× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f0883f83be7cae60a7f3815576206086abd03e678f135880f45e1da8a8574fc
File name: HypervisorAmd64File
Detection ratio: 0 / 57
Analysis date: 2016-08-30 09:51:04 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20160830
AegisLab 20160830
AhnLab-V3 20160830
Alibaba 20160830
ALYac 20160830
Antiy-AVL 20160830
Arcabit 20160830
Avast 20160830
AVG 20160830
Avira (no cloud) 20160830
AVware 20160830
Baidu 20160830
BitDefender 20160830
Bkav 20160830
CAT-QuickHeal 20160830
ClamAV 20160830
CMC 20160830
Comodo 20160830
Cyren 20160830
DrWeb 20160830
Emsisoft 20160830
ESET-NOD32 20160830
F-Prot 20160830
F-Secure 20160830
Fortinet 20160830
GData 20160830
Ikarus 20160830
Sophos ML 20160830
Jiangmin 20160830
K7AntiVirus 20160830
K7GW 20160830
Kaspersky 20160830
Kingsoft 20160830
Malwarebytes 20160830
McAfee 20160830
McAfee-GW-Edition 20160830
Microsoft 20160830
eScan 20160830
NANO-Antivirus 20160830
nProtect 20160830
Panda 20160830
Qihoo-360 20160830
Rising 20160830
Sophos AV 20160830
SUPERAntiSpyware 20160830
Symantec 20160830
Tencent 20160830
TheHacker 20160829
TotalDefense 20160830
TrendMicro 20160830
TrendMicro-HouseCall 20160830
VBA32 20160830
VIPRE 20160830
ViRobot 20160830
Yandex 20160830
Zillya 20160830
Zoner 20160830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2011 BlueStack Systems, Inc. All Rights Reserved.

Product BlueStacks
Original name HD-Hypervisor-amd64.sys
File version 0.7.5.2700
Description BlueStacks Hypervisor for amd64
Signature verification Signed file, verified signature
Signing date 11:34 AM 9/24/2012
Signers
[+] Bluestack Systems
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/4/2012
Valid to 12:59 AM 3/22/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 22D9A6E8EE52516D8BF1C029C8B3180E04CC66E5
Serial number 32 0E 40 B7 49 5D 08 40 E3 9F C0 C5 9C 37 A2 61
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine x64
Compilation timestamp 2012-09-24 10:34:48
Entry Point 0x00012064
Number of sections 6
PE sections
Overlays
MD5 1c91f88eae71af346c3666a48d8263f6
File type data
Offset 62976
Size 8056
Entropy 7.37
PE imports
KeQueryPerformanceCounter
MmUnmapIoSpace
RtlInitUnicodeString
ZwOpenKey
KeSetTimerEx
ExQueryDepthSList
ZwCreateFile
_local_unwind
RtlNumberGenericTableElements
ExInitializePagedLookasideList
MmMapLockedPagesSpecifyCache
RtlIsGenericTableEmpty
ExpInterlockedPushEntrySList
_vsnwprintf
KeReleaseSpinLock
ZwWriteFile
RtlDeleteElementGenericTable
__C_specific_handler
MmCreateMdl
IoCreateDevice
ExpInterlockedPopEntrySList
ExDeletePagedLookasideList
IoDeleteDevice
IoReleaseCancelSpinLock
ExAcquireFastMutex
RtlLookupElementGenericTable
KeCancelTimer
KeInitializeTimerEx
RtlInsertElementGenericTable
PsThreadType
MmUnmapLockedPages
IoIs32bitProcess
MmMapIoSpace
KeInitializeEvent
IofCompleteRequest
RtlGetElementGenericTable
ExReleaseFastMutex
IoDeleteSymbolicLink
KeSetEvent
RtlTimeToTimeFields
ZwQueryValueKey
RtlInitializeGenericTable
ObReferenceObjectByHandle
ObfDereferenceObject
ExSystemTimeToLocalTime
ExFreePoolWithTag
MmFreePagesFromMdl
KeInitializeDpc
RtlQueryRegistryValues
PsGetCurrentThreadId
DbgPrintEx
MmAllocatePagesForMdl
_vsnprintf
IoCreateSymbolicLink
ZwClose
RtlEnumerateGenericTable
PsCreateSystemThread
ExAllocatePoolWithTag
PsGetCurrentProcessId
KeWaitForSingleObject
KeAcquireSpinLockRaiseToDpc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
14336

ImageVersion
0.0

ProductName
BlueStacks

FileVersionNumber
0.7.5.2700

LanguageCode
English (U.S.)

FileFlagsMask
0x0001

FileDescription
BlueStacks Hypervisor for amd64

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
HD-Hypervisor-amd64.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
0.7.5.2700

TimeStamp
2012:09:24 11:34:48+01:00

FileType
Win64 EXE

PEType
PE32+

ProductVersion
0.7.5.2700

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2011 BlueStack Systems, Inc. All Rights Reserved.

MachineType
AMD AMD64

CompanyName
BlueStack Systems

CodeSize
50176

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x12064

ObjectFileType
Driver

Compressed bundles
File identification
MD5 de6d8fc8f1534aea59eca1eadcbbaeb0
SHA1 de6b59aba8c09c6ad450c5e7b3e79f649ee16f8a
SHA256 1f0883f83be7cae60a7f3815576206086abd03e678f135880f45e1da8a8574fc
ssdeep
1536:ap7nvn1D/YJWbRdHEG5k/n5AXvjwox8kDBjNqKuK2i:Q7nvn1DAJWbRdb5Xvj3ik9jNqFW

authentihash 99f30f644e74b47464be278df9686a8e06953c0fb8301e5122431dfa2c49e3fb
imphash 12e3816afbb86541ceece924cb19c4b7
File size 69.4 KB ( 71032 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2012-10-05 14:40:34 UTC ( 6 years, 6 months ago )
Last submission 2012-11-05 14:35:09 UTC ( 6 years, 5 months ago )
File names hd-hypervisor-amd64.sys
hd-hypervisor-amd64.sys
HD-Hypervisor-amd64.sys
HypervisorAmd64File
vt-upload-gd6zPt
vt-upload-kLNiDS
HD-Hypervisor-amd64.sys
HD-Hypervisor-amd64.sys
HD-Hypervisor-amd64.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!