× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7eacff3c5c3c4e97407632735bfd93f5ce20659aacd66a6870db3a571839adb
File name: SOS.dll
Detection ratio: 0 / 69
Analysis date: 2019-02-11 00:09:42 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Acronis 20190208
Ad-Aware 20190210
AegisLab 20190210
AhnLab-V3 20190210
Alibaba 20180921
ALYac 20190210
Antiy-AVL 20190210
Arcabit 20190210
Avast 20190211
Avast-Mobile 20190210
AVG 20190211
Avira (no cloud) 20190210
Babable 20180918
Baidu 20190202
BitDefender 20190211
Bkav 20190201
CAT-QuickHeal 20190210
ClamAV 20190210
CMC 20190210
Comodo 20190210
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190211
Cyren 20190211
DrWeb 20190210
eGambit 20190211
Emsisoft 20190210
Endgame 20181108
ESET-NOD32 20190210
F-Prot 20190211
F-Secure 20190210
Fortinet 20190210
GData 20190210
Ikarus 20190210
Sophos ML 20181128
Jiangmin 20190211
K7AntiVirus 20190210
K7GW 20190210
Kaspersky 20190211
Kingsoft 20190211
Malwarebytes 20190210
MAX 20190211
McAfee 20190210
McAfee-GW-Edition 20190210
Microsoft 20190210
eScan 20190210
NANO-Antivirus 20190210
Palo Alto Networks (Known Signatures) 20190211
Panda 20190210
Qihoo-360 20190211
Rising 20190210
SentinelOne (Static ML) 20190203
Sophos AV 20190211
SUPERAntiSpyware 20190206
Symantec 20190210
Symantec Mobile Insight 20190207
TACHYON 20190210
Tencent 20190211
TheHacker 20190203
TotalDefense 20190210
Trapmine 20190123
TrendMicro 20190210
TrendMicro-HouseCall 20190210
Trustlook 20190211
VBA32 20190208
ViRobot 20190210
Webroot 20190211
Yandex 20190210
Zillya 20190208
ZoneAlarm by Check Point 20190211
Zoner 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Core
Original name SOS.dll
Internal name SOS.dll
File version 4.6.26515.07 @BuiltBy: dlab-DDVSOWINAGE078 @Branch: release/2.1 @SrcCode: https://github.com/dotnet/coreclr/tree/d9d6f990a3737e221294b41a579afba0c4f7f9c4
Description Microsoft NTSD extension for .NET Runtime
Comments Flavor=Retail
Signature verification Signed file, verified signature
Signing date 6:53 PM 5/15/2018
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 07:11 PM 08/11/2017
Valid to 07:11 PM 08/11/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5EAD300DC7E4D637948ECB0ED829A072BD152E17
Serial number 33 00 00 01 79 7C 2E 57 4E 52 E1 CA D6 00 01 00 00 01 79
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 04:58 PM 09/07/2016
Valid to 04:58 PM 09/07/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6BE5914194CE7F4A034EA03FF3CC52CA48D295A1
Serial number 33 00 00 00 BF 91 6C FB 7C 1A 24 E0 22 00 00 00 00 00 BF
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-15 17:51:16
Entry Point 0x000530C0
Number of sections 5
PE sections
Overlays
MD5 b8316011a99b41ba543de232fdb9f19f
File type data
Offset 640512
Size 16008
Entropy 7.43
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
UnmapViewOfFile
FileTimeToSystemTime
GetModuleFileNameW
DeleteFiber
K32GetModuleInformation
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
DebugBreak
TlsAlloc
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
CreateFiber
DeleteCriticalSection
GetCurrentProcess
InterlockedFlushSList
FileTimeToLocalFileTime
GetFileSize
LockResource
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetProcAddress
InitializeSListHead
EncodePointer
GetProcessHeap
GetTimeFormatW
RaiseException
WideCharToMultiByte
MapViewOfFile
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
SwitchToFiber
CreateFileMappingA
FindNextFileA
TerminateProcess
GetModuleHandleW
SetEvent
GlobalMemoryStatus
LoadLibraryW
CreateEventW
ConvertThreadToFiber
ResetEvent
LoadResource
FindClose
TlsGetValue
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
GetCurrentProcessId
SetLastError
LeaveCriticalSection
SysFreeString
SysAllocStringLen
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
_free_base
malloc
_calloc_base
free
realloc
_configure_narrow_argv
_cexit
_register_onexit_function
terminate
_set_invalid_parameter_handler
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
abort
_initialize_onexit_table
_initialize_narrow_environment
_initterm
_initterm_e
_seh_filter_dll
_crt_atexit
__stdio_common_vfprintf
fopen_s
__stdio_common_vfprintf_s
__stdio_common_vsscanf
__stdio_common_vsnwprintf_s
fclose
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fopen
__stdio_common_vsnprintf_s
strncmp
strncpy_s
_stricmp
wcsncpy_s
wcscpy_s
isdigit
wcstok_s
strlen
isxdigit
wcslen
isalpha
wcscat_s
strcpy_s
isspace
strcat_s
_wcsicmp
tolower
wcscspn
wcsncmp
iswprint
wcsncat_s
isupper
DebugCreate
SymFindFileInPathW
CoTaskMemFree
CoCreateInstance
CoInitialize
PE exports
Number of PE resources by type
TEXT 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

Comments
Flavor=Retail

LinkerVersion
14.13

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.26515.7

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft NTSD extension for .NET Runtime

ImageFileCharacteristics
Executable, Large address aware, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
1161728

PrivateBuild
FX_VER_PRIVATEBUILD_STR

EntryPoint
0x530c0

OriginalFileName
SOS.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
4.6.26515.07 @BuiltBy: dlab-DDVSOWINAGE078 @Branch: release/2.1 @SrcCode: https://github.com/dotnet/coreclr/tree/d9d6f990a3737e221294b41a579afba0c4f7f9c4

TimeStamp
2018:05:15 19:51:16+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
SOS.dll

ProductVersion
4.6.26515.07 @BuiltBy: dlab-DDVSOWINAGE078 @Branch: release/2.1 @SrcCode: https://github.com/dotnet/coreclr/tree/d9d6f990a3737e221294b41a579afba0c4f7f9c4

UninitializedDataSize
0

OSVersion
6.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
384000

ProductName
Microsoft .NET Core

ProductVersionNumber
4.6.26515.7

FileTypeExtension
dll

ObjectFileType
Unknown

File identification
MD5 0703b988139a537a8f3121af7fbee281
SHA1 530048535c1916080ef897b403f7cbc492e970d1
SHA256 a7eacff3c5c3c4e97407632735bfd93f5ce20659aacd66a6870db3a571839adb
ssdeep
12288:08D598u2ZpXzjCvrwgF1c+bQ+xYb/2yElwh6ecp5f:0i59uMvrwgF19bf4uyE25cz

authentihash 273495ac834d058b6136c1822740e603f32408e8e46dd6f42c9b1d58fd87926a
imphash 118bbdf056a631a2448e2ee0eec805bd
File size 641.1 KB ( 656520 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (46.2%)
InstallShield setup (17.0%)
Win32 Executable MS Visual C++ (generic) (12.3%)
Win64 Executable (generic) (10.9%)
Microsoft Visual C++ compiled executable (generic) (6.5%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2018-06-02 15:38:00 UTC ( 10 months, 2 weeks ago )
Last submission 2018-06-02 15:38:00 UTC ( 10 months, 2 weeks ago )
File names sos.dll
sos.dll
SOS.dll
sos_x86_x86_4.6.26515.07.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!