× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a5952c82cbcb1a8ece9c51c258667d9ab96d13ec6455873999ff0bf78c3cab0
File name: apisetstub
Detection ratio: 0 / 66
Analysis date: 2019-04-21 08:11:32 UTC ( 19 hours, 52 minutes ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20190421
AVG 20190421
Acronis 20190419
Ad-Aware 20190421
AegisLab 20190421
AhnLab-V3 20190420
Alibaba 20190402
Antiy-AVL 20190419
Arcabit 20190421
Avast 20190421
Avast-Mobile 20190415
Avira (no cloud) 20190421
Babable 20180918
Baidu 20190318
BitDefender 20190421
Bkav 20190420
CAT-QuickHeal 20190420
CMC 20190321
ClamAV 20190420
Comodo 20190421
CrowdStrike Falcon (ML) 20190212
Cyren 20190421
DrWeb 20190421
ESET-NOD32 20190421
Emsisoft 20190421
Endgame 20190403
F-Secure 20190421
FireEye 20190421
Fortinet 20190421
GData 20190421
Ikarus 20190421
Sophos ML 20190313
Jiangmin 20190421
K7AntiVirus 20190421
K7GW 20190421
Kaspersky 20190421
Kingsoft 20190421
MAX 20190421
Malwarebytes 20190421
McAfee 20190421
McAfee-GW-Edition 20190421
eScan 20190421
Microsoft 20190421
NANO-Antivirus 20190421
Palo Alto Networks (Known Signatures) 20190421
Panda 20190421
Qihoo-360 20190421
Rising 20190421
SUPERAntiSpyware 20190418
SentinelOne (Static ML) 20190420
Sophos AV 20190421
TACHYON 20190421
Tencent 20190421
TheHacker 20190421
TotalDefense 20190416
Trapmine 20190325
TrendMicro-HouseCall 20190421
Trustlook 20190421
VBA32 20190419
VIPRE 20190421
ViRobot 20190420
Yandex 20190419
Zillya 20190419
ZoneAlarm by Check Point 20190421
Zoner 20190421
eGambit 20190421
Cybereason 20190417
Symantec Mobile Insight 20190418
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name apisetstub
Internal name apisetstub
File version 10.0.14393.33 (rs1_release_sec.160727-1952)
Description ApiSet Stub DLL
Signature verification Signed file, verified signature
Signing date 5:00 PM 7/28/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 05:42 PM 06/04/2015
Valid to 05:42 PM 09/04/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 07:21 PM 03/30/2016
Valid to 07:21 PM 06/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint A1F3FE643CAC735D7976F27DE33004BE9A309A87
Serial number 33 00 00 00 99 AA C5 81 9F 8C A2 7D 8A 00 00 00 00 00 99
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-28 05:14:53
Number of sections 2
PE sections
Overlays
MD5 8ab97c482d4755b4d3c47be71d29285c
File type data
Offset 2560
Size 15552
Entropy 7.40
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
10.0.14393.33

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ApiSet Stub DLL

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
1024

EntryPoint
0x0000

OriginalFileName
apisetstub

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.14393.33 (rs1_release_sec.160727-1952)

TimeStamp
2016:07:28 07:14:53+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
apisetstub

ProductVersion
10.0.14393.33

SubsystemVersion
10.0

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1024

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.14393.33

Warning
Possibly corrupt Version resource

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
PCAP parents
File identification
MD5 0aeaf9ce58cbd0af1e30d03b45c21f81
SHA1 1ec04dca23eb4d28861a16d5cca0d4feb91e2e32
SHA256 9a5952c82cbcb1a8ece9c51c258667d9ab96d13ec6455873999ff0bf78c3cab0
ssdeep
192:DilSW2ubhWVIqSya6HIp2c9YOCAs/nGfe4pBjSf14WYyieHaVWQ4mWTKIqnaj+uA:WlSWlhWdaCIcPA0GftpBjhg6ClfD7Q

authentihash 0b429f2512a04061bdd7ce284a1d6a456877810b9c947c9fd5f69e7a5270b09f
File size 17.7 KB ( 18112 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
pedll signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with fil3762000C8B446900B1FA7A34B8FE57F5 as its name.
VirusTotal metadata
First submission 2016-08-06 12:00:43 UTC ( 2 years, 8 months ago )
Last submission 2019-04-20 11:38:17 UTC ( 1 day, 16 hours ago )
File names api-ms-win-core-heap-l1-1-0.dll
fil3762000C8B446900B1FA7A34B8FE57F5
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
API-MS-WIN-CORE-HEAP-L1-1-0.DLL
api-ms-win-core-heap-l1-1-0.dll
apimswincoreheapl110.dll_86
clamav-a5683a66194bf158346a304af647c591.tmp
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
89962.tmpscan
_p5_35
api-ms-win-core-heap-l1-1-0.dll
clamav-ae7453f15b170b89ca83856a009dc3f0.tmp
api-ms-win-core-heap-l1-1-0.dll
81fe68.tmpscan
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
8589081.tmpscan
DotNetCoreAgentApp.api_ms_win_core_heap_l1_1_0.dll
clamav-bcad2deef3cab5cdfac5361b58cc18cb.tmp
aa962.tmpscan
e76e8.tmpscan
_FCE182BC9CA14137B23F30195A2EBA30
_APIHEAP
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!