× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dea8005220a3efec6e32a7de4386026ccc1e5328e2fdcb82b1fb335905d1962
File name: MsPMSNSv.dll
Detection ratio: 0 / 65
Analysis date: 2017-08-13 15:27:02 UTC ( 1 month, 1 week ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170813
AVG 20170813
AVware 20170813
Ad-Aware 20170813
AegisLab 20170813
AhnLab-V3 20170813
Antiy-AVL 20170813
Arcabit 20170813
Avast 20170813
Avira (no cloud) 20170813
Baidu 20170811
BitDefender 20170813
Bkav 20170812
CAT-QuickHeal 20170812
CMC 20170813
ClamAV 20170813
Comodo 20170813
CrowdStrike Falcon (ML) 20170804
Cylance 20170813
Cyren 20170813
DrWeb 20170813
ESET-NOD32 20170813
Emsisoft 20170813
Endgame 20170721
F-Prot 20170813
F-Secure 20170813
Fortinet 20170813
GData 20170813
Ikarus 20170813
Sophos ML 20170607
Jiangmin 20170813
K7AntiVirus 20170813
K7GW 20170813
Kaspersky 20170813
Kingsoft 20170813
MAX 20170813
Malwarebytes 20170813
McAfee 20170813
McAfee-GW-Edition 20170813
eScan 20170813
Microsoft 20170813
NANO-Antivirus 20170813
Palo Alto Networks (Known Signatures) 20170813
Panda 20170813
Qihoo-360 20170813
Rising 20170813
SUPERAntiSpyware 20170813
SentinelOne (Static ML) 20170806
Sophos AV 20170813
Symantec 20170812
Tencent 20170813
TheHacker 20170810
TotalDefense 20170813
TrendMicro 20170813
TrendMicro-HouseCall 20170813
VBA32 20170811
VIPRE 20170813
ViRobot 20170813
Webroot 20170813
WhiteArmor 20170731
Yandex 20170807
Zillya 20170811
ZoneAlarm by Check Point 20170813
Zoner 20170813
nProtect 20170813
Alibaba 20170811
Symantec Mobile Insight 20170811
Trustlook 20170813
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp.

Product Windows Media Device Manager
Original name MsPMSNSv.dll
Internal name MsPMSNSv.dll
File version 10.0.3790.3802
Description Microsoft Media Device Service Provider
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-01-28 16:53:18
Entry Point 0x00003640
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
RegQueryValueExA
ControlService
DeleteService
GetSecurityInfo
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
DeregisterEventSource
QueryServiceStatus
SetSecurityInfo
RegisterEventSourceA
RegOpenKeyExA
RegCreateKeyA
SetServiceStatus
ImpersonateNamedPipeClient
RegEnumKeyExA
RegisterServiceCtrlHandlerA
CreateServiceA
RevertToSelf
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
StartServiceA
SetEntriesInAclA
OpenSCManagerA
ReportEventA
DeviceIoControl
CloseHandle
GetDriveTypeW
GetOverlappedResult
GetLastError
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
EnterCriticalSection
GetTickCount
DisableThreadLibraryCalls
GetVersionExA
GetModuleFileNameA
CreateNamedPipeA
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
CancelIo
WaitNamedPipeW
WideCharToMultiByte
DisconnectNamedPipe
ReadFile
SetUnhandledExceptionFilter
WriteFile
CompareStringA
GetSystemTimeAsFileTime
GetSystemDirectoryA
WaitForMultipleObjects
SetEvent
LocalFree
FormatMessageW
TerminateProcess
ConnectNamedPipe
InitializeCriticalSection
CreateFileW
CreateEventA
Sleep
FormatMessageA
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
LocalAlloc
SetLastError
ResetEvent
wsprintfA
CharUpperA
_except_handler3
_purecall
malloc
memmove
??2@YAPAXI@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcscpy
wcslen
wcscmp
atoi
_initterm
_stricmp
PE exports
Number of PE resources by type
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.2

FileSubtype
0

FileVersionNumber
10.0.3790.3802

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x3640

OriginalFileName
MsPMSNSv.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp.

FileVersion
10.0.3790.3802

TimeStamp
2005:01:28 17:53:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MsPMSNSv.dll

ProductVersion
10.0.3790.3802

FileDescription
Microsoft Media Device Service Provider

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
19968

ProductName
Windows Media Device Manager

ProductVersionNumber
10.0.3790.3802

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 140ef97b64f560fd78643cae2cdad838
SHA1 36f35a3efda1968b81ff1ef1ff45b7ae6a699d43
SHA256 1dea8005220a3efec6e32a7de4386026ccc1e5328e2fdcb82b1fb335905d1962
ssdeep
768:4Qrdsm8uQT3uVCauaQld9CV6rWJDiKMTo:4Qrdsm8uQ6Ubd9CRDiKMT

authentihash 47d995a6c0bdcac9d5bbe1ed54490dd7ea62f61d2fce04b18eb0799b78b767b6
imphash 946399708f3ef5f2005d55e52c36e399
File size 24.5 KB ( 25088 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with rep_wmp10_mspmsnsv.dll as its name. The file belongs to the Windows XP Embedded product, it can be found, for example, in SW CD Windows XP Embed w/SP2 EMB English #1 Feature Pack 2007 OEM.
VirusTotal metadata
First submission 2009-02-16 23:03:17 UTC ( 8 years, 7 months ago )
Last submission 2017-08-13 15:27:02 UTC ( 1 month, 1 week ago )
File names bak.dll
MsPMSNSv.dll
MsPMSNSv.dll
041120151051365707_mspmsnsv.dll
mspmsnsv (3).dll
MsPMSNSv.dll
rep_wmp10_mspmsnsv.dll
MsPMSNSv.dll
9923D9A9005069B962370053583EFD00738AFF3A.dll
MsPMSNSv.dll
140ef97b64f560fd78643cae2cdad838
file-2965502_dll
mspmsnsv.dll
MsPMSNSv.dll_ty
140ef97b64f560fd78643cae2cdad838___MsPMSNSv.dll
6d407400-sample
11012014214011550_mspmsnsv.dll
011320150943072428_mspmsnsv.dll
36f35a3efda1968b81ff1ef1ff45b7ae6a699d43
F.tmp
wmp10_mspmsnsv.dll
140EF97B64F560FD78643CAE2CDAD838
mspmsnsv.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!