× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67180859d9c38fdbf331ff78710995f71e4235fa5c8ea880a232c6f5672d1465
File name: libeay32
Detection ratio: 1 / 67
Analysis date: 2018-09-20 22:24:09 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Alibaba Heur.Win.Harmlet.247 20180912
Ad-Aware 20180920
AegisLab 20180920
AhnLab-V3 20180920
ALYac 20180920
Antiy-AVL 20180920
Arcabit 20180920
Avast 20180920
Avast-Mobile 20180920
AVG 20180920
Avira (no cloud) 20180920
AVware 20180920
Babable 20180918
Baidu 20180914
BitDefender 20180920
Bkav 20180919
CAT-QuickHeal 20180918
ClamAV 20180920
CMC 20180920
Comodo 20180920
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180920
DrWeb 20180920
eGambit 20180920
Emsisoft 20180920
Endgame 20180730
ESET-NOD32 20180920
F-Prot 20180920
F-Secure 20180920
Fortinet 20180920
GData 20180920
Ikarus 20180920
Sophos ML 20180717
Jiangmin 20180920
K7AntiVirus 20180920
K7GW 20180920
Kaspersky 20180920
Kingsoft 20180920
Malwarebytes 20180920
MAX 20180920
McAfee 20180920
McAfee-GW-Edition 20180920
Microsoft 20180921
eScan 20180920
NANO-Antivirus 20180920
Palo Alto Networks (Known Signatures) 20180920
Panda 20180920
Qihoo-360 20180920
Rising 20180920
SentinelOne (Static ML) 20180830
Sophos AV 20180920
SUPERAntiSpyware 20180907
Symantec 20180920
Symantec Mobile Insight 20180918
TACHYON 20180920
Tencent 20180920
TheHacker 20180920
TotalDefense 20180920
TrendMicro 20180921
TrendMicro-HouseCall 20180920
Trustlook 20180920
VBA32 20180920
VIPRE 20180920
ViRobot 20180920
Webroot 20180920
Yandex 20180920
Zillya 20180920
ZoneAlarm by Check Point 20180920
Zoner 20180920
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

Product The OpenSSL Toolkit
Original name libeay32.dll
Internal name libeay32
File version 0.9.8j
Description OpenSSL Shared Library
Signature verification Signed file, verified signature
Signing date 7:25 AM 8/2/2012
Signers
[+] Kaspersky Lab
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 2/15/2012
Valid to 12:59 AM 3/8/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 90E68EB265AE70DF186A6E20F8DEB2C230EA5EDC
Serial number 16 E5 A7 75 12 03 00 FB 34 19 45 8B 40 D4 08 34
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-28 13:35:54
Entry Point 0x00095B77
Number of sections 5
PE sections
Overlays
MD5 ea5083e0553d2b0590108b73296f1826
File type data
Offset 1020928
Size 14760
Entropy 7.61
PE imports
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetDeviceCaps
GetObjectA
DeleteDC
CreateDCA
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
GetLastError
GetStdHandle
FlushConsoleInputBuffer
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetVersionExA
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
FindNextFileA
GetModuleHandleA
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatus
FindClose
Sleep
GetFileType
ExitProcess
GetVersion
SetLastError
strncmp
_malloc_crt
malloc
_lock
sscanf
_initterm
realloc
memset
fclose
_time64
__dllonexit
fgets
abort
fprintf
_stat64i32
strtoul
printf
isdigit
fflush
fopen
feof
strncpy
strchr
_initterm_e
signal
isalnum
_errno
fwrite
_chmod
fseek
qsort
isxdigit
fputs
ftell
_amsg_exit
exit
__clean_type_info_names_internal
_fileno
strrchr
_getpid
isspace
sprintf
_adjust_fdiv
strtol
fread
tolower
_crt_debugger_hook
ferror
free
getenv
_onexit
_except_handler4_common
atoi
vfprintf
_unlock
perror
_write
memcpy
_encode_pointer
_gmtime64
_vsnprintf
strstr
memmove
_decode_pointer
_read
__iob_func
strerror
_encoded_null
_localtime64
__CppXcptFilter
wcsstr
_setmode
_getch
isupper
strcmp
memchr
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
htonl
accept
WSAStartup
connect
shutdown
htons
WSASetLastError
WSAGetLastError
getsockopt
closesocket
ntohl
send
ntohs
listen
WSACleanup
gethostbyname
inet_ntoa
recv
socket
setsockopt
WSACancelBlockingCall
bind
recvfrom
sendto
getservbyname
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
358912

ImageVersion
0.0

ProductName
The OpenSSL Toolkit

FileVersionNumber
0.9.8.10

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
dll

OriginalFileName
libeay32.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
0.9.8j

TimeStamp
2012:03:28 14:35:54+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
libeay32

ProductVersion
0.9.8j

FileDescription
OpenSSL Shared Library

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 1998-2007 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
The OpenSSL Project, http://www.openssl.org/

CodeSize
660992

FileSubtype
0

ProductVersionNumber
0.9.8.10

EntryPoint
0x95b77

ObjectFileType
Dynamic link library

File identification
MD5 edf62e921011a5625be68bef10bda962
SHA1 e67831424ef436d37c10ad0f259f88f817241ad2
SHA256 67180859d9c38fdbf331ff78710995f71e4235fa5c8ea880a232c6f5672d1465
ssdeep
24576:YXwBx3JOWpbrPcDDit089qNU0nKp0QDm9k4j+P:DHc8qNjKpNm9B+P

authentihash 283d52c0e894f55b830a2e154b93244d92e01953f36351bb536d87a670d6a34c
imphash 0cebee292d8de46c915195e4608514a9
File size 1011.4 KB ( 1035688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2012-09-04 10:35:40 UTC ( 6 years, 2 months ago )
Last submission 2014-01-18 21:13:40 UTC ( 4 years, 10 months ago )
File names libeay32.dll
19-libeay32.dll
7F3E1798A8CD0E69CD380F06B7E2C1003F60244B.dll
libeay32.dll
libeay32
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
libeay32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!