Jump to content
SubspaceDorito

Strange dated DLL files located

Recommended Posts

Good evening, 

 

When inspecting one of my servers (Server 2016) I noticed these two files in the picture attached and noticed the strange dates. These are giving me huge red flags however I am running malwarebytes premium and it finds nothing. Anyone know what these could be? They are located on C: root. Any help is appreciated!

 

Thanks, 

 

Eric 956294019_weirdfiles.PNG.0b51bb3443a4c739f74d9db6070108a2.PNG

Share this post


Link to post
Share on other sites

Thank you for your response. Here is the outcome on the first file..

Names

 
 
  • sedtconv
  • sedtconv.dll
  • s2dtconv.dll
  • s2dtconv.dll_C9E49.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • s2dtconv.dll.A95D0BB4_0582_442D_B456_D295EAEB7628
  • s2dtconv.dll_9E538.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • s2dtconv.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • s2dtconv.dll_DA1CC.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • s2dtconv.dll.D7932909.E72A.49EA.B73F.21F914C7178F
  • s2dtconv.dll.B29CE6D9.99DB.4955.9267.EE2C3F8E05F8

National Software Reference Library Info

 
 

Products

  • Complete Accounting (Peachtree Software Inc.)
  • Seagate Analysis (Seagate Technology Inc.)
  • MSDN MS Business Solutions Small Bus. Manager 7.5, Great Plains 7.5, Solomon 5.5, FRx Financial Reporter 6.5 for Great Plains and Forecaster 6.5 (Microsoft)
  • Praetorians (Pyro Studios)
  • MSDN Disc 2537.2 (Microsoft)
  • MSDN Disc 2537.3 (Microsoft)
  • MSDN Disc 2537.4 (Microsoft)
  • MSDN Disc 2537.5 (Microsoft)
  • Crystal Reports XI (Business Objects)
  • Peachtree Pro Accounting 2008 (Sage Software)

File Names

  • s2dtconv.dll
  • s2dtconv.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • s2dtconv.dll.A95D0BB4_0582_442D_B456_D295EAEB7628, s2dtconv.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • s2dtconv.dll.A95D0BB4_0582_442D_B456_D295EAEB7628

Portable Executable Info

 
 

Header

Sections

Name
Virtual Address
Virtual Size
Raw Size
Entropy
MD5
.text
4096
47888
48128
6.64
15f9f43d8b575e0810d1c33e022af9e8
.rdata
53248
3234
3584
4.91
7e7de5a1493f0a553dda47ed18d01e72
.data
57344
7656
7168
3.22
76ecac2f2746701009ae2d2c80943524
.idata
65536
1244
1536
4.46
5893110258a7dfc9134f64580d065647
.rsrc
69632
1692
2048
3.01
e38eb4dbc530676885b13324f69d2340
.reloc
73728
2918
3072
6.08
182a9af9e61019dcdc3ee47dc79a6a1f

Imports

 
KERNEL32.dll
 
USER32.dll

Exports

  • DateToYMD
  • GetDataTypeCode
  • GetDataTypeInformation
  • Get_Binary
  • Get_Bit
  • Get_BtrieveDate
  • Get_BtrieveTime
  • Get_Ctime
  • Get_DecMath
  • Get_Decimal

Contained Resources By Type

Contained Resources By Language

Contained Resources

SHA-256
File Type
Type
Language
30d7c3c6e97e94eb6c9016b3fd4289d815c57167ebceeedfbbf4aa348d508d06
ASCII text
RT_STRING
ENGLISH US
00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd
ASCII text
RT_STRING
ENGLISH US
43e4e3a3a95c8eb9c407ca9ca0266c9e5b76f9c2c5a41d841314832678492c81
ASCII text
RT_STRING
ENGLISH US
36acbb6eed13e3ccd74a47e84e555b3ca1950fb832a3523e00e45d9f205403c6
data
RT_VERSION
ENGLISH US

ExifTool File Metadata

 
 

Share this post


Link to post
Share on other sites

The second file came up with a detection. 

 

Names

 
 
  • Sbtrvd32
  • Sbtrvd32.dll
  • Sbtrvd32.dll_1782A.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • Sbtrvd32.dll.A95D0BB4_0582_442D_B456_D295EAEB7628
  • Sbtrvd32.dll_EA17C.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • Sbtrvd32.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • Sbtrvd32.dll_BC3C2.52B4B1EF_C9FD_4D11_86DC_7B7A8C996382
  • Sbtrvd32.dll.D7932909.E72A.49EA.B73F.21F914C7178F
  • Sbtrvd32.dll.B29CE6D9.99DB.4955.9267.EE2C3F8E05F8
  • MPB_WrappedPackageFiles.Package1_File302

Signature Info

 
 

National Software Reference Library Info

 
 

Products

  • Complete Accounting (Peachtree Software Inc.)
  • Seagate Analysis (Seagate Technology Inc.)
  • MSDN MS Business Solutions Small Bus. Manager 7.5, Great Plains 7.5, Solomon 5.5, FRx Financial Reporter 6.5 for Great Plains and Forecaster 6.5 (Microsoft)
  • Praetorians (Pyro Studios)
  • MSDN Disc 2537.2 (Microsoft)
  • MSDN Disc 2537.3 (Microsoft)
  • MSDN Disc 2537.4 (Microsoft)
  • MSDN Disc 2537.5 (Microsoft)
  • Track It Standard Edition (Blue Ocean Software Inc.)
  • Crystal Reports XI (Business Objects)

File Names

  • Sbtrvd32.dll
  • Sbtrvd32.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • Sbtrvd32.dll.A95D0BB4_0582_442D_B456_D295EAEB7628, Sbtrvd32.dll.E56008F3_1AAA_11D3_B325_00A0C9DA500E
  • Sbtrvd32.dll.A95D0BB4_0582_442D_B456_D295EAEB7628

Portable Executable Info

 
 

Header

Sections

Name
Virtual Address
Virtual Size
Raw Size
Entropy
MD5
.text
4096
13195
13312
6.37
7fd1f9803e03d41f469df64dc1104b2d
.rdata
20480
507
512
4.99
07eaabcd458512faa9516d445225edaa
.data
24576
8616
4096
2.87
b3d41766db2a73428914f3d0d70dce9e
.idata
36864
1598
2048
4.21
219acf31e06c2a94b8f9d0fdf4242ce2
.rsrc
40960
1516
1536
3.48
32b001052a8424e71c5e93347db05eb0
.reloc
45056
1700
2048
4.46
12cc251923fb96008e6956ab702b45ab

Imports

 
KERNEL32.dll
 
USER32.dll
 
wbtrv32.dll

Exports

  • DDFCloseDataDictionary
  • DDFCreateDataDictionary
  • DDFCreateTable
  • DDFDropTable
  • DDFGetTableNames
  • DDFGetTableProperties
  • DDFOpenDataDictionary
  • OpenBtrieveFile
  • WEP

Contained Resources By Type

Contained Resources By Language

Contained Resources

SHA-256
File Type
Type
Language
5aa6e753adb1fdb307fe9415162ef456b0110651d23fbfe4752f71436a2fe571
data
RT_DIALOG
ENGLISH US
945227772ec029df68b362d252155c2d02a7b7dee78d92beb75f77067b2ad6f5
data
RT_VERSION
ENGLISH US

ExifTool File Metadata

 
 

Share this post


Link to post
Share on other sites

Can you copy and zip up those files and attach to a reply please...

Share this post


Link to post
Share on other sites

The files are registered to Smithware, must be software you have installed. Not sure about the date, maybe original creation date. Definitely harmless....

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.