× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d172d0818ad80f2bb4053458c77197b15f8e93a96425699311fe8dd97609d09
File name: 1707C87D8832CAFBA5C2012E393C4B00D211A705.dll
Detection ratio: 0 / 54
Analysis date: 2014-11-03 23:19:45 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20141103
AegisLab 20141103
Yandex 20141103
AhnLab-V3 20141103
Antiy-AVL 20141103
Avast 20141103
AVG 20141103
Avira (no cloud) 20141103
AVware 20141103
Baidu-International 20141103
BitDefender 20141103
Bkav 20141027
ByteHero 20141104
CAT-QuickHeal 20141103
ClamAV 20141103
CMC 20141103
Comodo 20141103
Cyren 20141103
DrWeb 20141103
Emsisoft 20141103
ESET-NOD32 20141103
F-Prot 20141103
F-Secure 20141103
Fortinet 20141103
GData 20141104
Ikarus 20141103
Jiangmin 20141103
K7AntiVirus 20141103
K7GW 20141103
Kaspersky 20141103
Kingsoft 20141104
Malwarebytes 20141103
McAfee 20141103
McAfee-GW-Edition 20141103
Microsoft 20141103
eScan 20141103
NANO-Antivirus 20141103
Norman 20141103
nProtect 20141103
Qihoo-360 20141104
Rising 20141103
Sophos AV 20141103
SUPERAntiSpyware 20141103
Symantec 20141103
Tencent 20141104
TheHacker 20141102
TotalDefense 20141103
TrendMicro 20141103
TrendMicro-HouseCall 20141103
VBA32 20141103
VIPRE 20141103
ViRobot 20141103
Zillya 20141103
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Emurasoft
Signature verification Signed file, verified signature
Signing date 7:23 PM 5/29/2010
Signers
[+] Emurasoft
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 11/16/2009
Valid to 12:59 AM 5/27/2011
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbprint EA471E16AF71F0541E1BD1D8E367E24FF6832A2D
Serial number 5A 43 45 0B A4 AC 88 AE 10 A0 B1 18 69 66 25 62
[+] Thawte Code Signing CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/6/2003
Valid to 12:59 AM 8/6/2013
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] Thawte Premium Server CA (SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 8/1/1996
Valid to 12:59 AM 1/2/2021
Valid usage Server Auth, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbprint E0AB059420725493056062023670F7CD2EFC6666
Serial number 36 12 22 96 C5 E3 38 A5 20 A1 D2 5F 4C D7 09 54
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-29 18:23:12
Entry Point 0x000072C2
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragEnter
ImageList_EndDrag
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
TlsGetValue
GetFullPathNameW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
ExitThread
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetProcAddress
CompareStringW
FindNextFileW
ResetEvent
FindFirstFileW
CreateEventW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PathStripPathW
PathCombineW
PathIsDirectoryW
PathAppendW
ClientToScreen
GetParent
EndDialog
DestroyMenu
PostQuitMessage
LoadMenuW
SetWindowLongW
IsWindow
PeekMessageW
EnableWindow
SetCapture
ReleaseCapture
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
CheckDlgButton
DispatchMessageW
GetKeyState
GetCursorPos
SendMessageW
LoadStringA
LoadStringW
SetWindowTextW
GetDlgItem
SetMenuDefaultItem
MessageBoxW
EnableMenuItem
ScreenToClient
GetSubMenu
CallWindowProcW
TrackPopupMenu
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
GetAncestor
DestroyWindow
PE exports
Number of PE resources by type
RT_BITMAP 8
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:05:29 19:23:12+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
66048

LinkerVersion
9.0

FileAccessDate
2014:11:04 00:20:53+01:00

EntryPoint
0x72c2

InitializedDataSize
43520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:11:04 00:20:53+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b1ed74cac23231f51cb50f3b558205cc
SHA1 d3c22c3848635f60a21d5a229f953adead013c9c
SHA256 3d172d0818ad80f2bb4053458c77197b15f8e93a96425699311fe8dd97609d09
ssdeep
1536:y39YGFm+AXdsdAhmRd6rBF+ST6L1h/Taz0eggPYB+6cO4e4LrgB2:yiGFm+ANDZvtzdgWYB+6cOH4Yk

authentihash dcf4ac1154668ed6770ad1731155d154e0147eca66d8aafadd304603036f1790
imphash 9d0f30bf0d57a34224c8f0a506774fb5
File size 105.4 KB ( 107912 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll signed

VirusTotal metadata
First submission 2010-06-09 03:20:26 UTC ( 8 years, 9 months ago )
Last submission 2010-06-09 03:20:26 UTC ( 8 years, 9 months ago )
File names 1707C87D8832CAFBA5C2012E393C4B00D211A705.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!