× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d3c8775f525e8cf6663a9ab5ce5a94b982b9863916f705c0409a0ec23de68b5
File name: 1FFEBCB1B245C9A65402C382001413D373E657AD
Detection ratio: 12 / 57
Analysis date: 2016-03-10 01:17:35 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Application.Generic!c 20160309
AVG Superfish.A 20160310
Avira (no cloud) ADWARE/SuperFish.137728 20160310
AVware Adware.Win32.Superfish (v) 20160310
Baidu-International Adware.Win32.SuperFish.A 20160309
ESET-NOD32 a variant of Win32/Adware.SuperFish.A 20160309
GData Win32.Riskware.Fishbone.C 20160310
Malwarebytes PUP.Optional.SuperFish 20160309
NANO-Antivirus Riskware.Win32.SuperFish.dorbpm 20160309
Sophos AV Generic PUA BP (PUA) 20160309
Tencent Win32.Risk.Adware.Syrk 20160310
VIPRE Adware.Win32.Superfish (v) 20160310
Ad-Aware 20160310
Yandex 20160308
AhnLab-V3 20160309
Alibaba 20160309
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
Avast 20160310
Baidu 20160225
BitDefender 20160310
Bkav 20160309
ByteHero 20160310
CAT-QuickHeal 20160309
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160309
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160309
K7GW 20160309
Kaspersky 20160309
McAfee 20160309
McAfee-GW-Edition 20160309
Microsoft 20160309
eScan 20160309
nProtect 20160309
Panda 20160309
Qihoo-360 20160310
Rising 20160309
SUPERAntiSpyware 20160309
Symantec 20160309
TheHacker 20160309
TotalDefense 20160308
TrendMicro 20160309
TrendMicro-HouseCall 20160309
VBA32 20160309
ViRobot 20160310
Zillya 20160309
Zoner 20160309
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Product SuperfishCert.dll
File version 2.2.8.23
Comments SuperfishCert.dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-12 16:56:12
Entry Point 0x0000AF95
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
CryptGetHashParam
RegQueryValueExA
CryptReleaseContext
LookupAccountNameW
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
ConvertSidToStringSidA
CryptDestroyHash
CryptCreateHash
CertOpenStore
CryptStringToBinaryA
CertCloseStore
CryptBinaryToStringA
CertAddEncodedCertificateToStore
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
Process32Next
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
CreateThread
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
Process32First
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
RaiseException
CloseHandle
GetCPInfo
GetStringTypeA
SetFilePointer
LocalFree
ReadFile
GetTickCount
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
FindFirstFileA
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
GetEnvironmentVariableA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
SetLastError
VirtualFree
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
FindWindowA
FindWindowExA
PostMessageA
waveOutSetVolume
waveOutGetVolume
htonl
htons
ntohs
ntohl
PR_Init
PR_Read
PR_ErrorToString
PR_GetSpecialFD
PR_Seek
PR_GetOpenFileInfo
PR_GetError
PR_fprintf
PR_Close
PR_Cleanup
PR_Open
CERT_DestroyCertList
NSS_NoDB_Init
CERT_GetDefaultCertDB
CERT_GetOrgName
PORT_GetError
SECMOD_AddNewModule
CERT_AsciiToName
PK11_GetTokenName
BTOA_DataToAscii
CERT_DecodeTrustString
CERT_GetCertTrust
PK11_ImportCert
CERT_DestroyCertificate
CERT_GetCommonName
PORT_ZAlloc
PK11_ListCerts
CERT_ChangeCertTrust
NSS_Shutdown
NSS_Initialize
PK11_FreeSlot
PK11_GetInternalKeySlot
CERT_DestroyName
PORT_Free
NSS_Get_SECOID_AlgorithmIDTemplate_Util
PORT_SetError_Util
PORT_Alloc_Util
PORT_Realloc_Util
SECITEM_FreeItem_Util
PORT_GetError_Util
SECITEM_AllocItem_Util
ATOB_ConvertAsciiToItem_Util
PORT_Free_Util
CERT_DecodeCertFromPackage
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
SuperfishCert.dll

InitializedDataSize
41472

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.8.23

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

EntryPoint
0xaf95

MIMEType
application/octet-stream

FileVersion
2.2.8.23

TimeStamp
2014:05:12 17:56:12+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
2.2.8.23

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Superfish, Inc.

CodeSize
95232

ProductName
SuperfishCert.dll

ProductVersionNumber
2.2.8.23

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 ce0433a73fcfb1a93da5ee76c9c20fec
SHA1 1ffebcb1b245c9a65402c382001413d373e657ad
SHA256 4d3c8775f525e8cf6663a9ab5ce5a94b982b9863916f705c0409a0ec23de68b5
ssdeep
1536:TuAhcr/WXqMEPNRysT6sIS3nSg8pEspzb+o91XHRsBR8FBFCa9Rc75pAky:TuksD8o8S2LTRlCa/q5pAk

authentihash 214452dccbb2225297520a0cc45c8b580a9ca69680f7fc374f4f0064fe2a5c26
imphash e6e4410a53457b3f6428f920a7e2337f
File size 134.5 KB ( 137728 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll

VirusTotal metadata
First submission 2015-02-20 01:38:01 UTC ( 2 years, 7 months ago )
Last submission 2015-03-17 09:18:43 UTC ( 2 years, 6 months ago )
File names 1FFEBCB1B245C9A65402C382001413D373E657AD
SuperfishCert_unpacked.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!