× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 789d7b218e6db15723851555aad61650a0215edc9d4bbbe8fae5a4d89c4d3395
File name: important.eml
Detection ratio: 5 / 70
Analysis date: 2019-01-30 16:41:19 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.E58B.Malware.Gen 20190130
Webroot W32.Trojan.Gen 20190130
Acronis 20190128
Ad-Aware 20190130
AegisLab 20190130
AhnLab-V3 20190130
Alibaba 20180921
ALYac 20190130
Antiy-AVL 20190130
Arcabit 20190130
Avast 20190130
Avast-Mobile 20190130
AVG 20190130
Avira (no cloud) 20190130
Babable 20180918
Baidu 20190130
BitDefender 20190130
Bkav 20190130
CAT-QuickHeal 20190130
ClamAV 20190130
CMC 20190130
Comodo 20190130
Cybereason 20190109
Cylance 20190201
Cyren 20190130
DrWeb 20190201
eGambit 20190130
Emsisoft 20190130
ESET-NOD32 20190130
F-Prot 20190130
F-Secure 20190130
Fortinet 20190130
GData 20190130
Ikarus 20190130
Jiangmin 20190130
K7AntiVirus 20190130
K7GW 20190130
Kaspersky 20190130
Kingsoft 20190130
Malwarebytes 20190130
MAX 20190130
McAfee 20190130
McAfee-GW-Edition 20190130
Microsoft 20190130
eScan 20190130
NANO-Antivirus 20190130
Palo Alto Networks (Known Signatures) 20190130
Panda 20190130
Rising 20190130
SentinelOne (Static ML) 20190124
Sophos AV 20190130
SUPERAntiSpyware 20190123
Symantec 20190130
TACHYON 20190130
Tencent 20190130
TheHacker 20190129
Trapmine 20190123
TrendMicro 20190130
TrendMicro-HouseCall 20190130
Trustlook 20190130
VBA32 20190130
VIPRE 20190130
ViRobot 20190130
Yandex 20190129
Zillya 20190130
ZoneAlarm by Check Point 20190130
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name D3D9.dll
Internal name D3D9.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-185
Description Direct3D 9 Runtime
Signature verification Signed file, verified signature
Signing date 7:01 AM 1/30/2019
Signers
[+] Wahid Tech Limited
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/19/2018
Valid to 11:59 PM 11/19/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5A0818D885C38026A84DE57B6A45A8CA1CD278D2
Serial number 00 C0 7B 6A 14 F3 0A 60 14 D9 C3 C8 01 55 24 DB 74
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-30 06:01:50
Entry Point 0x000026A0
Number of sections 5
PE sections
Overlays
MD5 6f46f68dd54f3e92f8c749bf47f06d92
File type data
Offset 131072
Size 6504
Entropy 7.45
PE imports
QuerySecurityAccessMask
BuildSecurityDescriptorW
SetNamedSecurityInfoW
CertCreateSelfSignCertificate
CertEnumCRLsInStore
GetObjectType
PlayEnhMetaFile
GetLastError
InitializeCriticalSectionAndSpinCount
VerifyScripts
ReadGlobalPwrPolicy
NdrPointerBufferSize
SetupInitDefaultQueueCallback
PathRemoveBlanksW
CharLowerA
CopyRect
IsWindowVisible
SCardGetCardTypeProviderNameA
CoSwitchCallContext
CoRevokeClassObject
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Direct3D 9 Runtime

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
102400

EntryPoint
0x26a0

OriginalFileName
D3D9.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-185

TimeStamp
2019:01:30 07:01:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
D3D9.dll

ProductVersion
6.1.7601.1751

SubsystemVersion
5.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
28672

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 480d666548357de4e3253fca4ddb1b1c
SHA1 b074c3dfb69f7589d3de470c788cc9be0dda2bc7
SHA256 789d7b218e6db15723851555aad61650a0215edc9d4bbbe8fae5a4d89c4d3395
ssdeep
3072:xMzMSKPZwRTzLJ46m4+8f53xsbRTl1goNG7Hpr:xMuPZQTzLJMKfFSbmoNGd

authentihash b2a96c73047d4cc2046874d6d447e538d074c7ee3a3061003922526a7af9283d
imphash 03f4fe47265af5ee16e03ac75e972a2b
File size 134.4 KB ( 137576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-30 15:18:43 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-31 07:31:56 UTC ( 1 month, 2 weeks ago )
File names D3D9.dll
important.eml
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!