× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07d4ea36f3e98852c0f6f729e32e691c39c37637017458445c5613a5aeca5fec
File name: samples_analysis_platform
Detection ratio: 0 / 50
Analysis date: 2014-01-21 11:36:20 UTC ( 5 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20140121
Yandex 20140121
AhnLab-V3 20140121
AntiVir 20140121
Antiy-AVL 20140121
Avast 20140121
AVG 20140121
Baidu-International 20131213
BitDefender 20140121
Bkav 20140121
ByteHero 20140121
CAT-QuickHeal 20140121
ClamAV 20140121
CMC 20140115
Commtouch 20140121
Comodo 20140121
DrWeb 20140121
Emsisoft 20140121
ESET-NOD32 20140121
F-Prot 20140121
F-Secure 20140121
Fortinet 20140121
GData 20140121
Ikarus 20140121
Jiangmin 20140121
K7AntiVirus 20140120
K7GW 20140121
Kaspersky 20140121
Kingsoft 20130829
Malwarebytes 20140121
McAfee 20140121
McAfee-GW-Edition 20140121
Microsoft 20140121
eScan 20140121
NANO-Antivirus 20140121
Norman 20140121
nProtect 20140121
Panda 20140120
Qihoo-360 20140121
Rising 20140121
Sophos AV 20140121
SUPERAntiSpyware 20140120
Symantec 20140121
TheHacker 20140120
TotalDefense 20140121
TrendMicro 20140121
TrendMicro-HouseCall 20140121
VBA32 20140121
VIPRE 20140121
ViRobot 20140121
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1987 - 2011

Publisher Transaction Software GmbH
Product Transbase/CD Database System
File version V6.8.1.46 (Build 719)
Description Transbase/CD Database System
Signature verification Certificate out of its validity period
Signers
[+] Transaction Software GmbH
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 10/28/2010
Valid to 12:59 AM 5/22/2011
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbprint 13D5905D7758AA59A573BCE8D3E61A6760635B2A
Serial number 4A DB 74 ED FC FD B2 B7 48 47 20 B3 44 9D BA 83
[+] Thawte Code Signing CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer None
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Packers identified
PEiD Armadillo v1.xx - v2.xx
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-09 10:01:13
Entry Point 0x00001441
Number of sections 5
PE sections
PE imports
DisableThreadLibraryCalls
_initterm
malloc
_adjust_fdiv
free
Ord(125)
Ord(149)
Ord(133)
Ord(141)
Ord(110)
Ord(108)
Ord(109)
Ord(122)
Ord(123)
PE exports
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
24576

ImageVersion
0.0

ProductName
Transbase/CD Database System

FileVersionNumber
6.8.1.46

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0003

CharacterSet
Windows, Latin1

LinkerVersion
6.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
V6.8.1.46 (Build 719)

TimeStamp
2011:03:09 11:01:13+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
V6.8.1.46 (Build 719) $ProjectRevision: 4.1082.1.677 $

FileDescription
Transbase/CD Database System

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 1987 - 2011

MachineType
Intel 386 or later, and compatibles

CompanyName
Transaction Software, D 81829 Munich

CodeSize
4096

FileSubtype
0

ProductVersionNumber
6.8.1.46

EntryPoint
0x1441

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 66a461a2dc3ca4e3c24475308c90e4d8
SHA1 afd62ead147d9e13b2bee0729b1f90f7ee05abde
SHA256 07d4ea36f3e98852c0f6f729e32e691c39c37637017458445c5613a5aeca5fec
ssdeep
192:oaIrJHt8HR97PPoqp//JKDNFrHqvhA/Af/AQjRvd/8YCzou7+w0ZWren:jIrpeHR9NPKDUjRl2UuFW

File size 35.0 KB ( 35800 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
armadillo pedll signed

VirusTotal metadata
First submission 2012-05-26 07:43:55 UTC ( 6 years, 11 months ago )
Last submission 2014-01-21 11:36:20 UTC ( 5 years, 3 months ago )
File names EB9C0D35D807BAD28BF3002DDDE82A0004C44142.dll
TBCRYPT32.dll
samples_analysis_platform
TBCRYPT32.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!