× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12f369453c9aa5b33b58cbc89850ee690bfc764eebfd8f9e78dc3205693cabb6
File name: 12f369453c9aa5b3_mono.dll
Detection ratio: 0 / 67
Analysis date: 2018-07-26 02:55:20 UTC ( 7 months ago )
Antivirus Result Update
Ad-Aware 20180726
AegisLab 20180726
AhnLab-V3 20180725
Alibaba 20180713
ALYac 20180726
Antiy-AVL 20180726
Arcabit 20180725
Avast 20180726
Avast-Mobile 20180725
AVG 20180726
Avira (no cloud) 20180725
AVware 20180726
Babable 20180725
Baidu 20180726
BitDefender 20180725
Bkav 20180725
CAT-QuickHeal 20180725
ClamAV 20180726
CMC 20180725
Comodo 20180726
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180726
Cyren 20180726
DrWeb 20180726
eGambit 20180726
Emsisoft 20180726
Endgame 20180711
ESET-NOD32 20180726
F-Prot 20180726
F-Secure 20180725
Fortinet 20180726
GData 20180726
Ikarus 20180725
Sophos ML 20180717
Jiangmin 20180726
K7AntiVirus 20180725
K7GW 20180726
Kaspersky 20180726
Kingsoft 20180726
Malwarebytes 20180725
MAX 20180726
McAfee 20180726
McAfee-GW-Edition 20180726
Microsoft 20180725
eScan 20180726
NANO-Antivirus 20180726
Palo Alto Networks (Known Signatures) 20180726
Panda 20180725
Qihoo-360 20180726
Rising 20180726
SentinelOne (Static ML) 20180701
Sophos AV 20180726
SUPERAntiSpyware 20180725
Symantec 20180726
TACHYON 20180726
Tencent 20180726
TheHacker 20180726
TotalDefense 20180722
TrendMicro 20180726
TrendMicro-HouseCall 20180726
Trustlook 20180726
VBA32 20180725
VIPRE 20180726
ViRobot 20180725
Webroot 20180726
Yandex 20180725
Zillya 20180725
ZoneAlarm by Check Point 20180726
Zoner 20180725
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 12:15 PM 3/27/2015
Signers
[+] Unity Technologies SF
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 6/11/2014
Valid to 12:59 AM 6/12/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 901A9920799B230DD7C1582B86F639B7F7A698E3
Serial number 3D 49 0B A4 19 1C CE 04 95 D6 7C AA 20 64 5F A3
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-13 14:04:57
Entry Point 0x00117645
Number of sections 5
PE sections
Overlays
MD5 3a118e7b830c10cd24d694138efe8780
File type data
Offset 2102784
Size 6432
Entropy 7.32
PE imports
GetTokenInformation
CryptAcquireContextW
SetEntriesInAclW
RevertToSelf
LookupAccountSidW
OpenProcessToken
GetNamedSecurityInfoW
FreeSid
CopySid
DuplicateToken
CryptGenRandom
AllocateAndInitializeSid
OpenThreadToken
CryptReleaseContext
ImpersonateLoggedOnUser
GetLengthSid
CreateProcessWithLogonW
GetEffectiveRightsFromAclW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
HeapDestroy
EncodePointer
ReplaceFileW
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetVolumeInformationW
SetErrorMode
GetFileInformationByHandle
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
AddVectoredExceptionHandler
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
OpenThread
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
QueueUserAPC
RaiseException
SetProcessWorkingSetSize
GetPriorityClass
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
CreatePipe
GetExitCodeThread
CreateSemaphoreW
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
SetPriorityClass
WaitForMultipleObjectsEx
TerminateProcess
SetUnhandledExceptionFilter
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetComputerNameW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
UnlockFile
GetFileSize
GetTimeZoneInformation
OpenProcess
CreateDirectoryA
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
DebugBreak
GetProcessHeap
CreateFileMappingW
CompareStringW
GlobalReAlloc
RemoveDirectoryW
FreeEnvironmentStringsW
FindFirstFileExA
FindNextFileW
GetCurrentThreadId
ResetEvent
FreeConsole
GetProcessWorkingSetSize
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GlobalAlloc
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
RemoveVectoredExceptionHandler
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
GetProcessTimes
GetEnvironmentStringsW
WaitForSingleObjectEx
CreateProcessW
LockFile
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
EnumSystemLocalesA
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
OpenSemaphoreW
VirtualAlloc
TransmitFile
SafeArrayGetDim
SafeArrayGetLBound
SysStringLen
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SysFreeString
SafeArrayPutElement
GetModuleInformation
EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
SHGetFolderPathW
ShellExecuteExW
MessageBoxA
SendMessageTimeoutW
WaitForInputIdle
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeEndPeriod
timeSetEvent
timeBeginPeriod
timeGetDevCaps
htonl
getsockname
WSARecv
accept
ioctlsocket
WSAStartup
send
shutdown
htons
inet_ntoa
WSAGetLastError
gethostname
getsockopt
closesocket
ntohl
inet_addr
WSASend
getservbyport
ntohs
select
gethostbyaddr
listen
WSASocketW
__WSAFDIsSet
connect
WSACleanup
gethostbyname
WSASetLastError
recv
WSAIoctl
setsockopt
socket
getpeername
bind
getprotobyname
recvfrom
sendto
getservbyname
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2015:03:13 15:04:57+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
1241088

LinkerVersion
10.0

EntryPoint
0x117645

InitializedDataSize
860672

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 8a9631f7abd1293da2a8143b2c5a5018
SHA1 96d571a0a2e590806288b09297e9460021150bb5
SHA256 12f369453c9aa5b33b58cbc89850ee690bfc764eebfd8f9e78dc3205693cabb6
ssdeep
49152:xUn+OhUDWUic5qza7Yv87i4nx3WwWYB4j0I1fOxcDmjYat9B:4v4cu7nPIw/j59B

authentihash 59f374a905e2d54ee390a700220698ae99427bcfa629e57c1e50987e592654d9
imphash e71f17aabd51a32437c625f2a9ded4af
File size 2.0 MB ( 2109216 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID InstallShield setup (26.8%)
Win32 EXE PECompact compressed (generic) (25.8%)
Win32 Executable MS Visual C++ (generic) (19.4%)
Win64 Executable (generic) (17.2%)
Win32 Dynamic Link Library (generic) (4.0%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2015-04-03 08:17:37 UTC ( 3 years, 10 months ago )
Last submission 2018-07-26 02:55:20 UTC ( 7 months ago )
File names mono.dll
s3kxdifc4wiiayuiwcjjp2kgaaqrkc5v.dll
12F369453C9AA5B33B58CBC89850EE690BFC764EEBFD8F9E78DC3205693CABB6
12f369453c9aa5b3_mono.dll
mono.dll
is-3q503.tmp
tmpoupcgj
tmpwn9bzu
mono.dll
filename
mono.dll.svn-base
mono.dll
mono.dll
mono.dll
mono.dll
12F369453C9AA5B33B58CBC89850EE690BFC764EEBFD8F9E78DC3205693CABB6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!