× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 713f7adf8bb529f865b830ee8699afb771e4aba5e3b82798638a436edbce5067
File name: am.dll
Detection ratio: 2 / 48
Analysis date: 2013-09-20 04:53:17 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
Bkav HW32.Stranfom.vcgm 20130920
SUPERAntiSpyware Trojan.Agent/Gen-Stranfom 20130920
Yandex 20130919
AhnLab-V3 20130919
AntiVir 20130920
Antiy-AVL 20130919
Avast 20130920
AVG 20130920
Baidu-International 20130919
BitDefender 20130920
ByteHero 20130919
CAT-QuickHeal 20130919
ClamAV 20130920
Commtouch 20130920
Comodo 20130919
DrWeb 20130920
Emsisoft 20130920
ESET-NOD32 20130919
F-Prot 20130920
F-Secure 20130920
Fortinet 20130920
GData 20130920
Ikarus 20130920
Jiangmin 20130903
K7AntiVirus 20130919
K7GW 20130919
Kaspersky 20130920
Kingsoft 20130829
Malwarebytes 20130920
McAfee 20130920
McAfee-GW-Edition 20130920
Microsoft 20130920
eScan 20130920
NANO-Antivirus 20130918
Norman 20130919
nProtect 20130920
Panda 20130919
PCTools 20130919
Rising 20130918
Sophos AV 20130920
Symantec 20130920
TheHacker 20130919
TotalDefense 20130919
TrendMicro 20130920
TrendMicro-HouseCall 20130920
VBA32 20130919
VIPRE 20130920
ViRobot 20130920
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:49 PM 8/24/2013
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 11/14/2011
Valid to 12:59 AM 11/14/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 06C92BEC3BBF32068CB9208563D004169448EE21
Serial number 09 E2 8B 26 DB 59 3E C4 E7 32 86 B6 64 99 C3 70
[+] VeriSign Class 3 Code Signing 2010 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 9/30/2010
Valid to 12:59 AM 1/2/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 14FCF0BB187D563B568EEA5FC888A53D288698D6
Serial number 4D 62 90 E5 8C 54 F0 F1 EB 17 34 1A 13 10 E6 A4
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-24 14:23:50
Number of sections 2
PE sections
Overlays
MD5 22e4d4904616792130fd770c9d5410d2
File type data
Offset 3584
Size 6096
Entropy 7.31
Number of PE resources by type
RT_DIALOG 3
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:08:24 15:23:50+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
0

LinkerVersion
10.0

EntryPoint
0x0000

InitializedDataSize
2560

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b72fac071c2b65d7ac84eee83fc7c507
SHA1 a5b9f082e766a4269bad3e5bf0b97ce7abcb4cbf
SHA256 713f7adf8bb529f865b830ee8699afb771e4aba5e3b82798638a436edbce5067
ssdeep
192:hWMb3vbsnYe+PjPGr9ZCApkT1rArikv+vBrod6:LInYPL/p1p

authentihash 42a9fa07078446185ca63efb8cd8d5a422770a0a6e20185dc72fbf15233fb779
File size 9.5 KB ( 9680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-08-28 04:58:37 UTC ( 5 years, 7 months ago )
Last submission 2015-04-06 22:16:52 UTC ( 4 years ago )
File names vt-upload-5uzpq
A0083172.dll
A0027163.dll
am.dll
A0059646.dll
am.dll
B72FAC071C2B65D7AC84EEE83FC7C507
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!