ESENT.dll new on virustotal.com

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
I just saw an unfamiliar and suspicious file called "ESENT.dll" in my system32 folder. I uploaded it to virus total and it was first seen yesterday.. I have not installed anything new recently on this Windows 8 PC. Its acting in some suspicious environments according to process explorer: such as powershell, cmd, virtuabox, program folders, temporary folders, etc. and in the strings it has the take ownership privilege along with many others. Here is the virustotal report:


ssdeep
49152:3YU6jcrdKcyVCM90Rg3EiWK35+gs1PNsxd3p03nSTQtL:eek:UeadtyVCFMEiWrgs1PNsxd3p03nSTQ9
TrID
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ExifTool
SubsystemVersion.........: 6.0
InitializedDataSize......: 125952
ImageVersion.............: 6.2
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 6.2.9200.16384
UninitializedDataSize....: 1536
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 10.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows command line
FileVersion..............: 6.2.9200.16384 (win8_rtm.120725-1247)
TimeStamp................: 2012:07:26 03:33:44+01:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: esent.dll
ProductVersion...........: 6.2.9200.16384
FileDescription..........: Extensible Storage Engine for Microsoft(R) Windows(R)
OSVersion................: 6.2
OriginalFilename.........: esent.dll
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 2285056
FileSubtype..............: 0
ProductVersionNumber.....: 6.2.9200.16384
EntryPoint...............: 0x769fd
ObjectFileType...........: Dynamic link library
Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
verified.................:
internal name............: esent.dll
copyright................: (c) Microsoft Corporation. All rights reserved.
original name............: esent.dll
file version.............: 6.2.9200.16384 (win8_rtm.120725-1247)
description..............: Extensible Storage Engine for Microsoft(R) Windows(R)
Portable Executable structural information
Compilation timedatestamp.....: 2012-07-26 02:33:44
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x000769FD

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 2284646 2285056 6.78 74efc8ba950d31a3bd0eda4bc22505af
.data 2289664 25104 21504 2.31 2d96324c25ec32d83ccba04518352dce
.idata 2318336 5254 5632 5.72 12da692d846970728e9bcd9df19efbca
cachelin 2326528 1536 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 2330624 1344 1536 3.09 a951b688c79ac2901fd818459468789e
.reloc 2334720 92764 93184 6.79 6884379ebc33e8b655e73088a960126b

PE Imports....................:

[[ntdll.dll]]
RtlCaptureStackBackTrace

[[KERNEL32.dll]]
GetVolumePathNameW, GetStdHandle, ReleaseMutex, FileTimeToSystemTime, GetOverlappedResult, WaitForSingleObject, HeapDestroy, DebugBreak, SetThreadPriorityBoost, CreateTimerQueue, GetFileAttributesW, SystemTimeToTzSpecificLocalTime, DeleteCriticalSection, GetCurrentProcess, OpenFileMappingW, LocalAlloc, MapViewOfFileEx, GetFileInformationByHandle, QueryMemoryResourceNotification, GetLocaleInfoW, WideCharToMultiByte, InterlockedExchange, WriteFile, GetSystemTimeAsFileTime, GlobalMemoryStatusEx, FreeLibrary, LocalFree, FormatMessageW, IsWow64Process, ResumeThread, FindClose, TlsGetValue, VirtualQueryEx, OutputDebugStringA, SetLastError, GetSystemTime, DeviceIoControl, RemoveDirectoryW, DeleteTimerQueueEx, FlushFileBuffers, HeapSetInformation, SetConsoleCtrlHandler, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetLocalTime, SetFilePointerEx, DeleteTimerQueueTimer, GetSystemPowerStatus, CreateMutexA, RegisterWaitForSingleObject, CreateThread, MoveFileExW, GetExitCodeThread, SetUnhandledExceptionFilter, CreateMutexW, GetVolumeNameForVolumeMountPointW, IsProcessorFeaturePresent, SetHandleInformation, WaitForMultipleObjectsEx, InitOnceExecuteOnce, GetDiskFreeSpaceExW, SetEndOfFile, GetCurrentThreadId, SleepEx, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetEvent, QueryPerformanceCounter, GetTickCount, DisableThreadLibraryCalls, TlsAlloc, VirtualProtect, GetVersionExA, SetFileValidData, GetDateFormatW, WriteFileGather, CreateDirectoryW, DeleteFileW, GetProcAddress, GetConsoleScreenBufferInfo, GetProcessHeap, CreateFileMappingW, GetTimeFormatW, GetFileSizeEx, GetModuleFileNameW, FindNextFileW, CreateMemoryResourceNotification, ResetEvent, CreateTimerQueueTimer, FindFirstFileW, TerminateProcess, DuplicateHandle, GetLocaleInfoEx, GetProcessAffinityMask, CreateEventW, CreateFileW, CreateEventA, TlsSetValue, CreateFileA, HeapAlloc, ReadFileScatter, LCMapStringEx, LeaveCriticalSection, GetNativeSystemInfo, GetLastError, SystemTimeToFileTime, LCMapStringW, GetSystemInfo, UnregisterWaitEx, GetSystemWindowsDirectoryW, WaitForSingleObjectEx, LCIDToLocaleName, GetQueuedCompletionStatus, GetCurrentProcessId, CreateIoCompletionPort, CopyFileExW, InterlockedCompareExchange, GetCurrentThread, LocaleNameToLCID, QueryPerformanceFrequency, ReleaseSemaphore, MapViewOfFile, TlsFree, VirtualUnlock, ReadFile, CloseHandle, OpenMutexW, GetModuleHandleW, GetFileAttributesExW, UnmapViewOfFile, OpenEventW, PostQueuedCompletionStatus, VirtualFree, Sleep, SetThreadPriority, VirtualAlloc

[[msvcrt.dll]]
_snprintf_s, rand, malloc, swscanf_s, wprintf, _wfopen, _wcsnicmp, _ultoa_s, __dllonexit, strtok_s, _ftol2, isprint, fprintf, strchr, strtoul, printf, _wcstoui64, _wfullpath, _vsnwprintf, _amsg_exit, memset, _lock, qsort, _itoa_s, _onexit, memcmp, strrchr, srand, wcsrchr, bsearch, _strnicmp, fflush, _wcsicmp, vprintf, strcspn, _unlock, fclose, free, strpbrk, _except_handler4_common, wcsncmp, _mbspbrk, atol, iswalpha, _purecall, _stricmp, memcpy, sprintf_s, _vsnprintf, strstr, memmove, iswprint, _wmakepath_s, wcscspn, iscntrl, wcschr, wcsstr, modf, time, _wsplitpath_s, wcstol, _initterm, isupper, _iob


PE Exports....................:

DebugExtensionInitialize, [email protected], DebugExtensionNotify, [email protected], DebugExtensionUninitialize, [email protected], JetAddColumn, JetAddColumnA, [email protected], JetAddColumnW, [email protected], JetAttachDatabase, JetAttachDatabase2, JetAttachDatabase2A, [email protected], JetAttachDatabase2W, [email protected], JetAttachDatabaseA, [email protected], JetAttachDatabaseW, [email protected], JetAttachDatabaseWithStreaming, JetAttachDatabaseWithStreamingA, [email protected], JetAttachDatabaseWithStreamingW, [email protected], JetBackup, JetBackupA, [email protected], JetBackupInstance, JetBackupInstanceA, [email protected], JetBackupInstanceW, [email protected], JetBackupW, [email protected], JetBeginDatabaseIncrementalReseed, JetBeginDatabaseIncrementalReseedA, [email protected], JetBeginDatabaseIncrementalReseedW, [email protected], JetBeginExternalBackup, [email protected], JetBeginExternalBackupInstance, [email protected], JetBeginSession, JetBeginSessionA, [email protected], JetBeginSessionW, [email protected], JetBeginSurrogateBackup, [email protected], JetBeginTransaction, JetBeginTransaction2, [email protected], JetBeginTransaction3, [email protected], [email protected], JetCloseDatabase, [email protected], JetCloseFile, [email protected], JetCloseFileInstance, [email protected], JetCloseTable, [email protected], JetCommitTransaction, JetCommitTransaction2, [email protected], [email protected], JetCompact, JetCompactA, [email protected], JetCompactW, [email protected], JetComputeStats, [email protected], JetConfigureProcessForCrashDump, [email protected], JetConsumeLogData, [email protected], JetConvertDDL, JetConvertDDLA, [email protected], JetConvertDDLW, [email protected], JetCreateDatabase, JetCreateDatabase2, JetCreateDatabase2A, [email protected], JetCreateDatabase2W, [email protected], JetCreateDatabaseA, [email protected], JetCreateDatabaseW, [email protected], JetCreateDatabaseWithStreaming, JetCreateDatabaseWithStreamingA, [email protected], JetCreateDatabaseWithStreamingW, [email protected], JetCreateIndex, JetCreateIndex2, JetCreateIndex2A, [email protected], JetCreateIndex2W, [email protected], JetCreateIndex3A, JetCreateIndex3W, JetCreateIndex4A, JetCreateIndex4W, JetCreateIndexA, [email protected], JetCreateIndexW, [email protected], JetCreateInstance, JetCreateInstance2, JetCreateInstance2A, [email protected], JetCreateInstance2W, [email protected], JetCreateInstanceA, [email protected], JetCreateInstanceW, [email protected], JetCreateTable, JetCreateTableA, [email protected], JetCreateTableColumnIndex, JetCreateTableColumnIndex2, JetCreateTableColumnIndex2A, [email protected], JetCreateTableColumnIndex2W, [email protected], JetCreateTableColumnIndex3A, [email protected], JetCreateTableColumnIndex3W, [email protected], JetCreateTableColumnIndex4A, [email protected], JetCreateTableColumnIndex4W, [email protected], JetCreateTableColumnIndexA, [email protected], JetCreateTableColumnIndexW, [email protected], JetCreateTableW, [email protected], JetDBUtilities, JetDBUtilitiesA, [email protected], JetDBUtilitiesW, [email protected], JetDatabaseScan, [email protected], JetDefragment, JetDefragment2, JetDefragment2A, [email protected], JetDefragment2W, [email protected], JetDefragment3, JetDefragment3A, [email protected], JetDefragment3W, [email protected], JetDefragmentA, [email protected], JetDefragmentW, [email protected], JetDelete, [email protected], JetDeleteColumn, JetDeleteColumn2, JetDeleteColumn2A, [email protected], JetDeleteColumn2W, [email protected], JetDeleteColumnA, [email protected], JetDeleteColumnW, [email protected], JetDeleteIndex, JetDeleteIndexA, [email protected], JetDeleteIndexW, [email protected], JetDeleteTable, JetDeleteTableA, [email protected], JetDeleteTableW, [email protected], JetDetachDatabase, JetDetachDatabase2, JetDetachDatabase2A, [email protected], JetDetachDatabase2W, [email protected], JetDetachDatabaseA, [email protected], JetDetachDatabaseW, [email protected], JetDupCursor, [email protected], JetDupSession, [email protected], JetEnableMultiInstance, JetEnableMultiInstanceA, [email protected], JetEnableMultiInstanceW, [email protected], JetEndDatabaseIncrementalReseed, JetEndDatabaseIncrementalReseedA, [email protected], JetEndDatabaseIncrementalReseedW, [email protected], JetEndExternalBackup, [email protected], JetEndExternalBackupInstance, JetEndExternalBackupInstance2, [email protected], [email protected], JetEndSession, [email protected], JetEndSurrogateBackup, [email protected], JetEnumerateColumns, [email protected], JetEscrowUpdate, [email protected], JetExternalRestore, JetExternalRestore2, JetExternalRestore2A, [email protected], JetExternalRestore2W, [email protected], JetExternalRestoreA, [email protected], JetExternalRestoreW, [email protected], JetFreeBuffer, [email protected], JetGetAttachInfo, JetGetAttachInfoA, [email protected], JetGetAttachInfoInstance, JetGetAttachInfoInstanceA, [email protected], JetGetAttachInfoInstanceW, [email protected], JetGetAttachInfoW, [email protected], JetGetBookmark, [email protected], JetGetColumnInfo, JetGetColumnInfoA, [email protected], JetGetColumnInfoW, [email protected], JetGetCounter, [email protected], JetGetCurrentIndex, JetGetCurrentIndexA, [email protected], JetGetCurrentIndexW, [email protected], JetGetCursorInfo, [email protected], JetGetDatabaseFileInfo, JetGetDatabaseFileInfoA, [email protected], JetGetDatabaseFileInfoW, [email protected], JetGetDatabaseInfo, JetGetDatabaseInfoA, [email protected], JetGetDatabaseInfoW, [email protected], JetGetDatabasePages, [email protected], JetGetErrorInfoW, JetG[email protected], JetGetIndexInfo, JetGetIndexInfoA, [email protected], JetGetIndexInfoW, [email protected], JetGetInstanceInfo, JetGetInstanceInfoA, [email protected], JetGetInstanceInfoW, [email protected], JetGetInstanceMiscInfo, [email protected], JetGetLS, [email protected], JetGetLock, [email protected], JetGetLogFileInfo, JetGetLogFileInfoA, [email protected], JetGetLogFileInfoW, [email protected], JetGetLogInfo, JetGetLogInfoA, [email protected], JetGetLogInfoInstance, JetGetLogInfoInstance2, JetGetLogInfoInstance2A, [email protected], JetGetLogInfoInstance2W, [email protected], JetGetLogInfoInstanceA, [email protected], JetGetLogInfoInstanceW, [email protected], JetGetLogInfoW, [email protected], JetGetMaxDatabaseSize, [email protected], JetGetObjectInfo, JetGetObjectInfoA, JetGetObjectInfoA[email protected], JetGetObjectInfoW, [email protected], JetGetPageInfo, JetGetPageInfo2, [email protected], [email protected], JetGetRecordPosition, [email protected], JetGetRecordSize, JetGetRecordSize2, [email protected], [email protected], JetGetResourceParam, [email protected], JetGetSecondaryIndexBookmark, [email protected], JetGetSessionInfo, [email protected], JetGetSessionParameter, [email protected], JetGetSystemParameter, JetGetSystemParameterA, [email protected], JetGetSystemParameterW, [email protected], JetGetTableColumnInfo, JetGetTableColumnInfoA, [email protected], JetGetTableColumnInfoW, [email protected], JetGetTableIndexInfo, JetGetTableIndexInfoA, [email protected], JetGetTableIndexInfoW, [email protected], JetGetTableInfo, JetGetTableInfoA, [email protected], JetGetTableInfoW, [email protected], JetGetThreadStats, [email protected], JetGetTruncateLogInfoInstance, JetGetTruncateLogInfoInstanceA, [email protected], JetGetTruncateLogInfoInstanceW, [email protected], JetGetVersion, [email protected], JetGotoBookmark, [email protected], JetGotoPosition, [email protected], JetGotoSecondaryIndexBookmark, [email protected], JetGrowDatabase, [email protected], JetIdle, [email protected], JetIndexRecordCount, [email protected], JetInit, JetInit2, [email protected], JetInit3, JetInit3A, [email protected], JetInit3W, [email protected], JetInit4, JetInit4A, [email protected], JetInit4W, [email protected], [email protected], JetIntersectIndexes, [email protected], JetMakeKey, [email protected], JetMove, [email protected], JetOSSnapshotAbort, [email protected], JetOSSnapshotEnd, [email protected], JetOSSnapshotFreeze, JetOSSnapshotFreezeA, [email protected], JetOSSnapshotFreezeW, [email protected], JetOSSnapshotGetFreezeInfo, JetOSSnapshotGetFreezeInfoA, [email protected], JetOSSnapshotGetFreezeInfoW, [email protected], JetOSSnapshotPrepare, [email protected], JetOSSnapshotPrepareInstance, [email protected], JetOSSnapshotThaw, [email protected], JetOSSnapshotTruncateLog, [email protected], JetOSSnapshotTruncateLogInstance, [email protected], JetOnlinePatchDatabasePage, [email protected], JetOpenDatabase, JetOpenDatabaseA, [email protected], JetOpenDatabaseW, [email protected], JetOpenFile, JetOpenFileA, [email protected], JetOpenFileInstance, JetOpenFileInstanceA, [email protected], JetOpenFileInstanceW, [email protected], JetOpenFileSectionInstance, JetOpenFileSectionInstanceA, [email protected], JetOpenFileSectionInstanceW, [email protected], JetOpenFileW, [email protected], JetOpenTable, JetOpenTableA, [email protected], JetOpenTableW, [email protected], JetOpenTempTable, JetOpenTempTable2, [email protected], JetOpenTempTable3, [email protected], [email protected], JetOpenTemporaryTable, JetOpenTemporaryTable2, [email protected], [email protected], JetPatchDatabasePages, JetPatchDatabasePagesA, [email protected], JetPatchDatabasePagesW, [email protected], JetPrepareToCommitTransaction, [email protected], JetPrepareUpdate, [email protected], JetPrereadIndexRanges, [email protected], JetPrereadKeys, [email protected], JetPrereadTablesW, [email protected], JetReadFile, [email protected], JetReadFileInstance, [email protected], JetRegisterCallback, [email protected], JetRemoveLogfileA, [email protected], JetRemoveLogfileW, [email protected], JetRenameColumn, JetRenameColumnA, [email protected], JetRenameColumnW, [email protected], JetRenameTable, JetRenameTableA, [email protected], JetRenameTableW, [email protected], JetResetCounter, [email protected], JetResetSessionContext, [email protected], JetResetTableSequential, [email protected], JetResizeDatabase, [email protected], JetRestore, JetRestore2, JetRestore2A, [email protected], JetRestore2W, [email protected], JetRestoreA, [email protected], JetRestoreInstance, JetRestoreInstanceA, [email protected], JetRestoreInstanceW, [email protected], JetRestoreW, [email protected], JetRetrieveColumn, [email protected], JetRetrieveColumns, [email protected], JetRetrieveKey, [email protected], JetRetrieveTaggedColumnList, [email protected], JetRollback, [email protected], JetSeek, [email protected], JetSetColumn, [email protected], JetSetColumnDefaultValue, JetSetColumnDefaultValueA, [email protected], JetSetColumnDefaultValueW, [email protected], JetSetColumns, [email protected], JetSetCurrentIndex, JetSetCurrentIndex2, JetSetCurrentIndex2A, [email protected], JetSetCurrentIndex2W, [email protected], JetSetCurrentIndex3, JetSetCurrentIndex3A, [email protected], JetSetCurrentIndex3W, [email protected], JetSetCurrentIndex4, JetSetCurrentIndex4A, [email protected], JetSetCurrentIndex4W, [email protected], JetSetCurrentIndexA, [email protected], JetSetCurrentIndexW, [email protected], JetSetCursorFilter, [email protected], JetSetDatabaseSize, JetSetDatabaseSizeA, [email protected], JetSetDatabaseSizeW, [email protected], JetSetIndexRange, [email protected], JetSetLS, [email protected], JetSetMaxDatabaseSize, [email protected], JetSetResourceParam, [email protected], JetSetSessionContext, [email protected], JetSetSessionParameter, [email protected], JetSetSystemParameter, JetSetSystemParameterA, [email protected], JetSetSystemParameterW, [email protected], JetSetTableSequential, [email protected], JetSnapshotStart, JetSnapshotStartA, [email protected], JetSnapshotStartW, [email protected], JetSnapshotStop, [email protected], JetStopBackup, [email protected], JetStopBackupInstance, [email protected], JetStopService, [email protected], JetStopServiceInstance, JetStopServiceInstance2, [email protected], [email protected], JetTerm, JetTerm2, [email protected], [email protected], JetTestHook, [email protected], JetTracing, [email protected], JetTruncateLog, [email protected], JetTruncateLogInstance, [email protected], JetUnregisterCallback, [email protected], JetUpdate, JetUpdate2, [email protected], [email protected], JetUpgradeDatabase, JetUpgradeDatabaseA, [email protected], JetUpgradeDatabaseW, [email protected], ese, [email protected], rgEDBGGlobals

PE Resources..................:

Resource type Number of resources
MUI 1
RT_VERSION 1

Resource language Number of resources
ENGLISH US 2
First seen by VirusTotal
2013-02-03 06:41:54 UTC ( 1 day, 13 hours ago )
Last seen by VirusTotal
2013-02-04 20:23:17 UTC ( 3 minutes ago )
File names (max. 25)
esent.dll
esent.dll
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
Thanks! I mentioned this mostly because I saw a video of someone else putting this thru virustotal on youtube, but it was a different version and much older.. just made me wonder.
 

aSILENTfire

Thread Starter
Joined
Mar 9, 2012
Messages
142
Hmm, I just tried to add DuckDuckGo to my Firefox search bar, and then a pop up box asking me to confirm adding it said it was from: jid1-zadieub7xozojw-at-jetpack.. reminds me of all those jet... things listed above.. if someone else has firefox, if you add the duckduckgo search option does it say this?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,046
I think you are trying to overanalyze everything too much and because of that you're suspicious of everything you see.

I don't know much about Windows 8 and nothing about programming....but, the JET stuff that you see in the VirusTotal results refers to the Joint Engine Technology (JET) data store database engine and there's nothing untoward about it. I'm sure the VirusTotal results didn't detect anything but you failed to mention that or provide a link to the results.

Jetpack is a project used to build Firefox add-ons. Whether or not there's any connection between the two having "Jet" in their names, I have no idea. However, it's not something that should raise suspicion if you're downloading the add-on from Mozilla. :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top