRgn
CloseFigure
SelectObject
SetPolyFillMode
GetGlyphIndicesW
CreateSolidBrush
WidenPath
ExtCreatePen
GetClipRgn
GetFontData
BeginPath
DeleteObject
CreateCompatibleBitmap
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
SetLastError
SetFilePointer
IsValidCodePage
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetStringTypeA
GetProcessHeap
GetTempFileNameW
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
ReadFile
GetConsoleOutputCP
SetUnhandledExceptionFilter
GetTempPathW
InterlockedIncrement
CompareStringA
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
LocalFree
FormatMessageW
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
VirtualFree
HeapDestroy
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
WriteConsoleW
CloseHandle
GradientFill
FillRect
SystemParametersInfoA
GetDC
ReleaseDC
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:11:03 16:51:21+00:00

FileType
Win32 DLL

PEType
PE32

CodeSize
770048

LinkerVersion
8.0

FileTypeExtension
dll

InitializedDataSize
180224

SubsystemVersion
4.0

EntryPoint
0xa8671

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 3e54515fb22719735d9a9e57b50c98c5
SHA1 0d93e9176d56856258e2d78c29634d3447576048
SHA256 ff5a738d38303a8d992ef552b1cbeab3d35e97f246c3282cc8b5ce05347f8594
ssdeep
12288:tGXRWvnZ69Puw1w6y/qLWaL3Bt3g3tXSMW+bIqC2CIWEhf9SGeaAGgrMkTt5nrJr:MBWvZgWqy/qLWaLY3tzoL3naxBmT4

authentihash 74823eabef434a2a578fa4ed78164139941c271b83ff2c85ac2c18ec555f6601
imphash 085f7a8f7ce26f5014183bdacc72a7ca
File size 924.0 KB ( 946176 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll

VirusTotal metadata
First submission 2010-11-10 17:47:38 UTC ( 7 years, 10 months ago )
Last submission 2015-11-30 21:18:10 UTC ( 2 years, 10 months ago )
File names cairo.dll
cairo.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!