× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70ce5f1348a6621eeb8e12213a0d82024bad4f947e551fa81914bc1a473c9a01
File name: PCMMediaServer
Detection ratio: 0 / 62
Analysis date: 2017-04-19 22:08:47 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware 20170419
AegisLab 20170419
AhnLab-V3 20170419
Alibaba 20170419
ALYac 20170419
Antiy-AVL 20170419
Arcabit 20170419
Avast 20170419
AVG 20170419
Avira (no cloud) 20170419
AVware 20170419
Baidu 20170419
BitDefender 20170419
Bkav 20170419
CAT-QuickHeal 20170419
ClamAV 20170419
CMC 20170419
Comodo 20170419
CrowdStrike Falcon (ML) 20170130
Cyren 20170419
DrWeb 20170419
Emsisoft 20170419
Endgame 20170419
ESET-NOD32 20170419
F-Prot 20170419
F-Secure 20170419
Fortinet 20170419
GData 20170419
Ikarus 20170419
Sophos ML 20170413
Jiangmin 20170419
K7AntiVirus 20170419
K7GW 20170419
Kaspersky 20170419
Kingsoft 20170419
Malwarebytes 20170419
McAfee 20170419
McAfee-GW-Edition 20170419
Microsoft 20170419
eScan 20170419
NANO-Antivirus 20170419
nProtect 20170419
Palo Alto Networks (Known Signatures) 20170419
Panda 20170419
Qihoo-360 20170419
Rising 20170419
SentinelOne (Static ML) 20170330
Sophos AV 20170419
SUPERAntiSpyware 20170419
Symantec 20170419
Symantec Mobile Insight 20170414
Tencent 20170419
TheHacker 20170419
TotalDefense 20170419
TrendMicro 20170419
TrendMicro-HouseCall 20170419
Trustlook 20170419
VBA32 20170419
VIPRE 20170419
ViRobot 20170419
Webroot 20170419
WhiteArmor 20170409
Yandex 20170419
Zillya 20170418
ZoneAlarm by Check Point 20170419
Zoner 20170419
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004-2006

Product CyberLink PCMMediaServer
Original name PCMMediaServer.dll
Internal name PCMMediaServer
File version 2.2.10510
Description PCMMediaServer
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:51 AM 9/19/2012
Signers
[+] CyberLink
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/9/2012
Valid to 12:59 AM 4/13/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B9140E3C0AAD78C194F0E28EFF6B5A0147F55A54
Serial number 1D 22 61 08 CB B0 EB 7B 50 46 97 BD FE C6 6A 8B
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-10 11:10:23
Entry Point 0x0006E062
Number of sections 5
PE sections
Overlays
MD5 7b761d35975330b2c184a26d8f1fb9c8
File type data
Offset 712704
Size 8720
Entropy 7.34
PE imports
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
QueueUserAPC
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
GetFileTime
WideCharToMultiByte
InterlockedExchange
GetSystemTimeAsFileTime
HeapReAlloc
GetExitCodeProcess
LocalFree
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
OutputDebugStringA
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
RemoveDirectoryA
GetFileAttributesW
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
CreateSemaphoreA
CreateThread
ExitThread
SetPriorityClass
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
SleepEx
CloseHandle
HeapFree
EnterCriticalSection
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
GetVersionExA
LoadLibraryA
FreeLibrary
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetFileSizeEx
RemoveDirectoryW
FindNextFileW
ResetEvent
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
ReadDirectoryChangesW
CreateFileW
CreateEventA
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
lstrlenA
GetThreadLocale
WaitForSingleObjectEx
GetModuleFileNameA
VirtualFree
FileTimeToLocalFileTime
WritePrivateProfileStringA
GetCurrentProcessId
lstrlenW
HeapSize
CancelIo
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
GetFileAttributesExW
GetLongPathNameW
UnmapViewOfFile
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0ABV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??1type_info@@UAE@XZ
fclose
_snwprintf
memset
fflush
strtol
strtok
fwrite
_wcsdup
fputs
_strlwr
_close
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
__security_error_handler
_strupr
sprintf
_wfopen
strstr
memmove
_ltoa
_atoi64
strncmp
??0exception@@QAE@ABV0@@Z
fgetc
??_U@YAPAXI@Z
wcschr
_stricmp
_wcslwr
fgets
strchr
??2@YAPAXI@Z
_beginthread
ftell
exit
??_V@YAXPAX@Z
_resetstkoflw
_except_handler3
_strcmpi
free
_lseeki64
_vsnprintf
_wopen
_initterm
isupper
_ftime
rand
__dllonexit
fopen
_vsnwprintf
strncpy
_itoa
wcscmp
_open
_onexit
wcslen
isalpha
_snprintf
srand
_wcsnicmp
wcscat
atoi
_wsplitpath
atol
atof
wcscpy
_beginthreadex
_strnicmp
localtime
malloc
fread
swprintf
fprintf
_i64toa
?terminate@@YAXXZ
fseek
_strdup
wcsrchr
_telli64
_wcsicmp
tolower
??1exception@@UAE@XZ
_adjust_fdiv
time
_splitpath
strftime
??0exception@@QAE@XZ
__CppXcptFilter
SysAllocStringLen
VariantClear
SysAllocString
VarBstrCmp
SysFreeString
VariantInit
EnumProcesses
GetModuleBaseNameW
SHGetFileInfoW
SHGetDesktopFolder
StrStrIW
PathIsDirectoryW
PathFindFileNameW
GetMessageA
RegisterDeviceNotificationA
CreateWindowExA
GetClassInfoA
UpdateWindow
DispatchMessageA
LoadCursorA
UnregisterClassA
DefWindowProcA
wsprintfA
TranslateMessage
PostQuitMessage
ShowWindow
DestroyWindow
RegisterClassExA
timeEndPeriod
timeGetTime
timeBeginPeriod
WMIsContentProtected
inet_ntoa
closesocket
socket
WSAIoctl
GdipGetImageEncodersSize
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipGetImagePixelFormat
GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipImageSelectActiveFrame
GdiplusStartup
GdipDeleteGraphics
GdipGetImageThumbnail
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetImageEncoders
GdipImageGetFrameCount
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipLoadImageFromFile
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipImageGetFrameDimensionsList
GdipGetImageGraphicsContext
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
270336

ImageVersion
0.0

ProductName
CyberLink PCMMediaServer

FileVersionNumber
2.2.0.10510

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PCMMediaServer

CharacterSet
Unicode

LinkerVersion
7.1

FileTypeExtension
dll

OriginalFileName
PCMMediaServer.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2.10510

TimeStamp
2012:09:10 12:10:23+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
PCMMediaServer

ProductVersion
2.2.10510

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2004-2006

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberLink

CodeSize
483328

FileSubtype
0

ProductVersionNumber
2.2.0.10510

EntryPoint
0x6e062

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 4f4c1e898174bd27664e13dd0c6fa40f
SHA1 ee5adcf4576367a67da11ed3e620530f05e97056
SHA256 70ce5f1348a6621eeb8e12213a0d82024bad4f947e551fa81914bc1a473c9a01
ssdeep
12288:37FGscjGh2EBaHJKq6B5kAnLQUwUOmBgYsWU1ua1D:37KahnBEwB59nLQUwMsWO

authentihash e507dabe4d86c3c657a7701724295391913a170b008040aa7118af4294d14ad9
imphash 90d1ceedd2a1c834aee8079b485f5bc8
File size 704.5 KB ( 721424 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
revoked-cert pedll signed overlay

VirusTotal metadata
First submission 2017-03-22 20:15:27 UTC ( 2 years, 1 month ago )
Last submission 2017-03-22 20:15:27 UTC ( 2 years, 1 month ago )
File names PCMMediaServer.dll
PCMMediaServer.dll
PCMMediaServer.dll
PCMMediaServer
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!