× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0ef778267e2d464084c27feac387e8356d7562e8ae936e44259e141a26ea2f6
File name: winp8085958986778484794.dll
Detection ratio: 0 / 63
Analysis date: 2018-07-01 17:07:09 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180701
AegisLab 20180701
AhnLab-V3 20180701
ALYac 20180701
Antiy-AVL 20180701
Arcabit 20180701
Avast 20180701
Avast-Mobile 20180701
AVG 20180701
Avira (no cloud) 20180701
AVware 20180701
Babable 20180406
Baidu 20180628
BitDefender 20180701
Bkav 20180630
CAT-QuickHeal 20180701
ClamAV 20180701
CMC 20180701
Comodo 20180701
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180701
DrWeb 20180701
eGambit 20180701
Emsisoft 20180701
Endgame 20180612
ESET-NOD32 20180701
F-Prot 20180701
F-Secure 20180701
Fortinet 20180701
GData 20180701
Ikarus 20180701
Sophos ML 20180601
Jiangmin 20180701
K7AntiVirus 20180701
K7GW 20180701
Kaspersky 20180701
Kingsoft 20180701
Malwarebytes 20180701
MAX 20180701
McAfee 20180701
McAfee-GW-Edition 20180701
Microsoft 20180701
eScan 20180701
NANO-Antivirus 20180701
Palo Alto Networks (Known Signatures) 20180701
Panda 20180701
Qihoo-360 20180701
SentinelOne (Static ML) 20180701
Sophos AV 20180701
SUPERAntiSpyware 20180701
Symantec 20180630
TACHYON 20180701
Tencent 20180701
TheHacker 20180628
TotalDefense 20180701
Trustlook 20180701
VBA32 20180629
VIPRE 20180701
ViRobot 20180701
Webroot 20180701
Yandex 20180629
Zillya 20180629
ZoneAlarm by Check Point 20180701
Zoner 20180701
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:17 AM 1/3/2013
Signers
[+] CloudBees, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA
Valid from 1:00 AM 7/12/2011
Valid to 12:59 AM 7/12/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A7DCFBAFC2F0D80E94F72AF6B9F1628DB9AAF6A8
Serial number 0C 62 6C 93 7E D7 86 FF 46 56 17 CD 5C 91 8F 52
[+] COMODO Code Signing CA
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 4/27/2011
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 020FBF800E05671535ABB3F28033158E3ADA97FB
Serial number 73 57 8C 71 6D B3 95 53 13 7D F3 09 73 18 AB FE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-03 05:09:32
Entry Point 0x00001401
Number of sections 5
PE sections
Overlays
MD5 d5429d48342b54ab9f7cd201282aee0c
File type data
Offset 6656
Size 7336
Entropy 7.43
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetPriorityClass
Process32NextW
LocalFree
GetCurrentProcess
lstrcpyW
HeapFree
LocalAlloc
OpenProcess
GetLastError
CreateToolhelp32Snapshot
GetVersionExW
VirtualQueryEx
HeapAlloc
SetLastError
ReadProcessMemory
TerminateProcess
CloseHandle
lstrlenW
Process32FirstW
GetProcessHeap
EnumProcesses
ExitWindowsEx
ZwQuerySystemInformation
ZwQueryInformationProcess
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2013:01:03 06:09:32+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
2048

LinkerVersion
9.0

EntryPoint
0x1401

InitializedDataSize
3584

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 05748caa208c2539c24e67912d405091
SHA1 43d60a4f83ba42d9bb10d18c46919c7ff3def21c
SHA256 a0ef778267e2d464084c27feac387e8356d7562e8ae936e44259e141a26ea2f6
ssdeep
192:PXRDLZQUZX+gjIsIiq9CaPQMbFfHix8Ar9WIDe+P6z7Jlwhhzwg2zrax:99JX+gksIiKCaPNVCx/xDPkwhhzx

authentihash 68bea6d0ea89ab293af13ba441ddd78a2bd7e2056caf2f1dbdc81c764b9362a1
imphash f95081a3c0100907e8d860e76c1d7fca
File size 13.7 KB ( 13992 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-04-13 09:18:11 UTC ( 5 years, 9 months ago )
Last submission 2018-05-28 17:06:04 UTC ( 7 months, 3 weeks ago )
File names winp1957231140446958210.dll
winp7651120905327423351.dll
winp9182232985060244201.dll
winp2397686236077557874.dll
nav3670.tmp
winp8035365821650282549.dll
winp4609355350612652001.dll
winp3143358668980832834.dll
winp9141660097967657750.dll
winp8509504344339524372.dll
winp6558526057057182912.dll
winp4944250362336452805.dll
winp382160750030131345.dll
winp5114272032165144658.dll
winp2401744727985648850.dll
winp2528001963550866066.dll
winp5598978891794255227.dll
winp6681173472088633667.dll
winp5963198299967179952.dll
winp2920469544936666758.dll
winp3202465087162672360.dll
winp8822626524637765645.dll
winp8085958986778484794.dll
winp5205085352129898657.dll
winp8226433657471454775.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!