× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 743a6e4aaee72828fb383df7684adc4efdabe02ca0eaa7c732a6dc067e17926a
File name: vt-upload-g_1jN
Detection ratio: 0 / 47
Analysis date: 2013-05-25 16:05:04 UTC ( 5 years, 9 months ago )
Antivirus Result Update
Yandex 20130525
AhnLab-V3 20130525
AntiVir 20130525
Antiy-AVL 20130525
Avast 20130525
AVG 20130525
BitDefender 20130525
ByteHero 20130517
CAT-QuickHeal 20130523
ClamAV 20130523
Commtouch 20130525
Comodo 20130525
DrWeb 20130525
Emsisoft 20130525
eSafe 20130523
ESET-NOD32 20130525
F-Prot 20130525
F-Secure 20130525
Fortinet 20130525
GData 20130525
Ikarus 20130525
Jiangmin 20130525
K7AntiVirus 20130524
K7GW 20130524
Kaspersky 20130525
Kingsoft 20130506
Malwarebytes 20130525
McAfee 20130525
McAfee-GW-Edition 20130525
Microsoft 20130525
eScan 20130525
NANO-Antivirus 20130525
Norman 20130525
nProtect 20130525
Panda 20130525
PCTools 20130521
Rising 20130524
Sophos AV 20130522
SUPERAntiSpyware 20130525
Symantec 20130525
TheHacker 20130524
TotalDefense 20130524
TrendMicro 20130525
TrendMicro-HouseCall 20130525
VBA32 20130525
VIPRE 20130525
ViRobot 20130525
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2000 - 2013 ???????? Avira Operations GmbH & Co. KG ? ?? ?????????

Publisher Avira Operations GmbH & Co. KG
Product Avira Antivirus Premium
Version 13.6.0.1262
File version 13.6.0.1262
Description Avira Event Logger
Signature verification Signed file, verified signature
Signing date 5:05 PM 5/25/2013
Signers
[+] Avira Operations GmbH & Co. KG
Status Valid
Issuer None
Valid from 1:00 AM 7/20/2011
Valid to 12:59 AM 7/20/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 579E1917CA0EDFEDE3642646A474C28C1E8B48B1
Serial number 54 97 1F F2 38 D2 B8 66 F2 7F C3 FE 6C 9A D5 77
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-15 17:32:46
Entry Point 0x0000ED88
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
GetStdHandle
ReleaseMutex
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FormatMessageW
ResumeThread
InitializeCriticalSection
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
InterlockedDecrement
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
LoadStringW
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
117760

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.6.0.1262

LanguageCode
Neutral 2

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
42496

MIMEType
application/octet-stream

LegalCopyright
2000 - 2013 Avira Operations GmbH & Co. KG

FileVersion
13.6.0.1262

TimeStamp
2013:04:15 18:32:46+01:00

FileType
Win32 DLL

PEType
PE32

SubsystemVersion
5.1

FileAccessDate
2013:05:25 17:04:59+01:00

ProductVersion
13.6.0.1262

FileDescription
Avira Event Logger

OSVersion
5.1

FileCreateDate
2013:05:25 17:04:59+01:00

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

LegalTrademarks
AntiVir Avira GmbH.

ProductName
Avira Antivirus Premium

ProductVersionNumber
13.6.0.1262

EntryPoint
0xed88

ObjectFileType
Dynamic link library

File identification
MD5 a69ec25f941e0d4826ffc8cf4a2a6924
SHA1 06f47076477d4a6712a8b6178a8ec9098420f474
SHA256 743a6e4aaee72828fb383df7684adc4efdabe02ca0eaa7c732a6dc067e17926a
ssdeep
3072:l4CUaBMZLjU/1FnyhmtHGxZh1nUFP7aiyKQ1:GCFBcLjU/18hmZGxZn51Kk

File size 161.6 KB ( 165432 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (13.4%)
Generic Win/DOS Executable (4.1%)
DOS Executable Generic (4.1%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-05-25 16:05:04 UTC ( 5 years, 9 months ago )
Last submission 2013-05-25 16:05:04 UTC ( 5 years, 9 months ago )
File names vt-upload-g_1jN
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!