1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ESENT.dll new on virustotal.com

Discussion in 'General Security' started by aSILENTfire, Feb 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    I just saw an unfamiliar and suspicious file called "ESENT.dll" in my system32 folder. I uploaded it to virus total and it was first seen yesterday.. I have not installed anything new recently on this Windows 8 PC. Its acting in some suspicious environments according to process explorer: such as powershell, cmd, virtuabox, program folders, temporary folders, etc. and in the strings it has the take ownership privilege along with many others. Here is the virustotal report:


    ssdeep
    49152:3YU6jcrdKcyVCM90Rg3EiWK35+gs1PNsxd3p03nSTQtL:eek:UeadtyVCFMEiWrgs1PNsxd3p03nSTQ9
    TrID
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    ExifTool
    SubsystemVersion.........: 6.0
    InitializedDataSize......: 125952
    ImageVersion.............: 6.2
    ProductName..............: Microsoft Windows Operating System
    FileVersionNumber........: 6.2.9200.16384
    UninitializedDataSize....: 1536
    LanguageCode.............: English (U.S.)
    FileFlagsMask............: 0x003f
    CharacterSet.............: Unicode
    LinkerVersion............: 10.1
    FileOS...................: Windows NT 32-bit
    MIMEType.................: application/octet-stream
    Subsystem................: Windows command line
    FileVersion..............: 6.2.9200.16384 (win8_rtm.120725-1247)
    TimeStamp................: 2012:07:26 03:33:44+01:00
    FileType.................: Win32 DLL
    PEType...................: PE32
    InternalName.............: esent.dll
    ProductVersion...........: 6.2.9200.16384
    FileDescription..........: Extensible Storage Engine for Microsoft(R) Windows(R)
    OSVersion................: 6.2
    OriginalFilename.........: esent.dll
    LegalCopyright...........: Microsoft Corporation. All rights reserved.
    MachineType..............: Intel 386 or later, and compatibles
    CompanyName..............: Microsoft Corporation
    CodeSize.................: 2285056
    FileSubtype..............: 0
    ProductVersionNumber.....: 6.2.9200.16384
    EntryPoint...............: 0x769fd
    ObjectFileType...........: Dynamic link library
    Sigcheck
    publisher................: Microsoft Corporation
    product..................: Microsoft_ Windows_ Operating System
    verified.................:
    internal name............: esent.dll
    copyright................: (c) Microsoft Corporation. All rights reserved.
    original name............: esent.dll
    file version.............: 6.2.9200.16384 (win8_rtm.120725-1247)
    description..............: Extensible Storage Engine for Microsoft(R) Windows(R)
    Portable Executable structural information
    Compilation timedatestamp.....: 2012-07-26 02:33:44
    Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
    Entry point address...........: 0x000769FD

    PE Sections...................:

    Name Virtual Address Virtual Size Raw Size Entropy MD5
    .text 4096 2284646 2285056 6.78 74efc8ba950d31a3bd0eda4bc22505af
    .data 2289664 25104 21504 2.31 2d96324c25ec32d83ccba04518352dce
    .idata 2318336 5254 5632 5.72 12da692d846970728e9bcd9df19efbca
    cachelin 2326528 1536 0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rsrc 2330624 1344 1536 3.09 a951b688c79ac2901fd818459468789e
    .reloc 2334720 92764 93184 6.79 6884379ebc33e8b655e73088a960126b

    PE Imports....................:

    [[ntdll.dll]]
    RtlCaptureStackBackTrace

    [[KERNEL32.dll]]
    GetVolumePathNameW, GetStdHandle, ReleaseMutex, FileTimeToSystemTime, GetOverlappedResult, WaitForSingleObject, HeapDestroy, DebugBreak, SetThreadPriorityBoost, CreateTimerQueue, GetFileAttributesW, SystemTimeToTzSpecificLocalTime, DeleteCriticalSection, GetCurrentProcess, OpenFileMappingW, LocalAlloc, MapViewOfFileEx, GetFileInformationByHandle, QueryMemoryResourceNotification, GetLocaleInfoW, WideCharToMultiByte, InterlockedExchange, WriteFile, GetSystemTimeAsFileTime, GlobalMemoryStatusEx, FreeLibrary, LocalFree, FormatMessageW, IsWow64Process, ResumeThread, FindClose, TlsGetValue, VirtualQueryEx, OutputDebugStringA, SetLastError, GetSystemTime, DeviceIoControl, RemoveDirectoryW, DeleteTimerQueueEx, FlushFileBuffers, HeapSetInformation, SetConsoleCtrlHandler, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetLocalTime, SetFilePointerEx, DeleteTimerQueueTimer, GetSystemPowerStatus, CreateMutexA, RegisterWaitForSingleObject, CreateThread, MoveFileExW, GetExitCodeThread, SetUnhandledExceptionFilter, CreateMutexW, GetVolumeNameForVolumeMountPointW, IsProcessorFeaturePresent, SetHandleInformation, WaitForMultipleObjectsEx, InitOnceExecuteOnce, GetDiskFreeSpaceExW, SetEndOfFile, GetCurrentThreadId, SleepEx, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetEvent, QueryPerformanceCounter, GetTickCount, DisableThreadLibraryCalls, TlsAlloc, VirtualProtect, GetVersionExA, SetFileValidData, GetDateFormatW, WriteFileGather, CreateDirectoryW, DeleteFileW, GetProcAddress, GetConsoleScreenBufferInfo, GetProcessHeap, CreateFileMappingW, GetTimeFormatW, GetFileSizeEx, GetModuleFileNameW, FindNextFileW, CreateMemoryResourceNotification, ResetEvent, CreateTimerQueueTimer, FindFirstFileW, TerminateProcess, DuplicateHandle, GetLocaleInfoEx, GetProcessAffinityMask, CreateEventW, CreateFileW, CreateEventA, TlsSetValue, CreateFileA, HeapAlloc, ReadFileScatter, LCMapStringEx, LeaveCriticalSection, GetNativeSystemInfo, GetLastError, SystemTimeToFileTime, LCMapStringW, GetSystemInfo, UnregisterWaitEx, GetSystemWindowsDirectoryW, WaitForSingleObjectEx, LCIDToLocaleName, GetQueuedCompletionStatus, GetCurrentProcessId, CreateIoCompletionPort, CopyFileExW, InterlockedCompareExchange, GetCurrentThread, LocaleNameToLCID, QueryPerformanceFrequency, ReleaseSemaphore, MapViewOfFile, TlsFree, VirtualUnlock, ReadFile, CloseHandle, OpenMutexW, GetModuleHandleW, GetFileAttributesExW, UnmapViewOfFile, OpenEventW, PostQueuedCompletionStatus, VirtualFree, Sleep, SetThreadPriority, VirtualAlloc

    [[msvcrt.dll]]
    _snprintf_s, rand, malloc, swscanf_s, wprintf, _wfopen, _wcsnicmp, _ultoa_s, __dllonexit, strtok_s, _ftol2, isprint, fprintf, strchr, strtoul, printf, _wcstoui64, _wfullpath, _vsnwprintf, _amsg_exit, memset, _lock, qsort, _itoa_s, _onexit, memcmp, strrchr, srand, wcsrchr, bsearch, _strnicmp, fflush, _wcsicmp, vprintf, strcspn, _unlock, fclose, free, strpbrk, _except_handler4_common, wcsncmp, _mbspbrk, atol, iswalpha, _purecall, _stricmp, memcpy, sprintf_s, _vsnprintf, strstr, memmove, iswprint, _wmakepath_s, wcscspn, iscntrl, wcschr, wcsstr, modf, time, _wsplitpath_s, wcstol, _initterm, isupper, _iob


    PE Exports....................:

    DebugExtensionInitialize, [email protected], DebugExtensionNotify, [email protected], DebugExtensionUninitialize, [email protected], JetAddColumn, JetAddColumnA, [email protected], JetAddColumnW, [email protected], JetAttachDatabase, JetAttachDatabase2, JetAttachDatabase2A, [email protected], JetAttachDatabase2W, [email protected], JetAttachDatabaseA, [email protected], JetAttachDatabaseW, [email protected], JetAttachDatabaseWithStreaming, JetAttachDatabaseWithStreamingA, [email protected], JetAttachDatabaseWithStreamingW, [email protected], JetBackup, JetBackupA, [email protected], JetBackupInstance, JetBackupInstanceA, [email protected], JetBackupInstanceW, [email protected], JetBackupW, [email protected], JetBeginDatabaseIncrementalReseed, JetBeginDatabaseIncrementalReseedA, [email protected], JetBeginDatabaseIncrementalReseedW, [email protected], JetBeginExternalBackup, [email protected], JetBeginExternalBackupInstance, [email protected], JetBeginSession, JetBeginSessionA, [email protected], JetBeginSessionW, [email protected], JetBeginSurrogateBackup, [email protected], JetBeginTransaction, JetBeginTransaction2, [email protected], JetBeginTransaction3, [email protected], [email protected], JetCloseDatabase, [email protected], JetCloseFile, [email protected], JetCloseFileInstance, [email protected], JetCloseTable, [email protected], JetCommitTransaction, JetCommitTransaction2, [email protected], [email protected], JetCompact, JetCompactA, [email protected], JetCompactW, [email protected], JetComputeStats, [email protected], JetConfigureProcessForCrashDump, [email protected], JetConsumeLogData, [email protected], JetConvertDDL, JetConvertDDLA, [email protected], JetConvertDDLW, [email protected], JetCreateDatabase, JetCreateDatabase2, JetCreateDatabase2A, [email protected], JetCreateDatabase2W, [email protected], JetCreateDatabaseA, [email protected], JetCreateDatabaseW, [email protected], JetCreateDatabaseWithStreaming, JetCreateDatabaseWithStreamingA, [email protected], JetCreateDatabaseWithStreamingW, [email protected], JetCreateIndex, JetCreateIndex2, JetCreateIndex2A, [email protected], JetCreateIndex2W, [email protected], JetCreateIndex3A, JetCreateIndex3W, JetCreateIndex4A, JetCreateIndex4W, JetCreateIndexA, [email protected], JetCreateIndexW, [email protected], JetCreateInstance, JetCreateInstance2, JetCreateInstance2A, [email protected], JetCreateInstance2W, [email protected], JetCreateInstanceA, [email protected], JetCreateInstanceW, [email protected], JetCreateTable, JetCreateTableA, [email protected], JetCreateTableColumnIndex, JetCreateTableColumnIndex2, JetCreateTableColumnIndex2A, [email protected], JetCreateTableColumnIndex2W, [email protected], JetCreateTableColumnIndex3A, JetCreateTableColumnInd[email protected], JetCreateTableColumnIndex3W, [email protected], JetCreateTableColumnIndex4A, [email protected], JetCreateTableColumnIndex4W, [email protected], JetCreateTableColumnIndexA, [email protected], JetCreateTableColumnIndexW, [email protected], JetCreateTableW, [email protected], JetDBUtilities, JetDBUtilitiesA, [email protected], JetDBUtilitiesW, [email protected], JetDatabaseScan, [email protected], JetDefragment, JetDefragment2, JetDefragment2A, [email protected], JetDefragment2W, [email protected], JetDefragment3, JetDefragment3A, [email protected], JetDefragment3W, [email protected], JetDefragmentA, [email protected], JetDefragmentW, [email protected], JetDelete, [email protected], JetDeleteColumn, JetDeleteColumn2, JetDeleteColumn2A, [email protected], JetDeleteColumn2W, [email protected], JetDeleteColumnA, [email protected], JetDeleteColumnW, [email protected], JetDeleteIndex, JetDeleteIndexA, [email protected], JetDeleteIndexW, [email protected], JetDeleteTable, JetDeleteTableA, [email protected], JetDeleteTableW, [email protected], JetDetachDatabase, JetDetachDatabase2, JetDetachDatabase2A, [email protected], JetDetachDatabase2W, [email protected], JetDetachDatabaseA, [email protected], JetDetachDatabaseW, [email protected], JetDupCursor, [email protected], JetDupSession, [email protected], JetEnableMultiInstance, JetEnableMultiInstanceA, [email protected], JetEnableMultiInstanceW, [email protected], JetEndDatabaseIncrementalReseed, JetEndDatabaseIncrementalReseedA, [email protected], JetEndDatabaseIncrementalReseedW, [email protected], JetEndExternalBackup, [email protected], JetEndExternalBackupInstance, JetEndExternalBackupInstance2, [email protected], [email protected], JetEndSession, [email protected], JetEndSurrogateBackup, [email protected], JetEnumerateColumns, [email protected], JetEscrowUpdate, [email protected], JetExternalRestore, JetExternalRestore2, JetExternalRestore2A, [email protected], JetExternalRestore2W, [email protected], JetExternalRestoreA, [email protected], JetExternalRestoreW, [email protected], JetFreeBuffer, [email protected], JetGetAttachInfo, JetGetAttachInfoA, [email protected], JetGetAttachInfoInstance, JetGetAttachInfoInstanceA, [email protected], JetGetAttachInfoInstanceW, [email protected], JetGetAttachInfoW, [email protected], JetGetBookmark, [email protected], JetGetColumnInfo, JetGetColumnInfoA, [email protected], JetGetColumnInfoW, [email protected], JetGetCounter, [email protected], JetGetCurrentIndex, JetGetCurrentIndexA, [email protected], JetGetCurrentIndexW, [email protected], JetGetCursorInfo, [email protected], JetGetDatabaseFileInfo, JetGetDatabaseFileInfoA, [email protected], JetGetDatabaseFileInfoW, [email protected], JetGetDatabaseInfo, JetGetDatabaseInfoA, [email protected], JetGetDatabaseInfoW, [email protected], JetGetDatabasePages, [email protected], JetGetErrorInfoW, [email protected], JetGetIndexInfo, JetGetIndexInfoA, [email protected], JetGetIndexInfoW, [email protected], JetGetInstanceInfo, JetGetInstanceInfoA, [email protected], JetGetInstanceInfoW, [email protected], JetGetInstanceMiscInfo, [email protected], JetGetLS, [email protected], JetGetLock, [email protected], JetGetLogFileInfo, JetGetLogFileInfoA, [email protected], JetGetLogFileInfoW, [email protected], JetGetLogInfo, JetGetLogInfoA, [email protected], JetGetLogInfoInstance, JetGetLogInfoInstance2, JetGetLogInfoInstance2A, [email protected], JetGetLogInfoInstance2W, [email protected], JetGetLogInfoInstanceA, [email protected], JetGetLogInfoInstanceW, [email protected], JetGetLogInfoW, [email protected], JetGetMaxDatabaseSize, [email protected], JetGetObjectInfo, JetGetObjectInfoA, [email protected], JetGetObjectInfoW, [email protected], JetGetPageInfo, JetGetPageInfo2, [email protected], [email protected], JetGetRecordPosition, [email protected], JetGetRecordSize, JetGetRecordSize2, [email protected], [email protected], JetGetResourceParam, [email protected], JetGetSecondaryIndexBookmark, [email protected], JetGetSessionInfo, [email protected], JetGetSessionParameter, [email protected], JetGetSystemParameter, JetGetSystemParameterA, [email protected], JetGetSystemParameterW, [email protected], JetGetTableColumnInfo, JetGetTableColumnInfoA, [email protected], JetGetTableColumnInfoW, [email protected], JetGetTableIndexInfo, JetGetTableIndexInfoA, [email protected], JetGetTableIndexInfoW, [email protected], JetGetTableInfo, JetGetTableInfoA, [email protected], JetGetTableInfoW, [email protected], JetGetThreadStats, [email protected], JetGetTruncateLogInfoInstance, JetGetTruncateLogInfoInstanceA, [email protected], JetGetTruncateLogInfoInstanceW, [email protected], JetGetVersion, [email protected], JetGotoBookmark, [email protected], JetGotoPosition, [email protected], JetGotoSecondaryIndexBookmark, [email protected], JetGrowDatabase, [email protected], JetIdle, [email protected], JetIndexRecordCount, [email protected], JetInit, JetInit2, [email protected], JetInit3, JetInit3A, [email protected], JetInit3W, [email protected], JetInit4, JetInit4A, [email protected], JetInit4W, [email protected], [email protected], JetIntersectIndexes, [email protected], JetMakeKey, [email protected], JetMove, [email protected], JetOSSnapshotAbort, [email protected], JetOSSnapshotEnd, [email protected], JetOSSnapshotFreeze, JetOSSnapshotFreezeA, [email protected], JetOSSnapshotFreezeW, [email protected], JetOSSnapshotGetFreezeInfo, JetOSSnapshotGetFreezeInfoA, [email protected], JetOSSnapshotGetFreezeInfoW, [email protected], JetOSSnapshotPrepare, [email protected], JetOSSnapshotPrepareInstance, [email protected], JetOSSnapshotThaw, [email protected], JetOSSnapshotTruncateLog, [email protected], JetOSSnapshotTruncateLogInstance, [email protected], JetOnlinePatchDatabasePage, [email protected], JetOpenDatabase, JetOpenDatabaseA, [email protected], JetOpenDatabaseW, [email protected], JetOpenFile, JetOpenFileA, [email protected], JetOpenFileInstance, JetOpenFileInstanceA, [email protected], JetOpenFileInstanceW, [email protected], JetOpenFileSectionInstance, JetOpenFileSectionInstanceA, [email protected], JetOpenFileSectionInstanceW, [email protected], JetOpenFileW, [email protected], JetOpenTable, JetOpenTableA, [email protected], JetOpenTableW, [email protected], JetOpenTempTable, JetOpenTempTable2, [email protected], JetOpenTempTable3, [email protected], [email protected], JetOpenTemporaryTable, JetOpenTemporaryTable2, [email protected], [email protected], JetPatchDatabasePages, JetPatchDatabasePagesA, [email protected], JetPatchDatabasePagesW, [email protected], JetPrepareToCommitTransaction, [email protected], JetPrepareUpdate, [email protected], JetPrereadIndexRanges, [email protected], JetPrereadKeys, [email protected], JetPrereadTablesW, [email protected], JetReadFile, [email protected], JetReadFileInstance, [email protected], JetRegisterCallback, [email protected], JetRemoveLogfileA, [email protected], JetRemoveLogfileW, [email protected], JetRenameColumn, JetRenameColumnA, [email protected], JetRenameColumnW, [email protected], JetRenameTable, JetRenameTableA, [email protected], JetRenameTableW, [email protected], JetResetCounter, [email protected], JetResetSessionContext, [email protected], JetResetTableSequential, [email protected], JetResizeDatabase, [email protected], JetRestore, JetRestore2, JetRestore2A, [email protected], JetRestore2W, [email protected], JetRestoreA, [email protected], JetRestoreInstance, JetRestoreInstanceA, [email protected]16, JetRestoreInstanceW, [email protected], JetRestoreW, [email protected], JetRetrieveColumn, [email protected], JetRetrieveColumns, [email protected], JetRetrieveKey, [email protected], JetRetrieveTaggedColumnList, [email protected], JetRollback, [email protected], JetSeek, [email protected], JetSetColumn, [email protected], JetSetColumnDefaultValue, JetSetColumnDefaultValueA, [email protected], JetSetColumnDefaultValueW, [email protected], JetSetColumns, [email protected], JetSetCurrentIndex, JetSetCurrentIndex2, JetSetCurrentIndex2A, [email protected], JetSetCurrentIndex2W, [email protected], JetSetCurrentIndex3, JetSetCurrentIndex3A, [email protected], JetSetCurrentIndex3W, [email protected], JetSetCurrentIndex4, JetSetCurrentIndex4A, [email protected], JetSetCurrentIndex4W, [email protected], JetSetCurrentIndexA, [email protected], JetSetCurrentIndexW, [email protected], JetSetCursorFilter, [email protected], JetSetDatabaseSize, JetSetDatabaseSizeA, [email protected], JetSetDatabaseSizeW, [email protected], JetSetIndexRange, [email protected], JetSetLS, [email protected], JetSetMaxDatabaseSize, [email protected], JetSetResourceParam, [email protected], JetSetSessionContext, [email protected], JetSetSessionParameter, [email protected], JetSetSystemParameter, JetSetSystemParameterA, [email protected], JetSetSystemParameterW, [email protected], JetSetTableSequential, [email protected], JetSnapshotStart, JetSnapshotStartA, [email protected], JetSnapshotStartW, [email protected], JetSnapshotStop, [email protected], JetStopBackup, [email protected], JetStopBackupInstance, [email protected], JetStopService, [email protected], JetStopServiceInstance, JetStopServiceInstance2, [email protected], [email protected], JetTerm, JetTerm2, [email protected], [email protected], JetTestHook, [email protected], JetTracing, [email protected], JetTruncateLog, [email protected], JetTruncateLogInstance, [email protected], JetUnregisterCallback, [email protected], JetUpdate, JetUpdate2, [email protected], [email protected], JetUpgradeDatabase, JetUpgradeDatabaseA, [email protected], JetUpgradeDatabaseW, [email protected], ese, [email protected], rgEDBGGlobals

    PE Resources..................:

    Resource type Number of resources
    MUI 1
    RT_VERSION 1

    Resource language Number of resources
    ENGLISH US 2
    First seen by VirusTotal
    2013-02-03 06:41:54 UTC ( 1 day, 13 hours ago )
    Last seen by VirusTotal
    2013-02-04 20:23:17 UTC ( 3 minutes ago )
    File names (max. 25)
    esent.dll
    esent.dll
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
  3. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    Thanks! I mentioned this mostly because I saw a video of someone else putting this thru virustotal on youtube, but it was a different version and much older.. just made me wonder.
     
  4. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    Hmm, I just tried to add DuckDuckGo to my Firefox search bar, and then a pop up box asking me to confirm adding it said it was from: jid1-zadieub7xozojw-at-jetpack.. reminds me of all those jet... things listed above.. if someone else has firefox, if you add the duckduckgo search option does it say this?
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    I think you are trying to overanalyze everything too much and because of that you're suspicious of everything you see.

    I don't know much about Windows 8 and nothing about programming....but, the JET stuff that you see in the VirusTotal results refers to the Joint Engine Technology (JET) data store database engine and there's nothing untoward about it. I'm sure the VirusTotal results didn't detect anything but you failed to mention that or provide a link to the results.

    Jetpack is a project used to build Firefox add-ons. Whether or not there's any connection between the two having "Jet" in their names, I have no idea. However, it's not something that should raise suspicion if you're downloading the add-on from Mozilla. :)
     
  6. aSILENTfire

    aSILENTfire Thread Starter

    Joined:
    Mar 9, 2012
    Messages:
    142
    Overanalyze? Who me? Yeah that about explains it lol, thanks.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    You're welcome. :)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - ESENT virustotal
  1. UsherBhai
    Replies:
    1
    Views:
    5,601
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice