× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae6e566cdaa95729fa6d6b1de3fdfd942cfe2929354ea0bccb60f9672bfa9bf0
File name: DWRCSh
Detection ratio: 0 / 66
Analysis date: 2018-07-16 00:03:26 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180715
AegisLab 20180715
AhnLab-V3 20180715
Alibaba 20180713
ALYac 20180715
Antiy-AVL 20180716
Arcabit 20180716
Avast 20180716
Avast-Mobile 20180715
AVG 20180715
Avira (no cloud) 20180715
AVware 20180715
Babable 20180406
Baidu 20180712
BitDefender 20180715
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180715
CMC 20180714
Comodo 20180715
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180716
Cyren 20180715
DrWeb 20180715
eGambit 20180716
Emsisoft 20180715
Endgame 20180711
ESET-NOD32 20180715
F-Prot 20180715
F-Secure 20180715
Fortinet 20180715
GData 20180715
Ikarus 20180715
Sophos ML 20180601
Jiangmin 20180715
K7AntiVirus 20180715
K7GW 20180715
Kaspersky 20180715
Kingsoft 20180716
Malwarebytes 20180715
MAX 20180716
McAfee 20180715
McAfee-GW-Edition 20180715
Microsoft 20180716
eScan 20180715
NANO-Antivirus 20180715
Palo Alto Networks (Known Signatures) 20180716
Panda 20180715
Qihoo-360 20180716
Rising 20180716
SentinelOne (Static ML) 20180701
Sophos AV 20180715
SUPERAntiSpyware 20180715
Symantec 20180715
TACHYON 20180715
Tencent 20180716
TheHacker 20180712
TotalDefense 20180715
TrendMicro 20180716
TrendMicro-HouseCall 20180716
Trustlook 20180716
VBA32 20180713
VIPRE 20180715
ViRobot 20180715
Webroot 20180716
Yandex 20180713
ZoneAlarm by Check Point 20180716
Zoner 20180715
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1991-2011 DameWare Development LLC

Product DameWare Development DWRCSh
Original name DWRCSh.dll
Internal name DWRCSh
File version 7, 5, 2, 0
Description Shell interface for DameWare Mini Remote Control Application
Comments www.dameware.com
Signature verification Signed file, verified signature
Signing date 10:03 PM 4/4/2011
Signers
[+] DameWare Development, LLC.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 8/12/2008
Valid to 12:59 AM 9/25/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 00A06677C45C1ECBA24CCC060176ED5CA93274A1
Serial number 75 F6 AA 86 C6 21 CE 34 2E 70 76 E3 E2 25 24 3E
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-04 20:36:28
Entry Point 0x00004059
Number of sections 5
PE sections
Overlays
MD5 2453c3ab6c615fbdf208a795f6517fe3
File type data
Offset 96256
Size 5504
Entropy 7.22
PE imports
RegCloseKey
SetBrushOrgEx
DeleteDC
SelectObject
CreateCompatibleBitmap
SetStretchBltMode
CreateCompatibleDC
StretchBlt
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
lstrlenA
GetFileAttributesA
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetOEMCP
GlobalUnlock
GetFileAttributesW
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
InterlockedDecrement
HeapSize
GetCommandLineA
GlobalLock
TlsFree
GetStartupInfoA
GetFileTime
RaiseException
GetStringTypeA
GetModuleHandleA
lstrcmpA
GetCurrentProcessId
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CompareStringA
GetSystemTimeAsFileTime
lstrcpynA
GetACP
HeapReAlloc
GetCurrentThreadId
SetEvent
LocalFree
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
CreateFileW
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
CloseHandle
EmptyClipboard
GetSystemMetrics
IsWindow
DestroyIcon
ReleaseDC
FillRect
SetMenuItemBitmaps
CharLowerA
DrawIconEx
GetSysColorBrush
GetDesktopWindow
GetDC
CloseClipboard
CharUpperA
SetClipboardData
DeleteMenu
OpenClipboard
StringFromIID
CoInitialize
CoGetMalloc
PE exports
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
FileDescription
Shell interface for DameWare Mini Remote Control Application

Comments
www.dameware.com

InitializedDataSize
52224

ImageVersion
0.0

ProductName
DameWare Development DWRCSh

FileVersionNumber
7.5.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
dll

OriginalFileName
DWRCSh.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7, 5, 2, 0

TimeStamp
2011:04:04 21:36:28+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DWRCSh

SubsystemVersion
4.0

ProductVersion
7, 5, 2, 0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1991-2011 DameWare Development LLC

MachineType
Intel 386 or later, and compatibles

CompanyName
DameWare Development LLC

CodeSize
43008

FileSubtype
0

ProductVersionNumber
7.5.2.0

EntryPoint
0x4059

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7f870e96aa37147951259511bdf3151b
SHA1 cd4fd125274d0a13b661c099971d1bfc040e858a
SHA256 ae6e566cdaa95729fa6d6b1de3fdfd942cfe2929354ea0bccb60f9672bfa9bf0
ssdeep
1536:ZKgnx/nG3675J2tzqF5opCc0CLnJuJMOFioPnE0Yk4tbgTCH:tnx/nA0X2V0CLnJ2DIr0Yk4tUa

authentihash d4af4adf10753ce33de5ca1ca5c77d354dfd72479ab6b1d51656a3e32c4a09aa
imphash 97758057ce2008ffcf30e0b620dc986a
File size 99.4 KB ( 101760 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.1%)
Windows ActiveX control (29.5%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2011-04-06 09:10:39 UTC ( 7 years, 11 months ago )
Last submission 2012-10-30 19:27:53 UTC ( 6 years, 4 months ago )
File names DWRCSh
vt-upload-9c_loK
E8C7499E80158FE78D6D01C5BDEA7300D0773884.dll
DWRCSh.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!