× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e023c13db81d898ca8810808d496a555109aba00061aa8a5478344f532e4fd3
File name: fineui0.dll
Detection ratio: 0 / 56
Analysis date: 2016-05-30 09:11:50 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20160530
AegisLab 20160530
AhnLab-V3 20160530
Alibaba 20160530
ALYac 20160530
Antiy-AVL 20160530
Arcabit 20160530
Avast 20160530
AVG 20160530
AVware 20160530
Baidu 20160530
Baidu-International 20160530
BitDefender 20160530
Bkav 20160528
CAT-QuickHeal 20160530
ClamAV 20160530
CMC 20160523
Comodo 20160530
Cyren 20160530
DrWeb 20160530
Emsisoft 20160530
ESET-NOD32 20160530
F-Prot 20160530
F-Secure 20160530
Fortinet 20160530
GData 20160530
Ikarus 20160530
Jiangmin 20160530
K7AntiVirus 20160530
K7GW 20160530
Kaspersky 20160530
Kingsoft 20160530
Malwarebytes 20160530
McAfee 20160530
McAfee-GW-Edition 20160530
Microsoft 20160530
eScan 20160530
NANO-Antivirus 20160530
nProtect 20160527
Panda 20160530
Qihoo-360 20160530
Rising 20160530
Sophos AV 20160530
SUPERAntiSpyware 20160530
Symantec 20160530
Tencent 20160530
TheHacker 20160528
TotalDefense 20160530
TrendMicro 20160530
TrendMicro-HouseCall 20160530
VBA32 20160530
VIPRE 20160530
ViRobot 20160530
Yandex 20160530
Zillya 20160528
Zoner 20160530
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009 ABBYY.

Product FineReader Install
Original name FineUI0.dll
Internal name FineUI0
File version 10.0.503.324
Description Resource DLL
Signature verification Signed file, verified signature
Signing date 11:08 PM 10/14/2010
Signers
[+] ABBYY SOLUTIONS LIMITED
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 3/30/2009
Valid to 12:59 AM 3/30/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 998A850650A3B80BBC0DBC220E3F1B36F42B59BC
Serial number 3F F7 51 C4 F9 F1 4B 49 11 FA 2C 5F EC 00 83 C9
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-14 22:08:20
Number of sections 4
PE sections
Overlays
MD5 fcf7407690ef688f3e12f8a96b943595
File type data
Offset 98304
Size 5384
Entropy 7.21
PE exports
Number of PE resources by type
RT_DIALOG 45
RT_STRING 28
RT_MENU 2
ABBYY_SIGNATURE 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 77
NEUTRAL 1
PE resources
ExifTool file metadata
LegalTrademarks
ABBYY, ABBYY FineReader, FineReader are either registered trademarks or trademarks of ABBYY Software Ltd.

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.503.324

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Resource DLL

CharacterSet
Unicode

InitializedDataSize
96768

EntryPoint
0x0000

OriginalFileName
FineUI0.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009 ABBYY.

FileVersion
10.0.503.324

TimeStamp
2010:10:14 23:08:20+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
FineUI0

ProductVersion
10.0.503.324

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ABBYY.

CodeSize
512

ProductName
FineReader Install

ProductVersionNumber
10.0.503.324

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 3c2b9faca0d5aeadcd235764c73a84cf
SHA1 f9be6a9d67d2498f8b9bd3420a99fb2b2aee0887
SHA256 1e023c13db81d898ca8810808d496a555109aba00061aa8a5478344f532e4fd3
ssdeep
1536:jjcu9xDXpjBJK15MB9jPe32qQ5bhEFkqCJ:rXdrcaB9jPe32JfEF2

authentihash 1d8ec0b7fba90b9f32270f3c0fcb34d494476aa538f0ae09f3b578be73c4ece0
File size 101.3 KB ( 103688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2010-11-03 16:30:45 UTC ( 8 years, 4 months ago )
Last submission 2010-11-03 16:30:45 UTC ( 8 years, 4 months ago )
File names FineUI0.dll
1CD0F1880869CCEC950C013B3C2E0700E895759C.dll
FineUI0
fineui0.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!