× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0bf5f1ed8d34fd0b6cb1432618986f90256ef4f8c86a1460823e6dfa8edd8ca
File name: smona124907697593747904417
Detection ratio: 0 / 41
Analysis date: 2009-07-31 23:54:07 UTC ( 5 years, 9 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20090731
AhnLab-V3 20090731
AntiVir 20090731
Antiy-AVL 20090731
Authentium 20090731
Avast 20090731
BitDefender 20090731
CAT-QuickHeal 20090730
ClamAV 20090731
Comodo 20090731
DrWeb 20090731
F-Prot 20090731
F-Secure 20090731
Fortinet 20090731
GData 20090731
Ikarus 20090731
Jiangmin 20090731
K7AntiVirus 20090731
Kaspersky 20090731
McAfee 20090731
McAfee+Artemis 20090731
McAfee-GW-Edition 20090731
Microsoft 20090731
NOD32 20090731
Norman 20090731
PCTools 20090731
Panda 20090731
Prevx 20090731
Rising 20090731
Sophos 20090731
Sunbelt 20090731
Symantec 20090731
TheHacker 20090730
TrendMicro 20090731
VBA32 20090731
ViRobot 20090731
VirusBuster 20090731
a-squared 20090731
eSafe 20090730
eTrust-Vet 20090731
nProtect 20090731
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 1987-2000 Microsoft Corp.

Publisher Microsoft Corporation
Product Microsoft Winsock Control
Internal name MSWINSCK.OCX
File version 6.01.9816
Description Microsoft Winsock Control DLL
Comments March 24, 2009
Signature verification Signed file, verified signature
Signing date 8:56 PM 3/24/2009
Signers
[+] Microsoft Corporation
Status Certificate out of its validity period
Valid from 10:24 PM 10/22/2008
Valid to 10:34 PM 1/22/2010
Valid usage Code Signing
Algorithm SHA1
Thumbprint 9E95C625D81B2BA9C72FD70275C3699613AF61E3
Serial number 61 06 27 81 00 00 00 00 00 08
[+] Microsoft Code Signing PCA
Status Certificate out of its validity period
Valid from 11:31 PM 8/22/2007
Valid to 8:00 AM 8/25/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status Certificate out of its validity period
Valid from 2:53 AM 9/16/2006
Valid to 3:03 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint A1DC024FC8B2A76745D4661F663B8741C3D35313
Serial number 61 47 52 BA 00 00 00 00 00 04
[+] Microsoft Timestamping PCA
Status Valid
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-24 17:47:18
Entry Point 0x000012F8
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetDeviceCaps
GetObjectA
SelectObject
GetWindowExtEx
SetMapMode
DeleteDC
CreateDCA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateRectRgnIndirect
LPtoDP
BitBlt
GetViewportExtEx
CreateCompatibleDC
DeleteObject
GetLastError
HeapFree
EnterCriticalSection
lstrlenA
GetFileAttributesA
FreeLibrary
HeapAlloc
IsBadWritePtr
GetModuleFileNameA
LoadLibraryA
DeleteCriticalSection
GetLocaleInfoA
LockResource
lstrlenW
GetWindowsDirectoryA
MultiByteToWideChar
GetProcAddress
GetProcessHeap
WideCharToMultiByte
lstrcmpiA
lstrcmpA
InterlockedIncrement
DisableThreadLibraryCalls
HeapReAlloc
GetVersion
LocalFree
InitializeCriticalSection
LoadResource
InterlockedDecrement
FormatMessageA
GetTickCount
GetCurrentThreadId
FindResourceA
SetLastError
LeaveCriticalSection
SysStringLen
SysStringByteLen
SysAllocString
SafeArrayCreate
SafeArrayGetElemsize
OleCreatePropertyFrame
CreateErrorInfo
SafeArrayAccessData
SafeArrayGetLBound
UnRegisterTypeLib
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetUBound
VariantInit
LoadTypeLibEx
LoadTypeLib
SysFreeString
SysAllocStringByteLen
LoadRegTypeLib
VariantChangeType
SafeArrayRedim
SetErrorInfo
SysAllocStringLen
RegisterTypeLib
VariantClear
GetErrorInfo
SafeArrayGetDim
SetFocus
DrawEdge
RegisterClassA
GetParent
IntersectRect
EndDialog
BeginPaint
OffsetRect
CreateDialogIndirectParamA
KillTimer
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
SetWindowPos
SetWindowRgn
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetWindowLongA
IsWindowEnabled
GetWindow
GetDlgItemInt
GetDC
GetKeyState
ReleaseDC
EqualRect
LoadStringA
SetParent
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
WinHelpA
GetNextDlgTabItem
ClientToScreen
wsprintfA
CreateWindowExA
LoadCursorA
GetActiveWindow
CharNextA
SetDlgItemInt
UnregisterClassA
DestroyWindow
IsChild
IsDialogMessageA
PtInRect
shutdown
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
inet_ntoa
WSAGetLastError
WSACancelAsyncRequest
gethostname
getsockopt
WSAAsyncGetHostByName
recv
inet_addr
send
ntohs
select
gethostbyaddr
WSAAsyncGetHostByAddr
listen
__WSAFDIsSet
WSAAsyncSelect
gethostbyname
WSASetLastError
WSACleanup
closesocket
setsockopt
socket
getpeername
bind
recvfrom
sendto
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateOleAdviseHolder
PE exports
Number of PE resources by type
RT_STRING 20
RT_DIALOG 2
RT_ICON 2
RT_GROUP_ICON 2
TYPELIB 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
ExifTool file metadata
CodeSize
71680

SubsystemVersion
4.0

Comments
March 24, 2009

InitializedDataSize
34816

ImageVersion
0.0

ProductName
Microsoft Winsock Control

FileVersionNumber
6.1.98.16

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
5.2

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.01.9816

TimeStamp
2009:03:24 18:47:18+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSWINSCK.OCX

ProductVersion
6.01.9816

FileDescription
Microsoft Winsock Control DLL

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1987-2000 Microsoft Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
6.1.98.16

EntryPoint
0x12f8

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 40fce4be52f6015c23fd96a4b3351357
SHA1 f4a23cee42125f20444a4b005555d631df2aaacf
SHA256 a0bf5f1ed8d34fd0b6cb1432618986f90256ef4f8c86a1460823e6dfa8edd8ca
ssdeep
3072:0FC6rqnaHjlH2czX/t9VO5XJicR4Wp/J3HA3+CZYZ1c:0FClQhH9VDcRfDoCc

authentihash ef4111b01cede4ebeaf38c5b33978d2a562e53dda36ff59cd1e5c7ad5c9d2be0
imphash 4d78a6f6ab4a33532c81e798de411de2
File size 124.8 KB ( 127808 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (87.1%)
Win32 Dynamic Link Library (generic) (4.9%)
Win32 Executable (generic) (3.3%)
Win16/32 Executable Delphi generic (1.5%)
Generic Win/DOS Executable (1.4%)
Tags
pedll signed

VirusTotal metadata
First submission 2009-07-14 04:08:50 UTC ( 5 years, 9 months ago )
Last submission 2015-02-24 00:56:30 UTC ( 2 months, 1 week ago )
File names vsll02mq.0ri
vsdl0jei.4j1
vs060jo8.l64
vsdl0jei.4i5
vsdl0dml.7it
vsll076d.ppk
vsom1cdd.lmg
vsll1q23.c47
vsdl1nnr.4j0
vs5l04u7.t4e
vsll02mq.0rd
vs5l04u7.t4n
vsi80lvo.sla
vsi80lvo.slj
vs861tej.4hi
vs2a18mm.kqv
vstl14s1.ihp
vsom1cdd.lm7
vstl1pgj.10j
vsll0j7r.kj3
vs2a18mm.kr8
vsck0f3j.hfm
vsck0f3j.hfv
vsl01pgh.bdq
vso60398.224
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!