× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e5a549c6c0339a5f88217e6b5b75b745a3c20fe97081b48062b684c4fa5d441
File name: System.Globalization.Calendars.dll
Detection ratio: 0 / 67
Analysis date: 2018-11-14 03:05:52 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast 20181114
Avast-Mobile 20181113
AVG 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181112
BitDefender 20181114
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181114
CMC 20181113
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181114
Cyren 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
Endgame 20181108
ESET-NOD32 20181114
F-Prot 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181114
McAfee-GW-Edition 20181113
Microsoft 20181114
eScan 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181114
Panda 20181113
Qihoo-360 20181114
Rising 20181114
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181114
Symantec 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181113
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181113
VIPRE 20181113
ViRobot 20181113
Webroot 20181114
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name System.Globalization.Calendars.dll
Internal name System.Globalization.Calendars.dll
File version 4.6.24705.01
Description System.Globalization.Calendars
Comments System.Globalization.Calendars
Signature verification Signed file, verified signature
Signing date 5:49 AM 11/5/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 9:17 PM 8/18/2016
Valid to 9:17 PM 11/2/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 6:58 PM 9/7/2016
Valid to 6:58 PM 9/7/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint CC5B869DBD2603381FD2E60C387D299EBE0D06CF
Serial number 33 00 00 00 CB D9 52 06 53 BF 3E 2A 59 00 00 00 00 00 CB
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-05 04:37:17
Entry Point 0x00002A32
Number of sections 3
.NET details
Module Version ID 44853984-65e8-4786-a5fa-15b59fcbd0ee
PE sections
Overlays
MD5 9327ba71e01b73e8f976f7af309c83d6
File type binary Computer Graphics Metafile
Offset 7168
Size 16128
Entropy 7.42
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
System.Globalization.Calendars

InitializedDataSize
3584

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
4.6.24705.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, DLL

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
dll

OriginalFileName
System.Globalization.Calendars.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.6.24705.01

TimeStamp
2016:11:05 05:37:17+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
System.Globalization.Calendars.dll

ProductVersion
4.6.24705.01. Commit Hash: 4d1af962ca0fede10beb01d197367c2f90e92c97

FileDescription
System.Globalization.Calendars

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3072

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x2a32

ObjectFileType
Dynamic link library

AssemblyVersion
4.0.2.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 11702033de781f5fb80aff3570db0a7b
SHA1 30ae8c8e57bcabe27ba675fa84d4da6af3c10ead
SHA256 8e5a549c6c0339a5f88217e6b5b75b745a3c20fe97081b48062b684c4fa5d441
ssdeep
384:Id3ovRqXWDRqSRqj0RqFW5RqXWtRq6Rqq0RqFWB3rq0GftpBjZRqkPERHRN7cRqw:M3AqKqAqjuqOqAqoqquqGiBqkPEBWq8b

authentihash e69ed110b9352b634c8732197d68b63710cc39cc96c071c7f3bc14e80687808d
imphash dae02f32a21e03ce65412f6e56942daa
File size 22.8 KB ( 23296 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
assembly pedll signed overlay

VirusTotal metadata
First submission 2016-11-17 17:22:24 UTC ( 2 years, 3 months ago )
Last submission 2018-05-16 11:36:37 UTC ( 9 months, 1 week ago )
File names upload_6fa5564b_b0b5_4839_bb39_dff27029edee_00524848.tmp
_D6073F8A7032D21BF941FD8A0925A5A3
_EEF8E7BAF6A68C2B31E7391DC27EE766
_6B215609024676A045304E8F7FF0E35A
15141-16160
upload_9dae12a7_9896_4190_a978_2502303a320e_00044238.tmp
upload_78cf4768_ddcc_4023_bccb_ddc75498eff9_02162587.tmp
system.globalization.calendars.dll.3060_1.1894.partial
_31B60FEC36F3352F6F88CF5E1C7F7FF8
upload_6fa5564b_b0b5_4839_bb39_dff27029edee_00564609.tmp
upload_fae00e9c_745e_441d_89fe_782f71dd62b1_00054614.tmp
upload_78cf4768_ddcc_4023_bccb_ddc75498eff9_02164456.tmp
upload_9dae12a7_9896_4190_a978_2502303a320e_00127158.tmp
upload_37b8dcb8_7dee_4e61_92fc_03011d9b83e6_00830686.tmp
upload_6fa5564b_b0b5_4839_bb39_dff27029edee_00522914.tmp
27506-18848
system.globalization.calendars.dll.1248_5.478108.partial
upload_9dae12a7_9896_4190_a978_2502303a320e_00033189.tmp
dss_4735046768562514453.iwmv5q
DotNet46DotNetCoreWebAppLibFile103
upload_37b8dcb8_7dee_4e61_92fc_03011d9b83e6_01025655.tmp
system.globalization.calendars.dll.10720_1.7472.partial
SystemGlobalizationCalendarsDLL
system.globalization.calendars.dll.10932_1.195.partial
System_Globalization_Calendars_dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!