× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 58098a479b7db74de938f5a9dd3e474ea5ec52ad46883a659a5d490daf01c75d
File name: rpcss.dll
Detection ratio: 0 / 65
Analysis date: 2018-11-13 21:06:57 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181113
AhnLab-V3 20181113
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Arcabit 20181113
Avast 20181113
Avast-Mobile 20181113
AVG 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181113
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
CrowdStrike Falcon (ML) 20181022
Cybereason 20180308
Cylance 20181113
Cyren 20181113
DrWeb 20181113
eGambit 20181113
Emsisoft 20181113
Endgame 20181108
ESET-NOD32 20181113
F-Prot 20181113
F-Secure 20181113
Fortinet 20181113
GData 20181113
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181113
Kingsoft 20181113
Malwarebytes 20181113
MAX 20181113
McAfee 20181113
McAfee-GW-Edition 20181113
Microsoft 20181113
eScan 20181113
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
Panda 20181113
Qihoo-360 20181113
Rising 20181113
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181107
Symantec 20181113
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TrendMicro 20181113
TrendMicro-HouseCall 20181113
Trustlook 20181113
VBA32 20181113
ViRobot 20181113
Webroot 20181113
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name rpcss.dll
Internal name rpcss.dll
File version 5.1.2600.7594 (xpsp_sp3_qfe_escrow.181110-0815)
Description Distributed COM Services
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-11 01:50:15
Entry Point 0x0001C1A0
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
ImpersonateAnonymousToken
ConvertSidToStringSidW
AccessCheck
LsaClose
SaferCreateLevel
OpenServiceW
ControlService
InitializeAcl
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
RegQueryValueExW
GetSecurityDescriptorLength
LsaOpenPolicy
SetSecurityDescriptorDacl
CommandLineFromMsiDescriptor
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterEventSourceW
OpenProcessToken
RegQueryValueA
QueryServiceStatus
SetServiceStatus
AddAccessAllowedAce
RegOpenKeyExW
LsaFreeMemory
SystemFunction036
SetTokenInformation
RegOpenKeyW
LookupAccountNameW
RegisterServiceCtrlHandlerExW
LsaQueryInformationPolicy
CopySid
AllocateLocallyUniqueId
SaferiCompareTokenLevels
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
SaferCloseLevel
CloseServiceHandle
IsValidSid
GetSidIdentifierAuthority
RegQueryInfoKeyW
GetSecurityDescriptorDacl
CryptGenRandom
ChangeServiceConfigW
CryptAcquireContextW
RevertToSelf
GetSidSubAuthorityCount
GetLengthSid
GetAce
CreateProcessAsUserW
LsaRetrievePrivateData
OpenThreadToken
RegEnumValueW
SaferComputeTokenFromLevel
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
DeregisterEventSource
ImpersonateLoggedOnUser
RegQueryValueW
SetThreadToken
EqualSid
CreateWellKnownSid
IsValidSecurityDescriptor
RegOpenUserClassesRoot
GetDriveTypeW
ReleaseMutex
WaitForSingleObject
DebugBreak
DuplicateHandle
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
LocalAlloc
MapViewOfFileEx
LoadLibraryExW
lstrcatW
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
ReleaseActCtx
GetDiskFreeSpaceA
FindActCtxSectionStringW
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
LoadLibraryExA
DelayLoadFailureHook
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
DeleteTimerQueueTimer
RegisterWaitForSingleObject
InterlockedExchangeAdd
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
GlobalMemoryStatus
SearchPathW
GetCurrentThreadId
LeaveCriticalSection
SleepEx
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
LoadLibraryA
OpenProcess
FindActCtxSectionGuid
GetProcAddress
GetProcessHeap
GetComputerNameW
lstrcpyW
WaitNamedPipeW
ExpandEnvironmentStringsW
ResetEvent
CreateTimerQueueTimer
GetComputerNameA
FindFirstFileW
TerminateProcess
lstrcmpW
WaitForMultipleObjects
CreateEventW
CreateFileW
CreateEventA
TlsSetValue
InterlockedIncrement
GetLastError
CreateFileMappingW
GetSystemInfo
lstrlenA
lstrlenW
CreateProcessW
GetCurrentProcessId
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
MapViewOfFile
ReadFile
CloseHandle
GetModuleHandleW
AddRefActCtx
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
VirtualAlloc
RpcBindingSetObject
RpcServerInqBindings
RpcRevertToSelf
MesHandleFree
NdrMesTypeAlignSize2
RpcAsyncCancelCall
RpcBindingReset
RpcBindingToStringBindingW
RpcImpersonateClient
RpcMgmtIsServerListening
RpcMgmtSetServerStackSize
RpcStringBindingComposeW
NdrAsyncClientCall
RpcServerRegisterAuthInfoW
I_RpcAllocate
TowerExplode
NdrAsyncServerCall
RpcBindingFree
I_RpcSystemFunction001
MesDecodeBufferHandleCreate
I_RpcExceptionFilter
NdrMesTypeEncode2
RpcRevertToSelfEx
I_RpcBindingInqLocalClientPID
RpcStringFreeW
RpcServerUnregisterIf
NdrServerCall2
NdrClientCall2
I_RpcServerSetAddressChangeFn
RpcAsyncInitializeHandle
I_RpcServerInqLocalConnAddress
RpcBindingSetAuthInfoW
RpcMgmtEnableIdleCleanup
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
I_RpcBindingInqTransportType
RpcRaiseException
RpcBindingSetOption
I_RpcFree
RpcAsyncCompleteCall
RpcServerRegisterIfEx
MesEncodeFixedBufferHandleCreate
I_RpcServerCheckClientRestriction
RpcServerUseProtseqEpExW
RpcBindingSetAuthInfoExW
RpcServerRegisterIf2
RpcBindingCopy
RpcServerListen
I_RpcServerRegisterForwardFunction
RpcBindingFromStringBindingW
NdrMesTypeDecode2
UuidCreate
RpcBindingVectorFree
EnumerateSecurityPackagesW
LsaLookupAuthenticationPackage
LsaLogonUser
LsaFreeReturnBuffer
FreeContextBuffer
LsaRegisterLogonProcess
LoadStringW
CharUpperW
wsprintfW
htons
gethostname
socket
bind
gethostbyname
WSAIoctl
getsockname
inet_ntoa
WSASetServiceW
closesocket
WSAGetLastError
_purecall
strncmp
malloc
_ftol
wcschr
__dllonexit
_stricmp
swprintf
wcstol
towupper
_vsnwprintf
_except_handler3
_onexit
wcslen
_resetstkoflw
wcsncpy
_wcsicmp
_adjust_fdiv
free
ceil
wcscat
memmove
wcscpy
_ultow
_initterm
_wtoi
NtOpenSection
RtlCreateAcl
RtlImageNtHeader
RtlCreateSecurityDescriptor
RtlInitUnicodeString
RtlSetGroupSecurityDescriptor
RtlInitializeSid
RtlInitializeCriticalSection
RtlSubAuthoritySid
NtClose
NtFsControlFile
NtQueryInformationToken
DbgPrint
NtCompareTokens
RtlAllocateAndInitializeSid
RtlSetSaclSecurityDescriptor
RtlCopySid
RtlLengthRequiredSid
NtQuerySystemInformation
RtlAllocateHeap
RtlEqualUnicodeString
NtOpenFile
RtlEqualSid
NtSetInformationProcess
RtlNtStatusToDosError
NtCreateFile
RtlFreeHeap
RtlAddAce
RtlLengthSid
RtlDeleteCriticalSection
RtlGetNtProductType
NtAllocateLocallyUniqueId
NtDuplicateToken
NtOpenKey
RtlSetDaclSecurityDescriptor
RtlAdjustPrivilege
NtSetUuidSeed
RtlInitString
RtlSetOwnerSecurityDescriptor
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
147456

ImageVersion
5.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.7594

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
dll

OriginalFileName
rpcss.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.1.2600.7594 (xpsp_sp3_qfe_escrow.181110-0815)

TimeStamp
2018:11:11 02:50:15+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
rpcss.dll

ProductVersion
5.1.2600.7594

FileDescription
Distributed COM Services

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
256000

FileSubtype
0

ProductVersionNumber
5.1.2600.7594

EntryPoint
0x1c1a0

ObjectFileType
Dynamic link library

File identification
MD5 251e58314080e96a267d933960893ceb
SHA1 5d633de8ab5f5c1c2cc936735e0690a26ee8fc5f
SHA256 58098a479b7db74de938f5a9dd3e474ea5ec52ad46883a659a5d490daf01c75d
ssdeep
6144:iO9hIdHK5i/1ja3N1YjpsYSZtlSGGsRoeiMAGLom:iO9ami/1+3cslFoXGLo

authentihash 90c8ab071e1da842dcb52ac318f7746019b06f90932836e1ed0930f67fb0afcb
imphash 4ccdc7868cf9f31762d1310e1f7abaa7
File size 395.0 KB ( 404480 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2018-11-13 21:06:57 UTC ( 5 months, 1 week ago )
Last submission 2018-11-14 15:00:24 UTC ( 5 months, 1 week ago )
File names rpcss.dll
rpcss.dll
rpcss.dll
rpcss.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!