cygwin1.dll

Cygwin

Red Hat

cygwin1.dll is the library is part of Cygwin, a GNU and Open Source tools which provide functionality similar to a Linux distribution on Windows which provides POSIX API functionality. The file has been seen being downloaded from 61.143.38.50 and multiple other hosts.
Publisher:
Red Hat

Product:
Cygwin

Description:
Cygwin® POSIX Emulation DLL

Version:
1.7.5

MD5:
26d358a0dc02c618bd5e065cc4c057b0

SHA-1:
125595159a3b52ab282ea15d1530335e4ff2d7b0

SHA-256:
c9c4595355af0659772e41aeebf245b0b077d9c53b44df3c566f570d44d9e177

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/27/2024 5:27:49 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4613

Vba32 AntiVirus
Downloader.AdLoad
3.12.24.3

File size:
2.5 MB (2,608,311 bytes)

Product version:
1.7.5

Copyright:
Copyright © Red Hat, Inc. 1996-2009

Original file name:
cygwin1.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\downloaded Program Files\cygwin1.dll

File PE Metadata
Compilation timestamp:
4/13/2010 2:07:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.56

CTPH (ssdeep):
49152:5gRJyWErLiMbB+XAXibJDt9oUcbGaAoxx6TDZmYP3xK54Qcx2CWvgf6K4J:5g/yWUeFXAXi9DtdcbGZooZmYP04QcxS

Entry address:
0x6B860

Entry point:
55, 89, E5, 81, EC, B8, 00, 00, 00, 8B, 45, 0C, 89, 5D, F4, 89, 75, F8, 89, 7D, FC, 83, F8, 01, 74, 76, 72, 28, 83, F8, 02, 0F, 84, 2B, 02, 00, 00, 83, F8, 03, 74, 2B, 8D, B6, 00, 00, 00, 00, 8B, 5D, F4, B8, 01, 00, 00, 00, 8B, 75, F8, 8B, 7D, FC, 89, EC, 5D, C2, 0C, 00, 8B, 0D, DC, F4, 15, 61, 85, C9, 74, E2, E8, 6D, E4, 04, 00, EB, DB, A1, AC, 84, 16, 61, 85, C0, 74, D2, 64, A1, 04, 00, 00, 00, 8D, 90, 64, CE, FF, FF, 8D, 45, F0, 39, C2, 76, BF, 81, BA, CC, 10, 00, 00, 3F, 17, 63, C7, 75, B3, C7, 44, 24...
 
[+]

Entropy:
6.2489

Code size:
1.3 MB (1,389,568 bytes)

ActiveX Install
Name:
{82EFCE71-9346-4526-963D-4F2C4122904C}


The file cygwin1.dll has been seen being distributed by the following 2 URLs.

http://61.143.38.50/eStudio/dragonfaceEx/.../cygwin1.dll

Scan cygwin1.dll - Powered by Reason Core Security