× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bcbc6be2f6347609acd19a767fc63468e1501220e766bd92ee8487355a43b34
File name: msgclient.dll
Detection ratio: 0 / 57
Analysis date: 2015-03-15 16:06:34 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware 20150315
AegisLab 20150315
Yandex 20150314
AhnLab-V3 20150315
Alibaba 20150315
ALYac 20150315
Antiy-AVL 20150315
Avast 20150315
AVG 20150315
Avira (no cloud) 20150315
AVware 20150315
Baidu-International 20150315
BitDefender 20150315
Bkav 20150314
ByteHero 20150315
CAT-QuickHeal 20150314
ClamAV 20150314
CMC 20150313
Comodo 20150315
Cyren 20150315
DrWeb 20150315
Emsisoft 20150315
ESET-NOD32 20150315
F-Prot 20150315
F-Secure 20150315
Fortinet 20150315
GData 20150315
Ikarus 20150315
Jiangmin 20150314
K7AntiVirus 20150315
K7GW 20150315
Kaspersky 20150315
Kingsoft 20150315
Malwarebytes 20150315
McAfee 20150315
McAfee-GW-Edition 20150315
Microsoft 20150315
eScan 20150315
NANO-Antivirus 20150315
Norman 20150315
nProtect 20150313
Panda 20150311
Qihoo-360 20150315
Rising 20150315
Sophos AV 20150315
SUPERAntiSpyware 20150315
Symantec 20150315
Tencent 20150315
TheHacker 20150313
TotalDefense 20150315
TrendMicro 20150315
TrendMicro-HouseCall 20150315
VBA32 20150314
VIPRE 20150315
ViRobot 20150315
Zillya 20150315
Zoner 20150313
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2000 - 2013 ???????? Avira Operations GmbH & Co. KG ? ?? ?????????

Publisher Avira Operations GmbH & Co. KG
Product Avira Antivirus Premium
File version 13.6.1.402
Description Avira Message Client
Signature verification Signed file, verified signature
Signing date 3:43 PM 12/4/2012
Signers
[+] Avira Operations GmbH & Co. KG
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/20/2011
Valid to 12:59 AM 7/20/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 579E1917CA0EDFEDE3642646A474C28C1E8B48B1
Serial number 54 97 1F F2 38 D2 B8 66 F2 7F C3 FE 6C 9A D5 77
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-04 12:11:00
Entry Point 0x0002328D
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
IsValidSid
CopySid
RegEnumKeyExW
RegOpenKeyExW
GetAce
RegQueryValueExW
InitializeAcl
GetLengthSid
GetSecurityInfo
GetAclInformation
AddAce
SetSecurityInfo
GetDriveTypeW
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
HeapDestroy
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetFileTime
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
MoveFileW
GetFullPathNameW
SetLastError
GetSystemTime
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
SetNamedPipeHandleState
SetUnhandledExceptionFilter
ExitThread
DecodePointer
TerminateProcess
LocalFileTimeToFileTime
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
UnlockFile
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
GetProcessHeap
GetComputerNameW
GetTimeFormatW
WaitNamedPipeW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetShortPathNameW
FindResourceW
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
ProcessIdToSessionId
HeapSize
InterlockedCompareExchange
CancelIo
RaiseException
SetFilePointer
ReadFile
CloseHandle
GetModuleHandleW
GetFileAttributesExW
WriteFile
Sleep
strncpy_s
fclose
_time64
_snwprintf
wcsncpy_s
strtoul
_filelength
isspace
_close
strcat_s
_CxxThrowException
wcspbrk
memmove_s
memcpy_s
wcsncmp
memcpy
vswprintf_s
strstr
_vscwprintf
_wcslwr_s
iswspace
_purecall
toupper
memset
wcschr
__RTDynamicCast
swprintf_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_encoded_null
_initterm_e
_wsopen
_strnicmp
_crt_debugger_hook
_getdrive
wcscpy_s
__CxxFrameHandler3
_except_handler4_common
free
wcsspn
_read
iswdigit
_chsize
iswalnum
rand
realloc
__dllonexit
fwprintf
_lseek
swscanf_s
printf
wmemcpy_s
_recalloc
wcsnlen
qsort
_onexit
wcscat_s
wcsncpy
atoi
swscanf
_beginthreadex
_wsplitpath_s
_malloc_crt
malloc
srand
_snwprintf_s
_waccess
_amsg_exit
?terminate@@YAXXZ
_chdrive
_errno
_lock
_wfopen_s
wcsrchr
_wcsicmp
_localtime64_s
_unlock
calloc
_initterm
_wsetlocale
_mktime64
wcsncat_s
__iob_func
__CppXcptFilter
wcsstr
_wtoi
SysFreeString
SHGetSpecialFolderPathW
LoadStringW
Ord(266)
Ord(265)
Ord(1300)
Ord(1298)
CoTaskMemFree
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
AntiVir Avira GmbH.

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.6.1.402

LanguageCode
Neutral 2

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
50688

MIMEType
application/octet-stream

LegalCopyright
2000 - 2013 Avira Operations GmbH & Co. KG

FileVersion
13.6.1.402

TimeStamp
2012:12:04 13:11:00+01:00

FileType
Win32 DLL

PEType
PE32

SubsystemVersion
5.1

ProductVersion
13.6.1.402

FileDescription
Avira Message Client

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

CodeSize
157696

ProductName
Avira Antivirus Premium

ProductVersionNumber
13.6.1.402

EntryPoint
0x2328d

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9f2880ae6511de9819c5ba4b2253a47f
SHA1 6f589f3a5140b3bc9a61658c52270493cd32ebcc
SHA256 7bcbc6be2f6347609acd19a767fc63468e1501220e766bd92ee8487355a43b34
ssdeep
3072:8KR7voYwS6zz6kg5d8zPEjmABjttJ1jpR+4za7Sw9xT9XtOZhyF18Ui4:fpvo6kg5isjfB51jpAZ7px9OZhyN

authentihash 96a2e1095ddec1ad67390d701b1d177f1cbef6f9a44f9535a0b716f55133a11a
imphash 6e2d7e0ea124fc68960ac92fa0482ea3
File size 210.8 KB ( 215840 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2015-02-14 18:57:44 UTC ( 3 years, 11 months ago )
Last submission 2015-02-14 18:57:44 UTC ( 3 years, 11 months ago )
File names msgclient.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!