× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a88fc0435f0c808a9f0d5c462a26e55eac6d24c64fb210dabcad9cfc853a56e9
File name: 96728e9b774e43fabf44.dll
Detection ratio: 42 / 57
Analysis date: 2015-08-15 00:25:43 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Adware.BrowseFox.AU 20150815
Yandex Riskware.Agent! 20150814
AhnLab-V3 PUP/Win32.BrowseFox 20150814
ALYac Adware.BrowseFox.AU 20150813
Antiy-AVL GrayWare[AdWare:not-a-virus]/MSIL.Swift 20150815
Arcabit Adware.BrowseFox.AU 20150815
Avast Win32:BrowseFox-Z [PUP] 20150815
AVG AdPlugin.CVI 20150814
Avira (no cloud) ADWARE/BrowseFox.Gen7 20150814
AVware Trojan.Win32.Generic!BT 20150815
Baidu-International Adware.Win32.BrowseFox.N 20150814
BitDefender Adware.BrowseFox.AU 20150815
Bkav W32.HfsAdware.E1B7 20150814
CAT-QuickHeal PUA.XTLS.OD5 20150814
ClamAV Win.Adware.Browsefox-70 20150814
Comodo Application.Win32.AltBrowse.OABP 20150814
Cyren W32/S-4148226b!Eldorado 20150815
DrWeb Trojan.Yontoo.1734 20150815
Emsisoft Adware.BrowseFox.AU (B) 20150815
ESET-NOD32 a variant of Win32/BrowseFox.CB potentially unwanted 20150814
F-Prot W32/S-4148226b!Eldorado 20150815
F-Secure Adware.BrowseFox.AU 20150815
Fortinet Riskware/BrowseFox 20150813
GData Adware.BrowseFox.AU 20150815
Jiangmin AdWare/LinkSwift.yo 20150814
K7AntiVirus Trojan ( 004b51b21 ) 20150814
K7GW Trojan ( 004b51b21 ) 20150814
Malwarebytes PUP.Optional.RightSurf.C 20150814
McAfee BrowseFox 20150815
McAfee-GW-Edition BrowseFox 20150814
eScan Adware.BrowseFox.AU 20150815
NANO-Antivirus Riskware.Win32.BrowseFox.dixxoo 20150814
nProtect Trojan-Clicker/W32.Agent.197360 20150813
Panda Trj/CI.A 20150814
Rising PE:Malware.BrowseFox!6.1AFA 20150812
Sophos AV Generic PUA AP (PUA) 20150815
SUPERAntiSpyware Adware.BrowserFox/Variant 20150815
Symantec SAPE.BrowseFox.17a 20150814
TrendMicro TROJ_GEN.R0C1C0OA415 20150815
VBA32 AdWare.LinkSwift 20150814
VIPRE Trojan.Win32.Generic!BT 20150815
Zillya Backdoor.PePatch.Win32.53581 20150813
AegisLab 20150814
Alibaba 20150814
ByteHero 20150815
CMC 20150814
Ikarus 20150814
Kaspersky 20150815
Kingsoft 20150815
Microsoft 20150815
Qihoo-360 20150815
Tencent 20150815
TheHacker 20150814
TotalDefense 20150815
TrendMicro-HouseCall 20150815
ViRobot 20150815
Zoner 20150815
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher RightSurf
Signature verification Signed file, verified signature
Signing date 7:26 AM 11/28/2014
Signers
[+] RightSurf
Status Valid
Issuer None
Valid from 1:00 AM 11/4/2014
Valid to 12:59 AM 1/4/2016
Valid usage Code Signing
Algorithm SHA1
Thumbprint 952DCB1BC7BF49B0A3BBC09A6115F65BF752EFCF
Serial number 1E 8F 73 6F 9D 4C C7 02 BA D0 40 A6 91 E0 35 3D
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-12 14:40:38
Entry Point 0x000115B2
Number of sections 5
PE sections
Overlays
MD5 ecad85f1c7de53ff648b87586c880784
File type data
Offset 190976
Size 6384
Entropy 7.33
PE imports
GetStdHandle
InterlockedPopEntrySList
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
AccessibleObjectFromWindow
VariantCopy
SysFreeString
VariantInit
VariantClear
SysAllocString
VkKeyScanExW
SetWindowLongW
CallWindowProcW
GetClassInfoExW
UnregisterClassA
LockWindowUpdate
RegisterClassExW
IsWindow
KillTimer
DefWindowProcW
SendInput
LoadCursorW
SetTimer
CreateWindowExW
GetWindowLongW
UnloadKeyboardLayout
GetForegroundWindow
PostMessageW
LoadKeyboardLayoutW
DestroyWindow
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2014:11:12 15:40:38+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
146944

LinkerVersion
10.0

EntryPoint
0x115b2

InitializedDataSize
43008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 0ba3d997a0c04c6f6bf40c44e560857e
SHA1 0ff2779081d1353f5ca751679254b7685c4882ab
SHA256 a88fc0435f0c808a9f0d5c462a26e55eac6d24c64fb210dabcad9cfc853a56e9
ssdeep
6144:9qm/7Z82CAy8+dnjJbyZi7w4VqhJj75Av:9Y2Cq2njJbyZi0CqhJ+v

authentihash 7d3fc985d558e009ffb2ebbf058ffaa88330f4a5dc84b69e3a722fdea298013c
imphash ac3958df10077daa9776fbd403e7ed24
File size 192.7 KB ( 197360 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2015-06-03 08:37:54 UTC ( 2 years, 5 months ago )
Last submission 2015-06-03 08:37:54 UTC ( 2 years, 5 months ago )
File names 96728e9b774e43fabf44.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!