× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60c16cf673da0b5831800dbf4de762d40bfe5f349e4f3cc13e0edd6e0cfcb59b
File name: ti
Detection ratio: 0 / 55
Analysis date: 2014-09-21 20:27:52 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20140921
AegisLab 20140921
Yandex 20140921
AhnLab-V3 20140921
Antiy-AVL 20140921
Avast 20140921
AVG 20140921
Avira (no cloud) 20140921
AVware 20140920
Baidu-International 20140921
BitDefender 20140921
Bkav 20140920
ByteHero 20140921
CAT-QuickHeal 20140920
ClamAV 20140921
CMC 20140918
Comodo 20140921
Cyren 20140921
DrWeb 20140921
Emsisoft 20140921
ESET-NOD32 20140921
F-Prot 20140921
F-Secure 20140921
Fortinet 20140921
GData 20140921
Ikarus 20140921
Jiangmin 20140921
K7AntiVirus 20140919
K7GW 20140919
Kaspersky 20140921
Kingsoft 20140921
Malwarebytes 20140921
McAfee 20140921
McAfee-GW-Edition 20140921
Microsoft 20140921
eScan 20140921
NANO-Antivirus 20140921
Norman 20140921
nProtect 20140920
Panda 20140921
Qihoo-360 20140921
Rising 20140921
Sophos AV 20140921
SUPERAntiSpyware 20140921
Symantec 20140921
Tencent 20140921
TheHacker 20140919
TotalDefense 20140921
TrendMicro 20140921
TrendMicro-HouseCall 20140921
VBA32 20140919
VIPRE 20140921
ViRobot 20140921
Zillya 20140921
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) Sourcefire. All rights reserved.

Publisher Sourcefire
Product Immunet 3.0
Original name dti.dll
Internal name ti
File version 3, 0, 8, 9025
Description Immunet 3.0 Tetra Engine Library
Signature verification Signed file, verified signature
Signing date 11:37 PM 9/4/2012
Signers
[+] Sourcefire
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/3/2011
Valid to 12:59 AM 8/3/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 8416539E61E6DE383D5DBBFCFE6D0339EE628DAD
Serial number 33 E1 CF F8 CA 25 E4 81 E7 E6 84 65 1A FB BB 5B
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-04 22:37:59
Entry Point 0x00012B30
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
??1Config@@QAE@XZ
?error@@YAXPADZZ
OleRun
PE exports
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 2
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 50
PE resources
ExifTool file metadata
UninitializedDataSize
57344

InitializedDataSize
12288

ImageVersion
0.0

ProductName
Immunet 3.0

FileVersionNumber
3.0.8.9025

LanguageCode
English (Canadian)

FileFlagsMask
0x0017

FileDescription
Immunet 3.0 Tetra Engine Library

CharacterSet
Unicode

LinkerVersion
10.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3, 0, 8, 9025

TimeStamp
2012:09:05 00:37:59+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
ti

ProductVersion
3, 0, 8, 9025

SubsystemVersion
5.1

OSVersion
5.1

OriginalFilename
dti.dll

LegalCopyright
(c) Sourcefire. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Sourcefire, Inc.

CodeSize
16384

FileSubtype
0

ProductVersionNumber
3.0.8.9025

EntryPoint
0x12b30

ObjectFileType
Executable application

File identification
MD5 e355e116991c55b657ed5e9ee0906b38
SHA1 f19dfc9c9e6626256247b6a024162aa14fcea098
SHA256 60c16cf673da0b5831800dbf4de762d40bfe5f349e4f3cc13e0edd6e0cfcb59b
ssdeep
384:jRsDeXFNZWknUMtsVDpGVsndycmGSa9cnIWyjPaLwBh03mirILca6jZ4eMRGh:jSDeskdtstEghcIWyjP6wBhvIILFmJ

authentihash ab8cad29309478ec668c6f0e43ba871d47583978347ae9929dc60b7a0285c5c7
imphash d866fc653bdca59f41b7e008ca986e7d
File size 35.3 KB ( 36168 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
signed upx pedll

VirusTotal metadata
First submission 2012-09-06 19:30:07 UTC ( 6 years, 4 months ago )
Last submission 2012-09-06 19:30:07 UTC ( 6 years, 4 months ago )
File names 7D44FAFF48BD3F338D6A0055C6F86600629FE2BF.dll
dti.dll
ti
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!