× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a791af9e3861e231662b657098a823b21a084cbb6a4901d6ccf363405849a78
File name: System.Threading.dll
Detection ratio: 0 / 69
Analysis date: 2019-02-21 18:14:31 UTC ( 16 hours, 46 minutes ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20190221
AVG 20190221
Acronis 20190221
Ad-Aware 20190221
AegisLab 20190221
AhnLab-V3 20190221
Alibaba 20180921
Antiy-AVL 20190221
Arcabit 20190221
Avast 20190221
Avast-Mobile 20190221
Avira (no cloud) 20190221
Babable 20180918
Baidu 20190215
BitDefender 20190221
Bkav 20190221
CAT-QuickHeal 20190221
CMC 20190221
ClamAV 20190221
Comodo 20190221
CrowdStrike Falcon (ML) 20181023
Cylance 20190221
Cyren 20190221
DrWeb 20190221
ESET-NOD32 20190221
Emsisoft 20190221
Endgame 20190215
F-Prot 20190221
F-Secure 20190221
Fortinet 20190220
GData 20190221
Ikarus 20190221
Sophos ML 20181128
Jiangmin 20190221
K7AntiVirus 20190221
K7GW 20190221
Kaspersky 20190221
Kingsoft 20190221
MAX 20190221
Malwarebytes 20190221
McAfee 20190221
McAfee-GW-Edition 20190221
eScan 20190221
Microsoft 20190221
NANO-Antivirus 20190221
Palo Alto Networks (Known Signatures) 20190221
Panda 20190221
Qihoo-360 20190221
Rising 20190221
SUPERAntiSpyware 20190220
SentinelOne (Static ML) 20190203
Sophos AV 20190221
Symantec 20190221
TACHYON 20190221
Tencent 20190221
TheHacker 20190217
TotalDefense 20190221
Trapmine 20190123
TrendMicro 20190221
TrendMicro-HouseCall 20190221
Trustlook 20190221
VBA32 20190221
ViRobot 20190221
Webroot 20190221
Yandex 20190221
Zillya 20190221
ZoneAlarm by Check Point 20190221
Zoner 20190220
eGambit 20190221
Cybereason 20180308
Symantec Mobile Insight 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation 2011

Product Reactive Extensions Core Library
Original name System.Threading.dll
Internal name System.Threading.dll
File version 1.0.2856.0
Description System.Threading
Signature verification Signed file, verified signature
Signing date 7:21 PM 2/9/2011
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 10:53 PM 07/19/2010
Valid to 10:53 PM 10/19/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9BF69D5E8D01A92F413B60A4BE003E323CB52F7F
Serial number 61 08 77 5F 00 00 00 00 00 4A
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 11:22 PM 01/25/2006
Valid to 11:32 PM 01/25/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FDD1314ED3268A95E198603BA8316FA63CBCD82D
Serial number 61 15 08 27 00 00 00 00 00 0C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 07:13 PM 07/25/2008
Valid to 07:23 PM 07/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 7CB0244C7CEC5283E7EFDADF5CCC58772DD67F42
Serial number 61 04 B3 F5 00 00 00 00 00 0D
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-09 18:14:13
Entry Point 0x0005E44E
Number of sections 3
.NET details
Module Version ID dba5258d-29e2-4ab4-bcbd-79b4549af8f7
PE sections
Overlays
MD5 e3a961d96eb3d6d24d7a6695165e2356
File type data
Offset 380416
Size 6992
Entropy 7.40
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1536

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.2856.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
System.Threading

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x5e44e

OriginalFileName
System.Threading.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corporation 2011

FileVersion
1.0.2856.0

TimeStamp
2011:02:09 19:14:13+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
System.Threading.dll

ProductVersion
1.0.2856.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
378368

ProductName
Reactive Extensions Core Library

ProductVersionNumber
1.0.2856.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
1.0.2856.102

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 f5ee17938d7c545bf62ad955803661c7
SHA1 dd0647d250539f1ec580737de102e2515558f422
SHA256 8a791af9e3861e231662b657098a823b21a084cbb6a4901d6ccf363405849a78
ssdeep
6144:mH4bNycoylcQQAzB0ebN+pM4CHavptCyO3mEQGS/eoO4:mYbNWQQAzB0e176veD3mPh/O4

authentihash b531a26d4c0d93ffdae77f65dfec5dc24300fccfd63d95026c39af2c153c3ec8
imphash dae02f32a21e03ce65412f6e56942daa
File size 378.3 KB ( 387408 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (84.0%)
Win64 Executable (generic) (9.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
OS/2 Executable (generic) (0.7%)
Tags
pedll assembly signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with u7 as its name.
VirusTotal metadata
First submission 2011-03-04 20:29:02 UTC ( 7 years, 11 months ago )
Last submission 2019-01-05 00:15:52 UTC ( 1 month, 2 weeks ago )
File names system.threading.dll.7280_1.19349.partial
System.Threading.dll
system.threading.dll
TPL
ddeb05.tmpscan
8a791af9e3861e23_System.Threading.dll.~1
system.threading.dll1
system.threading.dll
3c92e7d0-9cba-4845-b883-bd3f04c35a5e.tmp
Provance.Asset.Library_3.5.2016.0_SystemThreading
F_System.Threading.dll32
SystemThreading.dll
f8b3ee1.tmpscan
u40
u41
system.threading.dll.25060_1.1944.partial
del5f1b.tmp
u48
system.threading.dll
System.Threading.File
4076916.tmpscan
File_System.Threading.dll
system.threading.dll
system.threading.dll.7776_1.25255.partial
118
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!