× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75cad8dddaab589586f17cd8a8ebfd75e5586f556d57382fdc090ce7c7ea3f29
File name: WabApi.dll
Detection ratio: 0 / 66
Analysis date: 2018-05-14 01:46:39 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware 20180513
AegisLab 20180514
AhnLab-V3 20180513
Alibaba 20180511
ALYac 20180514
Antiy-AVL 20180514
Arcabit 20180514
Avast 20180514
Avast-Mobile 20180513
AVG 20180514
Avira (no cloud) 20180513
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180514
Bkav 20180514
CAT-QuickHeal 20180513
ClamAV 20180513
CMC 20180513
Comodo 20180514
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180514
Cyren 20180514
eGambit 20180514
Emsisoft 20180514
Endgame 20180507
ESET-NOD32 20180514
F-Prot 20180514
F-Secure 20180514
Fortinet 20180514
GData 20180514
Ikarus 20180513
Sophos ML 20180503
Jiangmin 20180514
K7AntiVirus 20180513
K7GW 20180513
Kaspersky 20180514
Kingsoft 20180514
Malwarebytes 20180514
MAX 20180514
McAfee 20180514
McAfee-GW-Edition 20180514
Microsoft 20180514
eScan 20180513
NANO-Antivirus 20180514
nProtect 20180513
Palo Alto Networks (Known Signatures) 20180514
Panda 20180513
Qihoo-360 20180514
Rising 20180514
SentinelOne (Static ML) 20180225
Sophos AV 20180514
SUPERAntiSpyware 20180513
Symantec 20180513
Symantec Mobile Insight 20180511
Tencent 20180514
TheHacker 20180509
TotalDefense 20180513
TrendMicro 20180514
TrendMicro-HouseCall 20180514
Trustlook 20180514
VBA32 20180511
VIPRE 20180514
ViRobot 20180513
Webroot 20180514
Yandex 20180513
Zillya 20180511
ZoneAlarm by Check Point 20180514
Zoner 20180513
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows Live Mail
Original name WabApi.dll
Internal name WabApi.dll
File version 14.0.8050.1202
Description Windows Live Mail
Signature verification Signed file, verified signature
Signing date 7:38 AM 12/3/2008
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Code Signing PCA
Valid from 1:23 AM 8/23/2007
Valid to 1:33 AM 2/23/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D57FAC60F1A8D34877AEB350E83F46F6EFC9E5F1
Serial number 61 0F 78 4D 00 00 00 00 00 03
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 11:31 PM 8/22/2007
Valid to 8:00 AM 8/25/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Timestamping PCA
Valid from 2:53 AM 9/16/2006
Valid to 3:03 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint A1DC024FC8B2A76745D4661F663B8741C3D35313
Serial number 61 47 52 BA 00 00 00 00 00 04
[+] Microsoft Timestamping PCA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-03 06:15:17
Entry Point 0x0004342B
Number of sections 4
PE sections
Overlays
MD5 860264365423eeaa9971b55e213b16c0
File type data
Offset 308736
Size 6984
Entropy 7.41
PE imports
RegCreateKeyExW
RegEnumValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
CryptAcquireContextW
RegSetValueW
TraceEvent
RegQueryValueExW
RegQueryValueW
ImageList_LoadImageW
Ord(386)
CertOpenStore
CertFreeCertificateContext
CryptMsgUpdate
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptMsgOpenToDecode
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CertCompareCertificate
GetDeviceCaps
EndPage
SetAbortProc
CreateFontIndirectW
SelectObject
RectVisible
GetTextExtentPoint32W
AbortDoc
GetStockObject
EndDoc
StartPage
SetBkMode
GetTextExtentPointW
DeleteObject
StartDocW
SetMapMode
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
WideCharToMultiByte
LoadLibraryW
InterlockedExchange
GetTempPathW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
FreeLibrary
LocalFree
GetProfileIntW
FreeLibraryAndExitThread
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
LoadLibraryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FindNextChangeNotification
InterlockedExchangeAdd
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
TerminateProcess
FindCloseChangeNotification
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetProcAddress
lstrcmpiW
GetFileSize
DeleteFileA
GetDateFormatW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
ExpandEnvironmentStringsW
lstrcmpA
CompareStringA
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
CreateEventW
CreateFileW
TlsSetValue
InterlockedIncrement
GetLastError
SystemTimeToFileTime
lstrlenA
lstrlenW
FindFirstChangeNotificationW
CompareFileTime
GetCurrentProcessId
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
HeapCreate
WriteFile
RtlMoveMemory
Sleep
PszDupW
Ord(226)
_malloc_crt
_purecall
malloc
_splitpath_s
memset
wcschr
__dllonexit
_vsnprintf_s
swscanf_s
wcstok_s
__clean_type_info_names_internal
_recalloc
_amsg_exit
_ltow_s
_lock
_onexit
_encode_pointer
??_V@YAXPAX@Z
_decode_pointer
_adjust_fdiv
_makepath_s
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
_except_handler4_common
_callnewh
memcpy
_vsnwprintf_s
memmove
_initterm_e
_encoded_null
__CppXcptFilter
wcsstr
_initterm
SysAllocString
SysFreeString
VariantClear
VariantInit
SysStringLen
UuidFromStringW
UuidToStringW
RpcStringFreeW
ShellExecuteExW
SHParseDisplayName
StrCmpW
StrChrW
UrlCanonicalizeW
PathCreateFromUrlW
wnsprintfW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpNIW
UrlIsW
SHRegSetUSValueW
StrStrIW
PathAppendW
StrCmpNIA
PathAddExtensionW
StrStrW
StrCmpIW
PathRemoveBlanksW
PathIsDirectoryW
SHRegGetValueW
MapWindowPoints
EndDeferWindowPos
GetParent
EmptyClipboard
EndDialog
GetMessageW
LoadCursorW
SetFocus
CharUpperW
RegisterClassW
KillTimer
DestroyMenu
CharUpperA
CharPrevW
ShowWindow
RegisterWindowMessageW
LoadMenuW
SetWindowPos
RemoveMenu
BeginDeferWindowPos
SetWindowLongW
MessageBoxW
PeekMessageW
UnregisterClassW
GetWindowRect
EnableWindow
UpdateWindow
MoveWindow
DialogBoxParamW
SystemParametersInfoW
LoadIconW
CharLowerW
SendDlgItemMessageW
IsWindowEnabled
GetDlgItemTextW
PostMessageW
GetSysColor
CheckRadioButton
SetDlgItemTextW
DispatchMessageW
CreateWindowExW
CreateDialogParamW
ReleaseDC
SendMessageW
LoadStringA
SetCursor
SetClipboardData
TranslateMessage
GetSystemMetrics
GetWindowPlacement
CloseClipboard
SetWindowTextW
GetDlgItem
DefWindowProcW
AllowSetForegroundWindow
DrawTextW
IsWindow
EnableMenuItem
ScreenToClient
CharNextW
InvalidateRect
GetSubMenu
SetTimer
LoadImageW
TrackPopupMenu
LoadStringW
IsDialogMessageW
GetMenuItemCount
CharLowerA
OpenClipboard
GetClassInfoW
GetWindowTextW
GetDesktopWindow
IsRectEmpty
GetSystemMenu
GetFocus
GetDC
InsertMenuW
GetWindowLongW
SetForegroundWindow
IsWindowVisible
GetMenuItemInfoW
DestroyWindow
?RMInitialize@@YGXXZ
?RMLoadIcon@@YGPAUHICON__@@PBDPB_WK@Z
?RMFindModule@@YGPAUHINSTANCE__@@PBDK@Z
?RMUpdateResourceSet@@YG_NPBDPB_WK1@Z
?RMTerminate@@YGXXZ
?RMLoadString@@YGIPBDIPA_WIK@Z
?RMLoadMenu@@YGPAUHMENU__@@PBDPB_WK@Z
EnableThemeDialogTexture
InternetCanonicalizeUrlW
PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW
CoUninitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoInitializeEx
LogOutput
ZoneLoggingEnabled
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
21504

ImageVersion
6.0

ProductName
Windows Live Mail

FileVersionNumber
14.0.8050.1202

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Live Mail

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
WabApi.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
14.0.8050.1202

TimeStamp
2008:12:03 07:15:17+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
WabApi.dll

ProductVersion
14.0.8050.1202

SubsystemVersion
5.1

OSVersion
6.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
286208

FileSubtype
0

ProductVersionNumber
14.0.8050.1202

EntryPoint
0x4342b

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 8087aa5de82679cc531fe501bf19fe36
SHA1 dd0668fd05f68a1767b9fff3c787d55cd5b86d02
SHA256 75cad8dddaab589586f17cd8a8ebfd75e5586f556d57382fdc090ce7c7ea3f29
ssdeep
6144:OpIqZVJcHRAJjxFFbYcXCpOzqi/E8dS3RjeIH2qXnD2k5xQS0/e6x9/5BtHPGcFT:NHRAJjxFFbYcXCpGqi/sReIH7XnDV5xK

authentihash 4f8ee56c019167ab5bd6c083d9323118eb187b6d93eee86c857052a613511fc6
imphash b7db92545aff6d0ea77d70e4cf4b6cbc
File size 308.3 KB ( 315720 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2009-05-24 12:58:37 UTC ( 9 years, 12 months ago )
Last submission 2018-05-14 01:46:39 UTC ( 1 year ago )
File names wabapi.dll
WabApi.dll
wabapi.dll
wabapi.dll
wabapi.dll
wabapi.dll
hsbiro2v.if2
wabapi.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!