× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8186a66bea39442d0e3ff2d900af9bb35e73bf8c22748c8a447e93f21a7b7fe
File name: ogg.dll
Detection ratio: 0 / 58
Analysis date: 2017-01-15 03:06:04 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20170115
AegisLab 20170114
AhnLab-V3 20170114
Alibaba 20170113
ALYac 20170115
Antiy-AVL 20170115
Arcabit 20170115
Avast 20170115
AVG 20170115
Avira (no cloud) 20170114
AVware 20170115
Baidu 20170113
BitDefender 20170115
Bkav 20170114
CAT-QuickHeal 20170114
ClamAV 20170115
CMC 20170114
Comodo 20170115
CrowdStrike Falcon (ML) 20161024
Cyren 20170115
DrWeb 20170115
Emsisoft 20170115
ESET-NOD32 20170115
F-Prot 20170115
F-Secure 20170115
Fortinet 20170115
GData 20170115
Ikarus 20170114
Sophos ML 20170111
Jiangmin 20170115
K7AntiVirus 20170115
K7GW 20170115
Kaspersky 20170115
Kingsoft 20170115
Malwarebytes 20170115
McAfee 20170108
McAfee-GW-Edition 20170115
Microsoft 20170115
eScan 20170115
NANO-Antivirus 20170115
nProtect 20170115
Panda 20170114
Qihoo-360 20170115
Rising 20170115
Sophos AV 20170115
SUPERAntiSpyware 20170115
Symantec 20170114
Tencent 20170115
TheHacker 20170114
TotalDefense 20170114
TrendMicro 20170115
TrendMicro-HouseCall 20170115
Trustlook 20170115
VBA32 20170113
VIPRE 20170115
ViRobot 20170114
WhiteArmor 20170113
Yandex 20170114
Zillya 20170113
Zoner 20170115
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:23 AM 12/27/2011
Signers
[+] ABBYY SOLUTIONS LIMITED
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 3/30/2009
Valid to 12:59 AM 3/30/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 998A850650A3B80BBC0DBC220E3F1B36F42B59BC
Serial number 3F F7 51 C4 F9 F1 4B 49 11 FA 2C 5F EC 00 83 C9
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-27 10:22:49
Entry Point 0x000035E8
Number of sections 5
PE sections
Overlays
MD5 1466ad664bfc1819261e0f6f1e665301
File type data
Offset 96768
Size 5384
Entropy 7.22
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
GetUserDefaultLCID
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
GetTimeZoneInformation
CompareStringW
CompareStringA
WideCharToMultiByte
TlsFree
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
IsDebuggerPresent
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:12:27 11:22:49+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
74752

LinkerVersion
9.0

FileTypeExtension
dll

InitializedDataSize
20992

SubsystemVersion
5.0

EntryPoint
0x35e8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d00f49f5a4aaf7496d95c45b3553474f
SHA1 2e9b717863892ac309d3806efc5dcf2692308aec
SHA256 b8186a66bea39442d0e3ff2d900af9bb35e73bf8c22748c8a447e93f21a7b7fe
ssdeep
1536:D8m7cSY3Pl5r4Sl72sKRE8Jifl27ztKfqe0SBKkR5tbCk:D8bdOSmJi0hmrBKkR5t7

authentihash aff08aaeb9ae94474dd29760b876d13ac9d6236002d6a0e7aedf3227a02fd045
imphash cff905b4bc0db0c926801ef27d58ba41
File size 99.8 KB ( 102152 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2016-12-18 01:51:24 UTC ( 2 years, 5 months ago )
Last submission 2016-12-18 01:51:24 UTC ( 2 years, 5 months ago )
File names ogg.dll
ogg.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!