× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a816fd64ab6eb73af1bca3de93be15b36442be155df346dc564720cc46be0ae5
File name: crashhandler
Detection ratio: 1 / 63
Analysis date: 2018-07-03 08:42:32 UTC ( 10 months, 3 weeks ago )
Antivirus Result Update
NANO-Antivirus Trojan.Win32.Agent.cwkazi 20180703
Ad-Aware 20180703
AegisLab 20180703
AhnLab-V3 20180703
ALYac 20180703
Antiy-AVL 20180703
Arcabit 20180703
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
Baidu 20180703
BitDefender 20180703
Bkav 20180703
CAT-QuickHeal 20180702
ClamAV 20180703
CMC 20180702
Comodo 20180703
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180703
DrWeb 20180703
eGambit 20180703
Emsisoft 20180703
Endgame 20180612
ESET-NOD32 20180703
F-Prot 20180703
F-Secure 20180703
Fortinet 20180703
GData 20180703
Ikarus 20180703
Sophos ML 20180601
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180703
Kaspersky 20180703
Kingsoft 20180703
Malwarebytes 20180703
MAX 20180703
McAfee 20180703
McAfee-GW-Edition 20180703
Microsoft 20180703
eScan 20180703
Palo Alto Networks (Known Signatures) 20180703
Panda 20180702
Qihoo-360 20180703
SentinelOne (Static ML) 20180701
Sophos AV 20180703
SUPERAntiSpyware 20180703
Symantec 20180703
TACHYON 20180703
Tencent 20180703
TheHacker 20180628
TotalDefense 20180703
Trustlook 20180703
VBA32 20180629
VIPRE 20180703
ViRobot 20180703
Webroot 20180703
Yandex 20180703
Zillya 20180702
ZoneAlarm by Check Point 20180703
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2010

Product Steam Crash Handler Library
Original name crashhandler.dll
Internal name crashhandler
File version 01.78.87.58
Description Steam Crash Handler Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)
Signature verification Signed file, verified signature
Signing date 9:48 PM 6/6/2013
Signers
[+] Valve
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 9/28/2012
Valid to 12:59 AM 11/24/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint CB84B870FAB19BE50ACFD1663414488852B8934A
Serial number 47 A9 38 ED C7 AE AC 8D C7 1D CB B4 B4 F6 11 F8
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-06 20:47:59
Entry Point 0x00007D5C
Number of sections 5
PE sections
Overlays
MD5 84c9b804e530bcf415a60dc23443ab8b
File type data
Offset 275456
Size 7592
Entropy 7.34
PE imports
GetStdHandle
GetDriveTypeW
WaitForSingleObject
HeapDestroy
DebugBreak
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LoadLibraryExW
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetStringTypeW
GetOEMCP
HeapLock
GetThreadPriority
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
QueryPerformanceFrequency
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetProcessAffinityMask
GetModuleHandleA
InterlockedExchangeAdd
CreateThread
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
OpenThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
CompareStringW
WaitNamedPipeW
HeapValidate
ResetEvent
IsValidLocale
WaitForMultipleObjects
GetUserDefaultLCID
SetEvent
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
TransactNamedPipe
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
GetProcessHeaps
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
HeapUnlock
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
VirtualAlloc
GetModuleBaseNameW
EnumProcessModules
GetWindowThreadProcessId
SetDlgItemInt
GetWindowTextLengthA
GetWindowRect
EndDialog
SetDlgItemTextA
EnumWindows
IsWindowVisible
GetDesktopWindow
CloseClipboard
MessageBoxA
wsprintfA
GetDlgItem
EmptyClipboard
DialogBoxParamA
GetDlgItemInt
SetClipboardData
SetWindowPos
OpenClipboard
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
PE exports
Number of PE resources by type
RT_VERSION 2
SCID 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
67584

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.78.87.58

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

LinkerVersion
10.0

FileDescription
Steam Crash Handler Library (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)

CharacterSet
Unicode

SourceControlID
1788758

EntryPoint
0x7d5c

OriginalFileName
crashhandler.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2010

FileVersion
01.78.87.58

TimeStamp
2013:06:06 21:47:59+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
crashhandler

ProductVersion
01.00.00.01

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Valve Corporation

CodeSize
206848

ProductName
Steam Crash Handler Library

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 bb7b759e9ed35321c934a620dc4bd9b0
SHA1 f9641928a2bf73e152c52221d133710b04c085a5
SHA256 a816fd64ab6eb73af1bca3de93be15b36442be155df346dc564720cc46be0ae5
ssdeep
6144:YVJUefpNC9EJHKEdqqE8XVTi+79nCSfbgcPzsmr94gQ1W:YbUeBNC90KGqt8XVTiuCYbxPYmr94gQQ

authentihash 29bd43dcd70141093d3f9b93c99365b80a64963aa0a49b6a17a0bb00969f7eaa
imphash f00980ffad6862a1e971922a2c834b54
File size 276.4 KB ( 283048 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-06-07 16:23:45 UTC ( 5 years, 11 months ago )
Last submission 2015-07-17 13:41:42 UTC ( 3 years, 10 months ago )
File names bb7b759e9ed35321c934a620dc4bd9b0.PE_
crashhandler
crashhandler.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!