× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a0be88396f22cd5c1d61223795bd7ae58c861a67f2790b522caac524ed3f0af
File name: VBoxDD.dll
Detection ratio: 0 / 47
Analysis date: 2013-05-17 11:45:23 UTC ( 5 years, 9 months ago )
Antivirus Result Update
Yandex 20130516
AhnLab-V3 20130517
AntiVir 20130517
Antiy-AVL 20130517
Avast 20130517
AVG 20130517
BitDefender 20130517
ByteHero 20130517
CAT-QuickHeal 20130516
ClamAV 20130517
Commtouch 20130517
Comodo 20130517
DrWeb 20130517
Emsisoft 20130517
eSafe 20130516
ESET-NOD32 20130517
F-Prot 20130517
F-Secure 20130517
Fortinet 20130517
GData 20130517
Ikarus 20130517
Jiangmin 20130517
K7AntiVirus 20130516
K7GW 20130516
Kaspersky 20130517
Kingsoft 20130506
Malwarebytes 20130517
McAfee 20130517
McAfee-GW-Edition 20130517
Microsoft 20130517
eScan 20130517
NANO-Antivirus 20130517
Norman 20130517
nProtect 20130517
Panda 20130517
PCTools 20130517
Rising 20130517
Sophos AV 20130517
SUPERAntiSpyware 20130517
Symantec 20130517
TheHacker 20130516
TotalDefense 20130516
TrendMicro 20130517
TrendMicro-HouseCall 20130517
VBA32 20130517
VIPRE 20130517
ViRobot 20130517
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Oracle Corporation
Signature verification Signed file, verified signature
Signing date 7:03 PM 10/26/2012
Signers
[+] Oracle Corporation
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2011
Valid to 12:59 AM 2/8/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint A88FD9BDAA06BC0F3C491BA51E231BE35F8D1AD5
Serial number 51 9B D9 67 F9 08 01 55 21 A2 0C 0E 93 16 F4 89
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Valid
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-26 18:03:20
Entry Point 0x000C81DF
Number of sections 4
PE sections
PE imports
IcmpSendEcho2
IcmpCreateFile
GetLastError
SetCommBreak
GetOverlappedResult
DeviceIoControl
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
CreateNamedPipeA
DisconnectNamedPipe
GetCurrentProcess
GetDriveTypeA
GetCurrentProcessId
UnhandledExceptionFilter
ClearCommBreak
SetCommMask
WaitForMultipleObjects
SetCommTimeouts
GetSystemPowerStatus
CancelIo
WaitCommEvent
GetCommModemStatus
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
DecodePointer
GetProcAddress
EscapeCommFunction
FreeLibrary
TerminateProcess
ConnectNamedPipe
InterlockedCompareExchange
SetCommState
CreateEventA
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
_malloc_crt
strncmp
sscanf
memset
__dllonexit
_stricmp
abort
strncpy
_amsg_exit
_ftime64
_errno
_lock
_onexit
__clean_type_info_names_internal
strspn
_initterm_e
strchr
_unlock
_crt_debugger_hook
free
strpbrk
_except_handler4_common
memcpy
strstr
memmove
__CxxFrameHandler3
strerror
_encoded_null
__CppXcptFilter
_initterm
memchr
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Size
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
CM_Get_First_Log_Conf
SetupDiEnumDeviceInfo
CM_Get_Next_Res_Des
SetupDiDestroyDeviceInfoList
GetMessageA
CreateWindowExA
GetForegroundWindow
GetWindowLongA
DispatchMessageA
TranslateMessage
PostMessageA
SetWindowLongA
PostQuitMessage
DefWindowProcA
RegisterClassA
g_abVgaBiosBinary
g_cbPcBiosBinary
g_abNetBiosBinary
g_abPcBiosBinary
g_cbVgaBiosBinary
g_cbNetBiosBinary
VDSetPCHSGeometry
VSCSIDeviceLunAttach
VDSetOpenFlags
VDCreate
USBFilterSetNumExpression
VDGetUuid
VSCSIDeviceDestroy
VDSetLCHSGeometry
VSCSIIoReqCompleted
VSCSIIoReqTxDirGet
VDGetLCHSGeometry
VSCSIDeviceLunDetach
VDGetOpenFlags
VSCSIDeviceReqCreate
USBFilterInit
VDIsReadOnly
VDDiscardRanges
VSCSILunDestroy
VDAsyncRead
VDRead
VDGetPCHSGeometry
VDGetSize
VSCSIDeviceReqEnqueue
VDAsyncDiscardRanges
VDCacheOpen
VDAsyncFlush
VDMerge
VDOpen
USBFilterSetNumExact
VSCSILunCreate
USBFilterMatchRated
VDFlush
VDAsyncWrite
VDWrite
VSCSIDeviceCreate
VSCSIIoReqUnmapParamsGet
VSCSIIoReqParamsGet
VDDestroy
RTSemFastMutexRelease
RTTcpSetSendCoalescing
RTSystemQueryDmiString
RTMemPageAllocTag
RTPathExists
RTReqQueueCall
RTTcpSgWrite
RTTimeNanoTS
RTStrToUtf16ExTag
RTSemMutexRelease
RTSemMutexDestroy
RTMemTmpAllocZTag
RTMemCacheAllocEx
RTFileRead
RTStrToUInt8Full
RTUuidFromStr
RTStrPrintfV
RTSemFastMutexDestroy
RTSemEventWait
RTStrSimplePatternMultiMatch
RTFileToNative
RTReqRelease
RTSemRWDestroy
RTReqQueueCallEx
RTStrStr
RTTimeNow
RTMemDupTag
RTSemRWReleaseRead
RTPipeClose
RTFileDelete
RTBldCfgRevision
RTNetIPv4HdrChecksum
RTCidrStrToIPv4
RTMemCacheAlloc
RTUdpServerDestroy
RTThreadCreate
RTFileReadAllFree
RTTcpSelectOne
RTTcpWriteNB
RTSemEventCreate
RTTimeProgramNanoTS
RTTcpRead
RTSystemQueryOSInfo
RTUdpRead
RTStrDupTag
SUPSemEventCreate
RTSocketParseInetAddress
RTRandU32
RTReqQueueIsBusy
RTSemFastMutexCreate
RTTcpClientConnect
RTCritSectInit
RTThreadYield
RTMemCacheDestroy
RTStrNLen
RTReqQueueCreate
RTTcpGetLocalAddress
RTMemTmpAllocTag
RTSemEventWaitNoResume
RTTcpGetPeerAddress
RTHeapOffsetInit
SUPSemEventSignal
RTStrAPrintfVTag
RTStrStripL
RTFileWriteAt
RTMemAllocTag
RTCritSectLeave
RTPathAppend
RTStrCopy
RTReqQueueDestroy
RTSemEventMultiCreate
RTSemEventSignal
RTPipeReadBlocking
SUPSemEventClose
RTMemFree
RTMpGetMaxFrequency
RTThreadUserWait
RTHeapSimpleFree
RTNetIPv4PseudoChecksum
RTTcpSelectOneEx
RTNetUDPChecksum
RTFileReadAllEx
RTAssertShouldPanic
RTThreadUserReset
RTFileSeek
ASMMultU64ByU32DivByU32
RTFileReadAt
RTFileFlush
RTPrintf
RTTimeLocalExplode
RTStrNCmp
RTErrConvertFromWin32
RTMemAllocZTag
RTLogRelDefaultInstance
RTProcSelf
RTPollSetDestroy
RTStrFormatTypeRegister
RTUdpServerCreate
RTTcpWrite
RTSemEventDestroy
RTStrFormat
RTSemFastMutexRequest
RTSemRWRequestWrite
RTPollSetEventsChange
RTStrICmp
RTLogPrintf
RTStrStripR
RTSgBufInit
RTPathAppPrivateArchTop
RTAssertMsg1Weak
RTBldCfgVersionMajor
RTPipeWrite
RTMemReallocTag
RTFileGetSize
RTStrCopyEx
RTUuidCompare2Strs
RTAssertMsg2Weak
RTHeapOffsetFree
RTSemMutexRequest
RTPoll
RTSemMutexCreate
RTPathReal
RTTcpReadNB
RTSemRWReleaseWrite
RTStrFree
RTNetTCPChecksum
RTBldCfgVersionBuild
RTPollSetRemove
RTStrPrintf
RTSemEventMultiSignal
RTHeapOffsetAlloc
RTNetIPv4FinalizeChecksum
RTSemRWRequestRead
RTFileMove
RTBldCfgVersionMinor
RTHeapSimpleInit
RTTcpClientCloseEx
RTFileOpen
RTCritSectDelete
RTFileClose
RTMemTmpFree
RTReqWait
RTStrToInt64Full
RTSemEventMultiWait
RTMemCacheCreate
RTTimeMilliTS
RTCritSectEnter
RTThreadSelf
RTReqQueueProcess
ASMAtomicCmpXchgU8
RTTimeExplode
RTFileWrite
RTThreadUserSignal
RTUuidClear
RTTcpFlush
RTUdpWrite
RTStrStrip
RTPipeRead
RTPipeCreate
RTPollSetAdd
RTUtf16ToUtf8Tag
RTNetIPv6PseudoChecksumEx
RTMemCacheFree
RTSemEventMultiReset
RTStrToUInt16Full
RTThreadSleep
RTDirExists
RTSemRWCreate
RTStrCmp
RTHeapSimpleAlloc
RTMemPageFree
RTStrmWriteEx
RTCritSectTryEnter
SUPSemEventWaitNoResume
RTSemEventMultiDestroy
RTUuidCompare
RTPollSetCreate
RTFileExists
RTThreadCreateF
RTTcpSgWriteNB
RTThreadWait
RTStrNICmp
RTUuidIsNull
RTCrc32
RTHeapSimpleRelocate
PDMR3BlkCacheResume
PGMR3PhysChangeMemBalloon
DBGFR3RegNmQueryU64
SSMR3GetU32
PDMCritSectEnter
TMTimerLock
PDMR3QueryLun
MMHyperR3ToR0
SSMR3HandleGetStatus
IOMMMIOResetRegion
SSMR3PutStruct
PGMHandlerPhysicalReset
PDMR3BlkCacheRelease
SSMR3HandleVersion
SSMR3GetU8
CFGMR3QueryU16
SSMR3HandleGetAfter
MMHyperR3ToRC
SSMR3GetGCPhys32
CFGMR3QueryU8Def
SSMR3PutS32
PGMPhysSimpleReadGCPtr
PGMPhysSimpleDirtyWriteGCPtr
DBGFR3CoreWrite
PDMQueueAlloc
TMR3TimerDestroy
PDMR3AsyncCompletionEpCreateForFile
PDMCritSectTryEnter
CFGMR3QueryStringAlloc
CFGMR3QueryU64Def
PDMR3AsyncCompletionEpSetBwMgr
MMHyperFree
SSMR3PutGCPhys32
CFGMR3QueryU16Def
PDMR3AsyncCompletionEpGetSize
CFGMR3QueryString
PDMR3AsyncCompletionEpFlush
CFGMR3QueryS32
SSMR3Skip
IOMIOPortWrite
SSMR3SkipToEndOfUnit
PDMR3ThreadDestroy
PDMR3AsyncCompletionEpRead
TMTimerFromNano
PDMQueueInsert
TMTimerRCPtr
SSMR3SetCfgError
PDMR3BlkCacheSuspend
SSMR3PutGCPhys
CFGMR3QueryU32
CFGMR3AreValuesValid
TMTimerR0Ptr
TMTimerIsActive
CFGMR3QueryBytes
SSMR3GetBool
TMR3TimerSetCritSect
SSMR3PutU32
SSMR3PutStrZ
PDMR3CritSectDelete
TMTimerSetMicro
CFGMR3QueryU32Def
CFGMR3GetNextChild
CFGMR3QueryStringDef
SSMR3GetStrZ
SSMR3GetMem
PDMR3AsyncCompletionEpClose
SSMR3GetS32
SSMR3PutIOPort
PDMR3BlkCacheRead
CFGMR3QuerySize
PGMR3MappingsUnfix
SSMR3PutBool
TMTimerGet
SSMR3GetIOPort
CFGMR3QueryStringAllocDef
CFGMR3QueryBoolDef
PDMR3CritSectScheduleExitEvent
CFGMR3ValidateConfig
TMTimerStop
PDMR3LdrGetSymbolRCLazy
PDMR3BlkCacheDiscard
PGMHandlerPhysicalPageTempOff
PDMQueueR0Ptr
VMMR3RegisterPatchMemory
PDMR3BlkCacheFlush
CFGMR3GetParent
PDMR3BlkCacheIoXferComplete
PDMQueueRCPtr
SSMR3PutU16
PDMR3BlkCacheClear
CFGMR3GetName
CFGMR3QueryPtr
SSMR3GetStruct
SSMR3PutStructEx
CFGMR3GetFirstChild
PDMCritSectIsInitialized
PGMR3MappingsFix
PDMR3AsyncCompletionEpWrite
SSMR3GetU64
MMHyperAlloc
SSMR3GetGCPhys
CFGMR3QueryInteger
CFGMR3QuerySIntDef
TMTimerUnlock
SSMR3PutU64
PDMR3ThreadSuspend
PDMR3AsyncCompletionTemplateDestroy
TMTimerSet
SSMR3PutU8
VMR3ReqCallNoWait
MMR3HeapFree
PDMCritSectLeave
PDMR3BlkCacheWrite
PGMHandlerPhysicalDeregister
TMTimerSetFrequencyHint
CFGMR3QueryU8
PDMR3AsyncCompletionEpSetSize
VMR3ReqPriorityCallWait
PDMR3NsAllocateBandwidth
TMTimerGetFreq
TMTimerFromMilli
CFGMR3QueryBool
PGMR3MappingsSize
DBGFR3RegPrintf
CFGMR3QueryS32Def
SSMR3GetU16
SSMR3GetS64
VMMR3DeregisterPatchMemory
SSMR3PutS64
PGMR3HandlerPhysicalRegister
SSMR3HandleRevision
CFGMR3GetChild
SSMR3GetStructEx
TMR3TimerSave
VMMGetCpuId
SSMR3SetLoadError
SSMR3PutMem
VMR3ReqCallVoidNoWait
TMR3TimerLoad
TMTimerSetNano
TMTimerSetMillies
CFGMR3QueryPortDef
IOMMMIOMapMMIO2Page
CFGMR3QueryU64
MMR3HyperAllocOnceNoRel
Ord(3)
Ord(1)
Ord(111)
Ord(7)
Ord(115)
Ord(11)
Ord(22)
Ord(20)
WSAWaitForMultipleEvents
Ord(17)
Ord(15)
Ord(52)
Ord(13)
Ord(112)
WSAEventSelect
Ord(6)
Ord(116)
Ord(4)
Ord(19)
Ord(2)
Ord(12)
WSASetEvent
Ord(10)
Ord(23)
Ord(55)
Ord(21)
WSAEnumNetworkEvents
Ord(16)
Ord(14)
Ord(9)
Ord(8)
NtQueryVolumeInformationFile
CoInitializeEx
CoCreateInstance
CoUninitialize
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:10:26 19:03:20+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
821760

LinkerVersion
10.0

FileAccessDate
2013:05:17 12:45:57+01:00

EntryPoint
0xc81df

InitializedDataSize
1426432

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:05:17 12:45:57+01:00

UninitializedDataSize
0

File identification
MD5 889f6644eee102f580e900dc0f6f9348
SHA1 007a15d67066e1eff4dca1eff21b7ac39ff736b3
SHA256 9a0be88396f22cd5c1d61223795bd7ae58c861a67f2790b522caac524ed3f0af
ssdeep
24576:zJTHG+AHUVyg7Ab+2w4SLPRW7DJmtKMiOM4HrvUiLth36hq2Icmj+p:dTG+mPiz2kPRWykOxdth36hq2Icvp

File size 1.9 MB ( 2037592 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (61.9%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (19.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-05-17 11:45:23 UTC ( 5 years, 9 months ago )
Last submission 2013-05-17 11:45:23 UTC ( 5 years, 9 months ago )
File names VBoxDD.dll
VBoxDD.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!