sqlite3x64.dll.bak file report

MD5 ecbd92fd14114c6fb65f264456d53e0a
Latest seen 2022-08-21 23:20:45 (3 years ago)
First seen 2017-05-21 06:06:07 (8 years ago)
Size 952 KB
Publisher SQLite3
Product SQLite3

This report summarizes the file identity, detection status, publisher metadata, observed locations, and technical indicators for sqlite3x64.dll.bak. ThreatInfo does not have a final classification for this sample yet.

sqlite3x64.dll.bak is a Windows file recorded in the ThreatInfo database. It is associated with SQLite3. The reported company name is SQLite3. The current detection status is Undefined, based on the latest analysis from 2022-08-21 23:20:45 (3 years ago).

ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.

File Details

Product Name: SQLite3
Company Name: SQLite3
MD5: ecbd92fd14114c6fb65f264456d53e0a
Size: 952 KB
First Published: 2017-05-21 06:06:07 (8 years ago)
Latest Published: 2022-08-21 23:20:45 (3 years ago)
Status: Undefined (on last analysis)
Analysis Date: 2022-08-21 23:20:45 (3 years ago)

Common Places:

%programfiles%\elex-tech\yac
%programfiles%\firefox\elex-tech\yac
%programfiles%\elex-tech\yac\tmp\7ed95f63upgd\x64
%programfiles%\elex-tech\yac\tmp\4e6678b4upgd\x64
%programfiles%\elex-tech\yac\tmp\671f517fupgd\x64
%programfiles%\elex-tech\yac\tmp\33da21bfupgd\x64
%programfiles%\elex-tech
%programfiles%\elex-tech\yac\tmp\4ad366a6upgd
%programfiles%\elex-tech
%programfiles%\elex-tech

ThreatInfo has observed sqlite3x64.dll.bak in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

sqlite3x64.dll
sqlite3x64.dll.bak

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geography:

21.8%
18.4%
11.5%
8.3%
6.6%
4.7%
4.4%
4.2%
3.4%
2.0%
1.0%
1.0%
0.7%
0.7%
0.7%
0.7%
0.7%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

The strongest geographic signal for this file is Taiwan with 21.8% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10 44.7%
Windows 7 41.8%
Windows 8.1 9.3%
Windows 8 4.2%

The most common operating system signal for sqlite3x64.dll.bak is Windows 10 with 44.7% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

sqlite3x64.dll.bak is identified as pe for 64 systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000180000000
Entry Address: 0x0008eacc

PE Sections:

Name Size of data MD5
.text 741376 2eda8747e87a5444de2bd8ee9b0aee91
.rdata 156160 5a5a5ed18500ed4e57c497134f579c3d
.data 25600 b5b7676e13cb937710b3223d4faa6664
.pdata 41984 922ebb16ce5ccc22b4fac8333f60d53e
.rsrc 1536 a8f55286c6dcf6a79b61f217b68075bf
.reloc 7680 6bd7b473af0e4d6f36efc345e8cf3efe

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal
copyright for information about sqlite3x64.dll.bak