× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f096a82cc6e3f23ac839436107a227be4f61fbab6068e0d985affd8568a4337
File name: NAdvLog
Detection ratio: 0 / 67
Analysis date: 2017-11-17 14:13:25 UTC ( 12 months ago )
Antivirus Result Update
Ad-Aware 20171117
AegisLab 20171117
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171117
Antiy-AVL 20171117
Arcabit 20171117
Avast 20171117
Avast-Mobile 20171117
AVG 20171117
Avira (no cloud) 20171117
AVware 20171117
Baidu 20171117
BitDefender 20171117
Bkav 20171117
CAT-QuickHeal 20171117
ClamAV 20171117
CMC 20171117
Comodo 20171117
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171117
Cyren 20171117
DrWeb 20171117
eGambit 20171117
Emsisoft 20171117
Endgame 20171024
ESET-NOD32 20171117
F-Prot 20171117
F-Secure 20171117
Fortinet 20171117
GData 20171117
Ikarus 20171117
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171117
Kaspersky 20171117
Kingsoft 20171117
Malwarebytes 20171117
MAX 20171117
McAfee 20171117
McAfee-GW-Edition 20171117
Microsoft 20171117
eScan 20171117
NANO-Antivirus 20171117
nProtect 20171117
Palo Alto Networks (Known Signatures) 20171117
Panda 20171117
Qihoo-360 20171117
Rising 20171117
SentinelOne (Static ML) 20171113
Sophos AV 20171117
SUPERAntiSpyware 20171117
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171117
TheHacker 20171112
TotalDefense 20171117
TrendMicro 20171117
TrendMicro-HouseCall 20171117
Trustlook 20171117
VBA32 20171117
VIPRE 20171117
ViRobot 20171117
Webroot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171116
ZoneAlarm by Check Point 20171117
Zoner 20171117
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2010 Nero AG and its licensors.

Product NAdvLog Dynamic Link Library
Original name NAdvLog.dll
Internal name NAdvLog
File version 1, 0, 10, 3
Description NAdvLog Dynamic Link Library
Signature verification Signed file, verified signature
Signing date 3:40 AM 9/6/2012
Signers
[+] Nero AG
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 4/22/2012
Valid to 12:59 AM 6/22/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A396515CF6E40BC08D6048FF3DD5DA7001ADAD36
Serial number 3F 5F 27 25 B1 1E 25 8A 90 57 07 17 52 44 66 4A
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-26 01:44:48
Entry Point 0x00005F69
Number of sections 5
PE sections
Overlays
MD5 e0a2eac8a1fca5eb803687c544c61683
File type data
Offset 39424
Size 6056
Entropy 7.30
PE imports
GetLastError
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
GetModuleFileNameW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
GetFileAttributesW
lstrcmpiW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
lstrlenW
UnhandledExceptionFilter
CreateDirectoryW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetPrivateProfileStringW
GetProcessHeap
lstrcpynW
SetConsoleTitleW
LoadLibraryW
SetFilePointer
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
FreeConsole
GetFileAttributesExW
TerminateProcess
InitializeCriticalSection
OutputDebugStringW
CreateFileW
AllocConsole
InterlockedDecrement
Sleep
MoveFileW
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
_malloc_crt
_purecall
?what@exception@std@@UBEPBDXZ
memset
__dllonexit
_invalid_parameter_noinfo
wcstok_s
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
_encode_pointer
_wtoi64
_initterm_e
_crt_debugger_hook
_CxxThrowException
tolower
memmove_s
_unlock
_adjust_fdiv
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
??1exception@std@@UAE@XZ
_decode_pointer
__iob_func
??0exception@std@@QAE@ABQBD@Z
_vscwprintf
_encoded_null
freopen
__CppXcptFilter
??0exception@std@@QAE@XZ
_initterm
SHGetFolderPathW
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.10.3

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
14848

EntryPoint
0x5f69

OriginalFileName
NAdvLog.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010 Nero AG and its licensors.

FileVersion
1, 0, 10, 3

TimeStamp
2012:03:26 02:44:48+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
NAdvLog

ProductVersion
1, 0, 10, 3

FileDescription
NAdvLog Dynamic Link Library

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
23552

ProductName
NAdvLog Dynamic Link Library

ProductVersionNumber
1.0.10.3

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 24edbec508f5e69c3cb2e8ce624253f7
SHA1 91eb23ac1f7d2e7261b7f1cd3570792e31282f33
SHA256 5f096a82cc6e3f23ac839436107a227be4f61fbab6068e0d985affd8568a4337
ssdeep
768:HGAjktSiL+W1FG1BNqUJdYW3eg666dr3mfQLmo2qOgIZiQZtoIILX:mAjkXFG1qUJdYW3I66NzLtOgQPtwb

authentihash bdfb6899559683f3efb408f90e9fea671e35f9739e168f0bac61b58ce23f7544
imphash 7242c374095dd4b38d9853131a12f637
File size 44.4 KB ( 45480 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2012-09-26 14:31:45 UTC ( 6 years, 1 month ago )
Last submission 2012-09-26 14:31:45 UTC ( 6 years, 1 month ago )
File names NAdvLog.dll
E9643AB9A8EAA7E2B1D20035DC4464009DABF0F7.dll
NAdvLog.dll
NAdvLog.dll
NAdvLog
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!