home

Microsoft.Practices.EnterpriseLibrary.Caching.dll

Microsoft Enterprise Library for .NET

Iminent

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module Microsoft.Practices.EnterpriseLibrary.Caching.dll, “Enterprise Library Caching Application Block” by Iminent has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Iminent)

Product:
Microsoft Enterprise Library for .NET

Description:
Enterprise Library Caching Application Block

Version:
5.0.414.0

MD5:
fe0e3d9e0bdc6b0839d825ac0c1d26ae

SHA-1:
1ed01f1458da80c627ae0d5bca26f04c5132e52a

SHA-256:
5dbc9ed092008bcfacd895b66c8a8452d348aac9777314a7c25408f4a85b0f34

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:28:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.Iminent (M)
16.2.12.8

File size:
150 KB (153,576 bytes)

Product version:
5.0.414.0

Original file name:
Microsoft.Practices.EnterpriseLibrary.Caching.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\iminent\microsoft.practices.enterpriselibrary.caching.dll

Digital Signature
Signed by:
Iminent

Authority:
GlobalSign nv-sa

Valid from:
1/26/2010 4:31:06 PM

Valid to:
1/27/2012 4:31:03 PM

Subject:
CN=Iminent, O=Iminent, L=Paris, S=France, C=FR

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001266AC7D81A

File PE Metadata
Compilation timestamp:
4/17/2010 1:11:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:TEnmAKdNajjsWXaSDWUVFeT2pWHrctJH4BcSDU:TGONajjsWXaSDWUVFeTyWHQHLS

Entry address:
0x2229E

Entry point:
FF, 25, 00, 20, 00, 11, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3909

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
132 KB (135,168 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.