× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f8cd47c6e6050f7beb8ddae72363fc649089662b406cd0e4f7330b2e5f33c46
File name: crypt32.dll
Detection ratio: 2 / 56
Analysis date: 2016-04-01 14:07:20 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AVG Win32/Heim 20160401
Bkav HW64.packed.FC60 20160401
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160322
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160331
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name eapahost.dll
Internal name eapahost.dll
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Microsoft EAPHost Authenticator service
PE header basic information
Target machine x64
Compilation timestamp 2010-12-20 20:48:17
Entry Point 0x00005134
Number of sections 4
PE sections
Overlays
MD5 923ca0f048eb57165735cd33188f5a17
File type data
Offset 363520
Size 5568
Entropy 7.97
PE imports
SetThreadLocale
CreateWaitableTimerA
GetConsoleAliasesLengthA
VerifyConsoleIoHandle
InterlockedPopEntrySList
WriteConsoleInputA
GetConsoleAliasesLengthW
WaitForMultipleObjectsEx
ExitProcess
VirtualProtect
CreateMailslotA
GetTempFileNameW
GetCPInfoExW
GetWindowsDirectoryW
GetCurrentProcessId
AddAtomA
_llseek
CheckNameLegalDOS8Dot3A
WaitForMultipleObjects
HeapWalk
RestoreLastError
CreateMutexA
SetFilePointer
MoveFileA
EnumSystemCodePagesA
lstrcpynA
EnumDateFormatsExW
QueryDosDeviceA
GlobalUnWire
ConnectNamedPipe
SetCurrentDirectoryW
UTRegister
FlushInstructionCache
CreateProcessW
Sleep
SetEndOfFile
OpenJobObjectA
GetUserNameExW
LsaUnregisterPolicyChangeNotification
SaslGetProfilePackageA
AddSecurityPackageA
SaslGetProfilePackageW
DeleteSecurityPackageW
AddCredentialsW
QueryCredentialsAttributesW
LsaLookupAuthenticationPackage
LsaLogonUser
DeleteSecurityPackageA
SetContextAttributesA
QueryCredentialsAttributesA
ImportSecurityContextW
SaslInitializeSecurityContextA
LsaDeregisterLogonProcess
TranslateNameW
SaslIdentifyPackageW
DecryptMessage
QuerySecurityContextToken
SaslIdentifyPackageA
LsaRegisterLogonProcess
LsaEnumerateLogonSessions
GetComputerObjectNameA
LsaConnectUntrusted
GetComputerObjectNameW
LsaFreeReturnBuffer
SaslAcceptSecurityContext
EncryptMessage
ScriptPlace
ScriptShape
ScriptStringOut
ScriptString_pSize
ScriptStringCPtoX
ScriptJustify
ScriptGetCMap
ScriptFreeCache
ScriptItemize
ScriptGetFontProperties
ScriptGetLogicalWidths
ScriptString_pcOutChars
ScriptString_pLogAttr
ScriptStringFree
ScriptXtoCP
ScriptStringValidate
ScriptStringAnalyse
ScriptStringXtoCP
ScriptIsComplex
ScriptTextOut
ScriptRecordDigitSubstitution
ScriptStringGetLogicalWidths
Number of PE resources by type
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
299008

EntryPoint
0x5134

OriginalFileName
eapahost.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:12:20 21:48:17+01:00

FileType
Win64 DLL

PEType
PE32+

InternalName
eapahost.dll

ProductVersion
6.1.7601.17514

FileDescription
Microsoft EAPHost Authenticator service

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
92160

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 8e92b1e9d53112bebc4d760625a4514a
SHA1 1e450103db1cf6c1b4d401234cc0ebc0e76b7472
SHA256 7f8cd47c6e6050f7beb8ddae72363fc649089662b406cd0e4f7330b2e5f33c46
ssdeep
6144:EN8pRwQ2oDe5cQ7llfas0qMtqKjfo8HgxvemsG8eh21m7+e5KaWR:ENQWoDe5cQzaBZjw8AJD8q952

authentihash cea77bc9150637116cf0144209f75c91c42e4a8f02d5158b6a3862d661a46385
imphash 3ad40a6d457c2891c466f1c805343b59
File size 360.4 KB ( 369088 bytes )
File type Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits assembly pedll overlay

VirusTotal metadata
First submission 2016-04-01 14:07:20 UTC ( 3 years, 1 month ago )
Last submission 2016-04-01 14:07:20 UTC ( 3 years, 1 month ago )
File names eapahost.dll
crypt32.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!