× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92d7b0e81ba251bcd26134cfdcbac5d364620a86528f9a7a085eaaa20d6eca20
File name: SwDir_1200112.dll
Detection ratio: 0 / 57
Analysis date: 2016-03-08 16:42:07 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20160308
AegisLab 20160308
Yandex 20160308
AhnLab-V3 20160308
Alibaba 20160308
ALYac 20160308
Antiy-AVL 20160308
Arcabit 20160308
Avast 20160308
AVG 20160308
Avira (no cloud) 20160308
AVware 20160308
Baidu 20160225
Baidu-International 20160308
BitDefender 20160308
Bkav 20160308
ByteHero 20160308
CAT-QuickHeal 20160308
ClamAV 20160308
CMC 20160307
Comodo 20160308
Cyren 20160308
DrWeb 20160308
Emsisoft 20160308
ESET-NOD32 20160308
F-Prot 20160308
F-Secure 20160308
Fortinet 20160308
GData 20160308
Ikarus 20160308
Jiangmin 20160308
K7AntiVirus 20160308
K7GW 20160308
Kaspersky 20160308
Malwarebytes 20160308
McAfee 20160308
McAfee-GW-Edition 20160308
Microsoft 20160308
eScan 20160308
NANO-Antivirus 20160308
nProtect 20160308
Panda 20160307
Qihoo-360 20160308
Rising 20160308
Sophos AV 20160308
SUPERAntiSpyware 20160308
Symantec 20160307
Tencent 20160308
TheHacker 20160307
TotalDefense 20160308
TrendMicro 20160308
TrendMicro-HouseCall 20160308
VBA32 20160306
VIPRE 20160308
ViRobot 20160308
Zillya 20160306
Zoner 20160308
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1985-2013 Adobe Systems, Inc.

Product Shockwave
Original name SwDir.dll
Internal name SwDir
File version 12.0r112
Description Shockwave ActiveX Control
Comments Property of Adobe Systems, Inc.. Not for distribution.
Signature verification Signed file, verified signature
Signing date 7:25 AM 3/15/2013
Signers
[+] Adobe Systems Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 9/19/2012
Valid to 12:59 AM 9/20/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 547150A979468761379D0A84E1C6EE7ACB2FDFD9
Serial number 68 0F 63 2D F0 9C 0A 79 D1 0C FB C3 66 04 CD 2B
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-15 06:17:18
Entry Point 0x0001CF45
Number of sections 5
PE sections
Overlays
MD5 88f55d3ee17207217f8452568cd0eabc
File type data
Offset 315392
Size 6544
Entropy 7.31
PE imports
RegCreateKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCloseKey
RegQueryValueExW
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptMsgUpdate
CryptMsgGetAndVerifySigner
CryptMsgOpenToDecode
CertFindCertificateInStore
CryptMsgClose
CertCreateCertificateContext
CertVerifySubjectCertificateContext
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
GetTextExtentPoint32W
SaveDC
CreateRectRgnIndirect
LPtoDP
Rectangle
CreateMetaFileW
GetDeviceCaps
CloseMetaFile
DeleteDC
RestoreDC
SetBkMode
CreateFontW
CreateSolidBrush
GetObjectW
CreateDCW
SetTextColor
GetTextExtentPointW
ExcludeClipRect
GetTextFaceW
BitBlt
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
StretchBlt
SelectObject
SetWindowExtEx
SetTextJustification
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
DeleteMetaFile
GetStdHandle
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetSystemDirectoryW
CreateSemaphoreW
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
WriteFile
lstrcpyW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
SysAllocStringLen
OleTranslateColor
VariantChangeType
LoadRegTypeLib
SysAllocString
VariantInit
DispCallFunc
VariantClear
SysStringByteLen
LoadTypeLib
SysFreeString
SysAllocStringByteLen
OleCreatePropertyFrame
OleLoadPicture
ShellExecuteW
ShellExecuteExW
SetFocus
RegisterClassExW
GetForegroundWindow
SetWindowRgn
CreateDialogIndirectParamW
CharLowerBuffW
IntersectRect
GetWindow
EndDialog
LoadBitmapW
OffsetRect
DefWindowProcW
CreateAcceleratorTableW
GetParent
KillTimer
GetDlgCtrlID
EnumChildWindows
ScreenToClient
ShowWindow
RegisterWindowMessageW
SetWindowPos
GetClassInfoExW
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
InflateRect
EndPaint
SetCapture
ReleaseCapture
DialogBoxParamW
AdjustWindowRectEx
SendDlgItemMessageW
BeginPaint
GetWindowTextLengthW
PostMessageW
GetSysColor
RedrawWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
EqualRect
SendMessageW
UnregisterClassA
CharNextW
GetWindowLongW
PtInRect
LoadStringW
GetClientRect
SetWindowContextHelpId
GetDlgItem
SystemParametersInfoW
MoveWindow
UnionRect
FrameRect
SetRect
DestroyAcceleratorTable
InvalidateRect
SetTimer
CallWindowProcW
GetClassNameW
MapDialogRect
ClientToScreen
FillRect
SetWindowTextW
GetWindowTextW
GetDialogBaseUnits
GetDesktopWindow
LoadCursorW
GetFocus
CreateWindowExW
wsprintfW
InvalidateRgn
DrawTextW
SetCursor
IsChild
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenUrlW
InternetGetConnectedState
InternetOpenW
HttpOpenRequestW
OleUninitialize
OleLockRunning
StringFromGUID2
OleSaveToStream
CreateStreamOnHGlobal
CoCreateGuid
ReadClassStm
CLSIDFromString
CreateOleAdviseHolder
CoGetClassObject
OleRegGetUserType
OleInitialize
CoTaskMemRealloc
CoCreateInstance
OleRegEnumVerbs
CreateDataAdviseHolder
CoTaskMemAlloc
WriteClassStm
GetRunningObjectTable
CLSIDFromProgID
CreateBindCtx
OleRegGetMiscStatus
CoTaskMemFree
PE exports
Number of PE resources by type
RT_STRING 50
RT_BITMAP 5
RT_DIALOG 3
REGISTRY 2
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
SPANISH MODERN 4
SWEDISH 3
DANISH DEFAULT 3
NORWEGIAN BOKMAL 3
FINNISH DEFAULT 3
GERMAN 3
CHINESE TRADITIONAL 3
NEUTRAL SYS DEFAULT 3
CHINESE SIMPLIFIED 3
PORTUGUESE BRAZILIAN 3
JAPANESE DEFAULT 3
FRENCH 3
DUTCH 3
RUSSIAN 3
KOREAN 3
ITALIAN 3
PE resources
ExifTool file metadata
CodeSize
159744

SubsystemVersion
5.1

Comments
Property of Adobe Systems, Inc.. Not for distribution.

InitializedDataSize
154624

ImageVersion
0.0

ProductName
Shockwave

FileVersionNumber
12.0.0.112

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
dll

OriginalFileName
SwDir.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0r112

TimeStamp
2013:03:15 07:17:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
SwDir

ProductVersion
12.0 Development

FileDescription
Shockwave ActiveX Control

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1985-2013 Adobe Systems, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems, Inc.

LegalTrademarks
Director is a registered trademark and Shockwave(tm) is a trademark of Adobe Systems, Inc.

FileSubtype
0

ProductVersionNumber
12.0.0.112

EntryPoint
0x1cf45

ObjectFileType
Dynamic link library

File identification
MD5 2fa9654c41dbe39dd1ab84108ddf6b10
SHA1 cfcb1a1de4fefbf2f4bdfc3f0d0388fec1312585
SHA256 92d7b0e81ba251bcd26134cfdcbac5d364620a86528f9a7a085eaaa20d6eca20
ssdeep
6144:nKLqzm9LdRLZeiXskRLPrtUHl88DTcx9pywB280cUgNOV+199yv:nKLvbRDtal88fc7p9MQROV+199yv

authentihash 794597790b433af1581cb912e5c570f75d4fe49522dd08af2a6ad3dbf0f4cf6b
imphash cff2c2d47eb23097375370c6b409baf4
File size 314.4 KB ( 321936 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (55.3%)
Windows ActiveX control (31.9%)
Win32 Executable MS Visual C++ (generic) (8.5%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.2%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-06-20 12:00:14 UTC ( 5 years, 10 months ago )
Last submission 2013-06-20 12:00:14 UTC ( 5 years, 10 months ago )
File names SwDir_1200112.dll
SwDir_1200112.dll
vt-upload-LUSBAN
SwDir.dll
SwDir_1200112.dll
SwDir_1200112.dll
SwDir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!