× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6072a73f3af297826b242a7583cb5c5582bf1bf5e7d2aaad7b1df033bd118e1e
File name: ImAnimU.dll
Detection ratio: 0 / 56
Analysis date: 2014-11-28 08:25:44 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20141128
AegisLab 20141128
Yandex 20141126
AhnLab-V3 20141127
ALYac 20141128
Antiy-AVL 20141128
Avast 20141128
AVG 20141128
Avira (no cloud) 20141128
AVware 20141121
Baidu-International 20141127
BitDefender 20141128
Bkav 20141127
ByteHero 20141128
CAT-QuickHeal 20141128
ClamAV 20141128
CMC 20141127
Comodo 20141128
Cyren 20141128
DrWeb 20141128
Emsisoft 20141128
ESET-NOD32 20141128
F-Prot 20141128
F-Secure 20141128
Fortinet 20141128
GData 20141128
Ikarus 20141128
Jiangmin 20141127
K7AntiVirus 20141127
K7GW 20141128
Kaspersky 20141128
Kingsoft 20141128
Malwarebytes 20141128
McAfee 20141128
McAfee-GW-Edition 20141128
Microsoft 20141128
eScan 20141128
NANO-Antivirus 20141128
Norman 20141128
nProtect 20141127
Panda 20141127
Qihoo-360 20141128
Rising 20141126
Sophos AV 20141128
SUPERAntiSpyware 20141127
Symantec 20141128
Tencent 20141128
TheHacker 20141124
TotalDefense 20141127
TrendMicro 20141128
TrendMicro-HouseCall 20141128
VBA32 20141127
VIPRE 20141128
ViRobot 20141127
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2002 IncrediMail, Ltd.

Publisher IncrediMail Ltd.
Product IncrediAnimation Module
Original name IMANIM.DLL
Internal name IncrediAnimation
File version 6, 2, 9, 5181
Description IncrediAnimation Module
Signature verification Signed file, verified signature
Signing date 4:37 PM 3/11/2012
Signers
[+] IncrediMail Ltd.
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/17/2009
Valid to 12:59 AM 9/6/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint 68A49AED8A619648DB376ADF56A265F476DC130D
Serial number 2D A9 DB 2D 3D 25 6C 11 46 85 CB B3 5C 1B 55 1D
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer None
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-11 15:28:50
Entry Point 0x0000BF56
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
??0GfxWndTexture@@QAE@PAUHWND__@@@Z
Ord(7)
Ord(5)
Ord(11)
Ord(22)
Ord(17)
Ord(28)
?DrawScaled@GfxWndTexture@@MAEHPAUHDC__@@II@Z
Ord(15)
Ord(26)
Ord(9)
Ord(29)
Ord(6)
Ord(4)
Ord(2)
Ord(12)
Ord(25)
Ord(10)
Ord(23)
Ord(27)
Ord(21)
?Draw@GfxWndTexture@@MAEHPAUHDC__@@@Z
Ord(16)
?TexSizeCorrect@GfxWndTexture@@MBEII@Z
Ord(14)
Ord(13)
Ord(8)
??1GfxWndTexture@@UAE@XZ
Ord(434)
Ord(994)
Ord(675)
Ord(1453)
Ord(810)
Ord(166)
Ord(1323)
Ord(1339)
Ord(864)
Ord(1344)
Ord(1338)
Ord(899)
Ord(1345)
Ord(65)
Ord(1324)
Ord(1341)
Ord(5)
Ord(1326)
Ord(1337)
GetLastError
EnterCriticalSection
GetModuleFileNameW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetThreadLocale
GetVersionExA
lstrcmpiW
lstrlenW
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
InterlockedCompareExchange
RaiseException
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetACP
GetModuleHandleW
LocalFree
TerminateProcess
InitializeCriticalSection
LoadResource
FindResourceW
InterlockedDecrement
Sleep
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
LeaveCriticalSection
Ord(2531)
Ord(266)
Ord(371)
Ord(558)
Ord(6273)
Ord(925)
Ord(314)
Ord(865)
Ord(5226)
Ord(1513)
Ord(5465)
Ord(4060)
Ord(3990)
Ord(971)
Ord(1162)
Ord(566)
Ord(3677)
Ord(3796)
Ord(2925)
Ord(6278)
Ord(6215)
Ord(3016)
Ord(2392)
Ord(5579)
Ord(6271)
Ord(1646)
Ord(577)
Ord(5196)
Ord(581)
Ord(2388)
Ord(931)
Ord(2409)
Ord(3800)
Ord(970)
Ord(631)
Ord(2169)
Ord(1908)
Ord(746)
Ord(386)
Ord(4320)
Ord(2381)
Ord(6279)
Ord(1899)
Ord(6111)
Ord(1168)
Ord(4716)
Ord(776)
Ord(5524)
Ord(1647)
Ord(2895)
Ord(760)
Ord(1182)
Ord(4179)
Ord(1176)
Ord(5067)
Ord(757)
Ord(1608)
Ord(899)
Ord(870)
Ord(2271)
Ord(2386)
Ord(4480)
Ord(426)
Ord(764)
Ord(1087)
Ord(5222)
Ord(283)
Ord(5096)
Ord(2379)
Ord(2725)
Ord(5956)
Ord(6086)
Ord(2534)
Ord(6061)
Ord(3327)
Ord(5229)
Ord(1199)
Ord(3678)
Ord(1200)
Ord(2708)
Ord(2394)
Ord(1007)
Ord(2832)
Ord(3943)
Ord(1197)
Ord(1178)
Ord(1911)
Ord(2266)
Ord(3795)
Ord(3824)
Ord(2402)
Ord(2366)
Ord(2856)
Ord(774)
Ord(282)
Ord(3339)
Ord(293)
Ord(6751)
Ord(920)
Ord(4008)
Ord(4255)
Ord(1079)
Ord(5210)
Ord(1170)
Ord(1611)
Ord(2397)
Ord(6721)
Ord(5426)
Ord(265)
Ord(3942)
Ord(2384)
Ord(4475)
Ord(6274)
Ord(1479)
Ord(280)
Ord(2640)
Ord(2054)
Ord(762)
Ord(3703)
Ord(5562)
Ord(5171)
Ord(1220)
Ord(3826)
Ord(3712)
Ord(3331)
Ord(4276)
Ord(5148)
Ord(929)
Ord(2009)
Ord(1393)
Ord(4238)
Ord(2239)
Ord(4562)
Ord(2527)
Ord(1590)
Ord(4961)
Ord(572)
Ord(6275)
Ord(927)
Ord(2163)
Ord(5231)
Ord(663)
Ord(2829)
Ord(2399)
Ord(4301)
Ord(1115)
Ord(1043)
Ord(3713)
Ord(2404)
Ord(1093)
Ord(2390)
Ord(3940)
Ord(1192)
Ord(6700)
Ord(1591)
Ord(765)
Ord(6272)
Ord(1955)
Ord(3927)
Ord(3397)
Ord(5443)
Ord(315)
Ord(4032)
Ord(5220)
Ord(1033)
Ord(1353)
Ord(2638)
Ord(5911)
Ord(5378)
Ord(860)
Ord(5209)
Ord(2407)
_malloc_crt
_purecall
malloc
memset
__dllonexit
wcsncpy_s
wcscpy_s
__clean_type_info_names_internal
_recalloc
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_lock
_onexit
_encode_pointer
wcscat_s
_decode_pointer
_adjust_fdiv
memmove_s
_unlock
_crt_debugger_hook
free
memcpy_s
_except_handler4_common
__CxxFrameHandler3
_initterm_e
_encoded_null
__CppXcptFilter
_initterm
MCIWndCreateW
VarUI4FromStr
SysStringLen
UnRegisterTypeLib
LoadRegTypeLib
RegisterTypeLib
SysAllocString
LoadTypeLib
SysFreeString
SendMessageW
UpdateWindow
EnableWindow
GetWindowRect
GetDesktopWindow
LoadCursorW
UnregisterClassA
CharNextW
SetCursor
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
PE exports
Number of PE resources by type
RT_MANIFEST 1
TYPELIB 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.9.5181

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
53248

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2002 IncrediMail, Ltd.

FileVersion
6, 2, 9, 5181

TimeStamp
2012:03:11 16:28:50+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
IncrediAnimation

FileAccessDate
2014:11:28 09:25:56+01:00

ProductVersion
6, 2, 9, 5181

FileDescription
IncrediAnimation Module

OSVersion
4.0

FileCreateDate
2014:11:28 09:25:56+01:00

OriginalFilename
IMANIM.DLL

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IncrediMail, Ltd.

CodeSize
57344

ProductName
IncrediAnimation Module

ProductVersionNumber
6.2.9.5181

EntryPoint
0xbf56

ObjectFileType
Dynamic link library

Execution parents
Compressed bundles
File identification
MD5 c91dbfc32443aa2a93c4e809b274cefc
SHA1 ee260c4974980ae6c09f3a218a2d34b3ca632d43
SHA256 6072a73f3af297826b242a7583cb5c5582bf1bf5e7d2aaad7b1df033bd118e1e
ssdeep
3072:CdbXD0IIgvgzUtfyv7GQTrsoJrOgXFA02t4xCD:PUmGQEoxOgXF+3D

authentihash 45f214cab75bf2a344eb8b5033b30f858242e24dfb424e5e974316f00cca86f7
imphash bb2863b011dde9ebf939b4dca3edc998
File size 117.4 KB ( 120264 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (55.3%)
Windows ActiveX control (31.9%)
Win32 Executable MS Visual C++ (generic) (8.5%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.2%)
Tags
signed pedll

VirusTotal metadata
First submission 2012-03-16 19:46:29 UTC ( 7 years, 2 months ago )
Last submission 2012-03-16 19:46:29 UTC ( 7 years, 2 months ago )
File names IMANIM.DLL
6E8105E6C860D6C2D508017653C5B300279BE324.dll
ImAnimU.dll
ImAnimU.dll
IncrediAnimation
ImAnimU.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!