× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9198dadf6a653f4e20776a292800d1c80e722e14fd0772ddd05bc23b6ce1001a
File name: NuGet.Core.dll
Detection ratio: 0 / 66
Analysis date: 2018-06-23 06:32:06 UTC ( 8 months ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20180623
AVG 20180623
AVware 20180623
Ad-Aware 20180623
AegisLab 20180622
AhnLab-V3 20180622
Antiy-AVL 20180623
Arcabit 20180623
Avast 20180623
Avast-Mobile 20180622
Avira (no cloud) 20180622
Babable 20180406
Baidu 20180622
BitDefender 20180623
Bkav 20180623
CAT-QuickHeal 20180622
CMC 20180623
ClamAV 20180623
Comodo 20180623
CrowdStrike Falcon (ML) 20180530
Cylance 20180623
Cyren 20180623
DrWeb 20180623
ESET-NOD32 20180623
Emsisoft 20180623
Endgame 20180612
F-Prot 20180623
F-Secure 20180622
Fortinet 20180623
GData 20180623
Ikarus 20180622
Sophos ML 20180601
Jiangmin 20180623
K7AntiVirus 20180622
K7GW 20180623
Kaspersky 20180623
Kingsoft 20180623
MAX 20180623
Malwarebytes 20180623
McAfee 20180623
McAfee-GW-Edition 20180623
eScan 20180623
Microsoft 20180623
NANO-Antivirus 20180623
Palo Alto Networks (Known Signatures) 20180623
Panda 20180622
Qihoo-360 20180623
Rising 20180623
SUPERAntiSpyware 20180623
SentinelOne (Static ML) 20180618
Sophos AV 20180623
Symantec 20180622
TACHYON 20180623
Tencent 20180623
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180623
TrendMicro-HouseCall 20180623
VBA32 20180622
VIPRE 20180623
ViRobot 20180623
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180623
Zoner 20180622
eGambit 20180623
Alibaba 20180622
Cybereason 20180225
Symantec Mobile Insight 20180619
Trustlook 20180623
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product NuGet
Original name NuGet.Core.dll
Internal name NuGet.Core.dll
File version 2.12.0.817
Description NuGet.Core
Comments NuGet.Core is the core framework assembly for NuGet that the rest of NuGet builds upon.
Signature verification Signed file, verified signature
Signing date 10:43 PM 5/24/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 6:42 PM 6/4/2015
Valid to 6:42 PM 9/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:21 PM 3/30/2016
Valid to 8:21 PM 6/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 838C7B8BC3FA060AFB25993A19B9A76AE7E06230
Serial number 33 00 00 00 9D 42 68 EE 31 1C D7 56 BD 00 00 00 00 00 9D
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-24 21:33:30
Entry Point 0x000A13DE
Number of sections 3
.NET details
Module Version ID 2ce18daa-0150-492e-9cef-ec1c35c43904
PE sections
Overlays
MD5 4d76316355d920a8549fffa02020fba6
File type data
Offset 654848
Size 6832
Entropy 7.43
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
NuGet.Core is the core framework assembly for NuGet that the rest of NuGet builds upon.

InitializedDataSize
2048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.12.0.817

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
NuGet.Core

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0xa13de

OriginalFileName
NuGet.Core.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
2.12.0.817

TimeStamp
2016:05:24 22:33:30+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
NuGet.Core.dll

ProductVersion
2.12.0-rtm-817

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
652288

ProductName
NuGet

ProductVersionNumber
2.12.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

AssemblyVersion
2.12.0.817

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 5fc063c0b98f60a42099c1a02c4d893f
SHA1 bb4bb8fa66e2a859b9046b48a4ed87f2daafcbbd
SHA256 9198dadf6a653f4e20776a292800d1c80e722e14fd0772ddd05bc23b6ce1001a
ssdeep
6144:yA8Kk2UKN5zPAaYIC2BbjiMDBj9NbmptYUe7tq6c95XwSoiN+pgJkDgpHDLZieSo:R8Kk2xhoaY58bjXe/SvasCmS

authentihash c88f8360fffab394de88da2d4a7111eecfbca07f770b2daa52d5faa65845e683
imphash dae02f32a21e03ce65412f6e56942daa
File size 646.2 KB ( 661680 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic .NET DLL/Assembly (80.3%)
Win64 Executable (generic) (9.3%)
Windows screen saver (4.4%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
pedll assembly signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with NuGet.Core.dll as its name.
VirusTotal metadata
First submission 2016-08-10 07:12:29 UTC ( 2 years, 6 months ago )
Last submission 2016-08-10 07:12:29 UTC ( 2 years, 6 months ago )
File names vsk801ig.l7c
NuGet.Core.dll
dss_5350802746719352036.d35u8q
vsoj1dbg.326
NuGet.Core.dll
vsk801ig.kca
1252
vsk801ig.kto
vsll06fq.386
vsq00o23.fm5
dss_4639136304506569868.cmist9
vs5l018q.7i0
vso61dfl.oeu
9198DADF6A653F4E20776A292800D1C80E722E14FD0772DDD05BC23B6CE1001A
dss_4854436078230668341.hmaaxz
vs480bjq.78e
dss_5098563685408189600.woqvr8
425
vsk81qo7.ge9
NuGet.Core.dll
533
vs5l0j8g.pfc
vsad0i6q.vh4
dss_4618901604336048838.juiusz
vspd0gb0.5q6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!