× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 781c4437afd551953ca9c16c4e25138cd62c3ff9c9c1d002ac8e09442fafd36e
File name: management.torrent
Detection ratio: 7 / 69
Analysis date: 2019-02-07 03:33:57 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20190207
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.0F5B.Malware.Gen 20190207
Rising Trojan.GenKryptik!8.AA55/N3#88% (RDM+:cmRtazpm03BWbQ77cAHdm0s0YZ94) 20190207
SentinelOne (Static ML) static engine - malicious 20190203
Webroot W32.Trojan.Ursnif 20190207
Acronis 20190130
Ad-Aware 20190207
AegisLab 20190207
AhnLab-V3 20190206
Alibaba 20180921
ALYac 20190207
Antiy-AVL 20190207
Arcabit 20190207
Avast 20190207
Avast-Mobile 20190206
AVG 20190207
Avira (no cloud) 20190206
Babable 20180918
Baidu 20190202
BitDefender 20190207
Bkav 20190201
CAT-QuickHeal 20190206
ClamAV 20190206
CMC 20190206
Comodo 20190207
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190207
DrWeb 20190207
eGambit 20190207
Emsisoft 20190207
ESET-NOD32 20190207
F-Prot 20190207
F-Secure 20190207
Fortinet 20190207
GData 20190207
Ikarus 20190206
Jiangmin 20190207
K7AntiVirus 20190207
K7GW 20190206
Kaspersky 20190207
Kingsoft 20190207
Malwarebytes 20190207
MAX 20190207
McAfee 20190207
McAfee-GW-Edition 20190206
Microsoft 20190207
eScan 20190207
NANO-Antivirus 20190207
Palo Alto Networks (Known Signatures) 20190207
Panda 20190206
Sophos AV 20190206
SUPERAntiSpyware 20190206
Symantec 20190207
TACHYON 20190207
Tencent 20190207
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190207
TrendMicro-HouseCall 20190207
Trustlook 20190207
VBA32 20190206
ViRobot 20190206
Yandex 20190206
Zillya 20190206
ZoneAlarm by Check Point 20190207
Zoner 20190207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) softratingSystem Corp. 1995-1998

Product softratingSystem Distributed Transaction Coordinator
Internal name XOLEHLP.DLL
File version 2007.12.4114.298
Description MS DTC helper APIs DLL
Signature verification Signed file, verified signature
Signing date 5:35 PM 2/6/2019
Signers
[+] SKYE CRYPTO LTD.
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/13/2018
Valid to 11:59 PM 12/13/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C9F1364ED3093A35885DDA43E9CB81A9FE5DFB38
Serial number 1F 44 59 35 F7 85 FF 09 D2 CB 31 8F 40 0D AB 9B
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-07 00:35:53
Entry Point 0x00001D20
Number of sections 5
PE sections
Overlays
MD5 466f36440f2f58e0112ca304ac688685
File type data
Offset 111616
Size 7496
Entropy 7.24
PE imports
IsTokenRestricted
PatBlt
GdiGetBatchLimit
SetPriorityClass
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GlobalReAlloc
GetFileMUIPath
GetModuleHandleA
GetCurrentConsoleFont
GetComputerNameA
GetConsoleScreenBufferInfo
LZSeek
SafeArrayUnlock
GetDesktopWindow
CopyIcon
GetScrollPos
CountClipboardFormats
LoadStringA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
CodeSize
14848

SubsystemVersion
5.0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2007.12.4114.298

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MS DTC helper APIs DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
109603

EntryPoint
0x1d20

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) softratingSystem Corp. 1995-1998

FileVersion
2007.12.4114.298

TimeStamp
2019:02:07 01:35:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XOLEHLP.DLL

ProductVersion
05.01.02.4114

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
softratingSystem Corporation

LegalTrademarks
softratingSystem(R) is a registered trademark of softratingSystem Corporation. Windows(TM) is a trademark of softratingSystem Corporation

ProductName
softratingSystem Distributed Transaction Coordinator

ProductVersionNumber
5.1.2.4114

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 022ff881dd393ac453d1466258d15b48
SHA1 555d840093dd884a810f21f2691dfc0bd80226e9
SHA256 781c4437afd551953ca9c16c4e25138cd62c3ff9c9c1d002ac8e09442fafd36e
ssdeep
1536:BiTpjNhmzFuDgrOAFKB4+FVJzNkmjE9Koku8fpFZ5r4Vbe+6ajqii7H:YFj6zpT+FVpTEExFZ5cde+6ajK

authentihash e295cf05391284cdea90b29859bc86edd0fcd68a857306bc1a44c99ad8ee5cb0
imphash 4abf481a944c10e63e9afcc071d8b7ad
File size 116.3 KB ( 119112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-02-07 03:33:57 UTC ( 1 month, 2 weeks ago )
Last submission 2019-02-07 03:33:57 UTC ( 1 month, 2 weeks ago )
File names management.torrent
XOLEHLP.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!