× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84f299382eb33c5ee136ebd0cb1625a06793b42e14a93ae1428d74260457f017
File name: 90cfb153acea2e73c4cd8eaba20f9208
Detection ratio: 0 / 47
Analysis date: 2013-11-07 10:21:54 UTC ( 5 years, 5 months ago )
Antivirus Result Update
Yandex 20131105
AhnLab-V3 20131106
AntiVir 20131107
Antiy-AVL 20131107
Avast 20131107
AVG 20131107
Baidu-International 20131107
BitDefender 20131107
Bkav 20131107
ByteHero 20131105
CAT-QuickHeal 20131107
ClamAV 20131107
Commtouch 20131107
Comodo 20131107
DrWeb 20131107
Emsisoft 20131107
ESET-NOD32 20131107
F-Prot 20131107
F-Secure 20131107
Fortinet 20131107
GData 20131107
Ikarus 20131107
Jiangmin 20131107
K7AntiVirus 20131106
K7GW 20131106
Kaspersky 20131107
Kingsoft 20130829
Malwarebytes 20131107
McAfee 20131107
McAfee-GW-Edition 20131107
Microsoft 20131107
eScan 20131107
NANO-Antivirus 20131107
Norman 20131107
nProtect 20131107
Panda 20131107
Rising 20131107
Sophos AV 20131107
SUPERAntiSpyware 20131106
Symantec 20131107
TheHacker 20131106
TotalDefense 20131106
TrendMicro 20131107
TrendMicro-HouseCall 20131107
VBA32 20131106
VIPRE 20131107
ViRobot 20131107
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2012 Kaspersky Lab ZAO. All Rights Reserved.

Publisher Kaspersky Lab
Product Kaspersky Anti-Virus
Original name HTTPProtocoller.PPL
Internal name HTTPProtocoller
File version 13.0.2.558
Description HTTP Protocoller
Signature verification Signed file, verified signature
Signing date 3:21 PM 12/20/2012
Signers
[+] Kaspersky Lab
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 2/15/2012
Valid to 12:59 AM 3/8/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 90E68EB265AE70DF186A6E20F8DEB2C230EA5EDC
Serial number 16 E5 A7 75 12 03 00 FB 34 19 45 8B 40 D4 08 34
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-20 14:17:59
Entry Point 0x0004CBA5
Number of sections 6
PE sections
PE imports
RegOpenCurrentUser
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
GetLastError
HeapFree
EnterCriticalSection
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetDateFormatW
TlsGetValue
CloseHandle
InterlockedCompareExchange
EncodePointer
GetProcessHeap
GetTimeFormatW
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
InterlockedExchange
CreateSemaphoreW
InterlockedIncrement
ResetEvent
GetSystemTimeAsFileTime
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
InitializeCriticalSection
TryEnterCriticalSection
CreateEventA
InterlockedDecrement
Sleep
TlsSetValue
GetTickCount
GetCurrentThreadId
OpenEventA
LeaveCriticalSection
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Unlock@_Mutex@std@@QAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??1_Mutex@std@@QAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Id_cnt@id@locale@std@@0HA
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_BADOFF@std@@3_JB
?_Init@ios_base@std@@IAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0_Mutex@std@@QAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?clear@ios_base@std@@QAEXH_N@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?widen@?$ctype@G@std@@QBEGD@Z
??1_Container_base12@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Addstd@ios_base@std@@SAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??_7ios_base@std@@6B@
strncmp
_malloc_crt
mbtowc
_lock
sscanf
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
fgetc
??1bad_cast@std@@UAE@XZ
memset
fclose
_ctime32
__dllonexit
_waccess
__RTDynamicCast
isprint
_CxxThrowException
_i64toa
strtoul
??0bad_cast@std@@QAE@PBD@Z
isdigit
fflush
_onexit
strncpy
tolower
strchr
fputc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
isalnum
??2@YAPAXI@Z
fwrite
fgetpos
fsetpos
isalpha
__clean_type_info_names_internal
_crt_debugger_hook
_time32
??_V@YAXPAX@Z
_initterm_e
_atoi64
_amsg_exit
strtol
?terminate@@YAXXZ
rand_s
_itoa
_unlock
wctomb_s
??3@YAXPAX@Z
free
memcpy_s
_except_handler4_common
_fseeki64
_purecall
memcpy
??0exception@std@@QAE@ABV01@@Z
sprintf_s
??8type_info@@QBE_NABV0@@Z
strstr
??1exception@std@@UAE@XZ
__CxxFrameHandler3
memmove
??0exception@std@@QAE@ABQBD@Z
isspace
_lock_file
atoi
_encoded_null
memchr
??0bad_cast@std@@QAE@ABV01@@Z
__CppXcptFilter
ungetc
??0exception@std@@QAE@XZ
_initterm
_unlock_file
setvbuf
wsprintfA
PE exports
Number of PE resources by type
DISCARDABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 2
ENGLISH US 1
PE resources
File identification
MD5 90cfb153acea2e73c4cd8eaba20f9208
SHA1 6e2b6b8ce678fbf525057a8b6a94c9828024c535
SHA256 84f299382eb33c5ee136ebd0cb1625a06793b42e14a93ae1428d74260457f017
ssdeep
6144:k66c/a9PofySbAbda+lBpoyfal+G/n/TN/SmmPXGl3P95eHrd5WpOBoDFW3E:kzWKPXrBa+rpVfa4ymPal8HBMrX

File size 538.0 KB ( 550920 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-11-07 10:21:54 UTC ( 5 years, 5 months ago )
Last submission 2013-11-07 10:21:54 UTC ( 5 years, 5 months ago )
File names HTTPProtocoller
HTTPProtocoller.PPL
90cfb153acea2e73c4cd8eaba20f9208
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!