× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ba10f38f77ca53e1314aff9c55dc51220d96b719da1f541876e75b6af71e2a3
File name: PictureDll
Detection ratio: 0 / 72
Analysis date: 2019-04-25 08:13:14 UTC ( 4 weeks ago )
Antivirus Result Update
Acronis 20190425
Ad-Aware 20190425
AegisLab 20190425
AhnLab-V3 20190425
Alibaba 20190425
ALYac 20190425
Antiy-AVL 20190425
Arcabit 20190425
Avast 20190425
Avast-Mobile 20190424
AVG 20190425
Avira (no cloud) 20190425
Babable 20190424
Baidu 20190318
BitDefender 20190425
Bkav 20190425
CAT-QuickHeal 20190425
ClamAV 20190425
CMC 20190321
Comodo 20190425
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190425
Cyren 20190425
DrWeb 20190425
eGambit 20190425
Emsisoft 20190425
Endgame 20190403
ESET-NOD32 20190425
F-Prot 20190425
F-Secure 20190424
FireEye 20190425
Fortinet 20190425
GData 20190425
Ikarus 20190425
Sophos ML 20190313
Jiangmin 20190425
K7AntiVirus 20190425
K7GW 20190425
Kaspersky 20190425
Kingsoft 20190425
Malwarebytes 20190425
MAX 20190425
McAfee 20190425
McAfee-GW-Edition 20190425
Microsoft 20190425
eScan 20190425
NANO-Antivirus 20190425
Palo Alto Networks (Known Signatures) 20190425
Panda 20190424
Qihoo-360 20190425
Rising 20190425
SentinelOne (Static ML) 20190420
Sophos AV 20190425
SUPERAntiSpyware 20190423
Symantec 20190425
Symantec Mobile Insight 20190418
TACHYON 20190425
Tencent 20190425
TheHacker 20190421
TotalDefense 20190425
Trapmine 20190325
TrendMicro 20190425
TrendMicro-HouseCall 20190425
Trustlook 20190425
VBA32 20190424
VIPRE 20190424
ViRobot 20190425
Webroot 20190425
Yandex 20190424
Zillya 20190424
ZoneAlarm by Check Point 20190425
Zoner 20190424
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright ARK 2007

Product ark PictureDll
Original name PictureDll.sys
Internal name PictureDll
File version 1, 5, 0, 0
Description PictureDll
Signature verification Signed file, verified signature
Signing date 8:54 AM 10/31/2009
Signers
[+] Ark Pioneer Microelectronics (Shenzhen) Co., Ltd.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 12:00 AM 04/21/2009
Valid to 11:59 PM 04/21/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B1969B60036D3A823493C260833591C7BA0EF2FC
Serial number 18 14 1A 1A 7A 5B C2 51 8E 89 D6 8F 7B A9 D5 AC
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 07/16/2004
Valid to 11:59 PM 07/15/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 01:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2009-10-31 06:26:04
Entry Point 0x00850020
Number of sections 8
PE sections
Overlays
MD5 ef7796e6b07466aa7eb1a7177af6cff1
File type data
Offset 8666112
Size 6728
Entropy 7.30
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
8675328

ImageVersion
5.2

ProductName
ark PictureDll

FileVersionNumber
1.5.0.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
PictureDll.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
1, 5, 0, 0

TimeStamp
2009:10:31 07:26:04+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
PictureDll

ProductVersion
1, 5, 0, 0

FileDescription
PictureDll

OSVersion
5.2

FileOS
Windows NT 32-bit

LegalCopyright
Copyright ARK 2007

MachineType
AMD AMD64

CompanyName
ark

CodeSize
29184

FileSubtype
0

ProductVersionNumber
1.5.0.0

EntryPoint
0x850020

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 0973f3b278ff7e5296881d40a17f05f9
SHA1 5c4721377baf6aca4c49300267de50a3fc412299
SHA256 2ba10f38f77ca53e1314aff9c55dc51220d96b719da1f541876e75b6af71e2a3
ssdeep
49152:lop0Pe0Sq0q0Sq0GDiJdvH36gyvH36gc36gcv+36gcvX36gcv436gcvH36gcv73o:lopR7K/H

authentihash 2ea8630c4e8486c292831e349d2b924b4a4efb3cc68da55b100fd97d6d738f64
File size 8.3 MB ( 8672840 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2013-02-07 13:47:43 UTC ( 6 years, 3 months ago )
Last submission 2013-02-07 13:47:43 UTC ( 6 years, 3 months ago )
File names PictureDll.sys
PictureDll.sys
PictureDll
PictureDll.SYS
PictureDll.sys
PictureDll.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!