× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 34fcb576a388a64595ea9290c49e777d95c2e771302fa8e7f65c91f31caeb4d8
Nom du fichier : User defined language bar addin
Ratio de détection : 39 / 68
Date d'analyse : 2018-10-04 02:46:28 UTC (il y a 7 mois, 3 semaines)
Antivirus Résultat Mise à jour
AegisLab Trojan.Win32.Itaduke.m!c 20181004
AhnLab-V3 Win-Trojan/Itaduke.250880 20181004
Antiy-AVL Trojan[Backdoor]/Win32.Itaduke 20181004
AVG FileRepMalware 20181004
Avira (no cloud) TR/Injector.anz 20181004
AVware Trojan.Win32.Generic!BT 20180925
Comodo UnclassifiedMalware 20181003
Cylance Unsafe 20181004
Cyren W32/Injector.ISUC-1784 20181004
DrWeb BackDoor.Siggen.51453 20181004
ESET-NOD32 Win32/SandyEva.A 20181003
F-Prot W32/Injector.HG 20181004
F-Secure Trojan:W32/Agent.DUIT 20181004
Fortinet W32/Itaduke.C!tr.bdr 20181003
Ikarus Backdoor.Win32.Itaduke 20181003
Jiangmin Backdoor/Itaduke.b 20181004
K7AntiVirus Trojan ( 0001140e1 ) 20181003
K7GW Trojan ( 0001140e1 ) 20181003
Kaspersky Backdoor.Win32.Itaduke.g 20181003
Kingsoft Win32.Troj.Generic.z.(kcloud) 20181004
McAfee BackDoor-FKO 20181003
McAfee-GW-Edition BackDoor-FKO 20181004
Microsoft Exploit:Win32/SandyEva.A 20181004
NANO-Antivirus Trojan.Win32.Itaduke.btxwlc 20181003
Panda Dialer.EMN 20181003
Qihoo-360 Win32/Backdoor.092 20181004
Rising Exploit.SandyEva!8.312D (CLOUD) 20181003
Sophos AV Troj/Agent-AAAN 20181004
Symantec Trojan.Swaylib 20181003
Tencent Win32.Backdoor.Itaduke.Htvr 20181004
TheHacker Trojan/Agent.ulw 20181001
TrendMicro TROJ_INJECT.CPX 20181003
TrendMicro-HouseCall TROJ_INJECT.CPX 20181004
VBA32 Backdoor.Itaduke 20181003
VIPRE Trojan.Win32.Generic!BT 20181004
Webroot W32.Infostealer.Zeus 20181004
Yandex Backdoor.Itaduke!u7PVM40U470 20180927
Zillya Trojan.SandyEva.Win32.3 20181003
ZoneAlarm by Check Point Backdoor.Win32.Itaduke.g 20180925
Ad-Aware 20181004
Alibaba 20180921
ALYac 20181004
Arcabit 20181004
Avast 20181004
Avast-Mobile 20181003
Babable 20180918
Baidu 20180930
BitDefender 20181004
Bkav 20181003
CAT-QuickHeal 20181001
ClamAV 20181003
CMC 20181003
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20181004
Emsisoft 20181003
Endgame 20180730
GData 20181004
Sophos ML 20180717
Malwarebytes 20181003
MAX 20181004
eScan 20181004
Palo Alto Networks (Known Signatures) 20181004
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181004
TotalDefense 20181003
Trustlook 20181004
ViRobot 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005 Unicode Group Inc.

Product Unicode LanguageBar Addin
Original name LangBar32.dll
Internal name User defined language bar addin
File version 4, 0, 2, 38
Description User defined language bar addin
Comments User defined language bar addin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-04 14:36:06
Entry Point 0x000010C0
Number of sections 11
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExW
GetLastError
CopyFileW
EnterCriticalSection
ReadFile
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
FreeLibrary
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
RemoveDirectoryW
OpenFileMappingW
GetCurrentProcessId
ReleaseSemaphore
SetFileTime
ReleaseMutex
TlsGetValue
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
TlsFree
GetTempFileNameW
CreateFileMappingW
GetFileTime
SetFilePointer
SetFileAttributesW
CreateSemaphoreA
CreateThread
LoadLibraryW
MoveFileExW
GetModuleHandleA
FindNextFileW
GetTempPathW
CreateMutexW
CloseHandle
FindFirstFileW
GetModuleHandleW
GetFileAttributesExW
LocalFree
WideCharToMultiByte
InitializeCriticalSection
WriteFile
CreateFileW
VirtualQuery
FindClose
InterlockedDecrement
Sleep
MoveFileW
SetEndOfFile
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetFileSize
SetLastError
InterlockedIncrement
HttpQueryInfoW
InternetOpenW
InternetQueryOptionW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
InternetGetLastResponseInfoW
HttpOpenRequestW
rand
malloc
realloc
_wcslwr
swprintf
strcat
__dllonexit
_stricmp
_snwprintf
abort
fflush
strncpy
strchr
_itoa
wcscmp
_errno
fwrite
_open
wcslen
fputs
_snprintf
sprintf
wcsrchr
_close
_wcsicmp
fputc
wcschr
wcsncpy
free
wcscat
atoi
_wsplitpath
vfprintf
calloc
_write
_winmajor
memcpy
_lseeki64
_vsnprintf
memmove
localtime
_read
strerror
wcscpy
strcpy
time
wcsstr
wcsncmp
_wtoi
strcmp
memchr
_iob
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
User defined language bar addin

LinkerVersion
2.2

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
4.0.2.38

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
User defined language bar addin

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, No debug, DLL

CharacterSet
Windows, Latin1

InitializedDataSize
249856

EntryPoint
0x10c0

OriginalFileName
LangBar32.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005 Unicode Group Inc.

FileVersion
4, 0, 2, 38

TimeStamp
2013:02:04 15:36:06+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
User defined language bar addin

ProductVersion
4, 0, 2, 38

UninitializedDataSize
2560

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Unicode Group Inc.

CodeSize
162816

ProductName
Unicode LanguageBar Addin

ProductVersionNumber
4.0.2.38

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 97777f269ae807891dac4b388c66a952
SHA1 764f05ea2b4fac0778351f5253126da5888146f9
SHA256 34fcb576a388a64595ea9290c49e777d95c2e771302fa8e7f65c91f31caeb4d8
ssdeep
6144:DIf6jUnWS0OP+7Mt2CrGM9Hooo+TBqCV+UgpfCu:DIf6jUBxP4v1M9Hooo+T8CVJ

authentihash dbaa1b0a7f6dc5f648aced0a25a4526225aa7286775eb8295061ca65ca9713f5
imphash 176a9dd423f470040c49556eb477c172
File size 245.0 KB ( 250880 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
pedll

VirusTotal metadata
First submission 2013-02-14 01:14:33 UTC (il y a 6 ans, 3 mois)
Last submission 2014-02-11 09:10:02 UTC (il y a 5 ans, 3 mois)
Noms du fichier User defined language bar addin
krtLangBar32.dll
34fcb576a388a64595ea9290c49e777d95c2e771302fa8e7f65c91f31caeb4d8
97777f269ae807891dac4b388c66a952
langbar32.dll
LangBar32.dll
vti-rescan
LANGBAR32.dl_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !