× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8a7da401b3e76f8971c362f38a677cbcdc96f075f8186c9636bb9dc48440326
File name: dpfpapi.dll.D93E5A59_DC16_41F7_9E63_BD32EA94FCE9
Detection ratio: 0 / 56
Analysis date: 2016-10-25 10:31:28 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware 20161025
AegisLab 20161025
AhnLab-V3 20161025
Alibaba 20161025
ALYac 20161025
Antiy-AVL 20161025
Arcabit 20161025
Avast 20161025
AVG 20161024
Avira (no cloud) 20161025
AVware 20161025
Baidu 20161025
BitDefender 20161025
Bkav 20161024
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
CrowdStrike Falcon (ML) 20160725
Cyren 20161025
DrWeb 20161025
Emsisoft 20161025
ESET-NOD32 20161025
F-Prot 20161025
F-Secure 20161025
Fortinet 20161025
GData 20161025
Ikarus 20161025
Sophos ML 20161018
Jiangmin 20161024
K7AntiVirus 20161025
K7GW 20161025
Kaspersky 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
McAfee-GW-Edition 20161025
Microsoft 20161025
eScan 20161025
NANO-Antivirus 20161025
nProtect 20161025
Panda 20161024
Qihoo-360 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Symantec 20161025
Tencent 20161025
TheHacker 20161025
TotalDefense 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161024
VIPRE 20161025
ViRobot 20161025
Yandex 20161024
Zillya 20161024
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © DigitalPersona, Inc. 1996-2010

Product HP ProtectTools Security Manager
Original name DPFPApi.DLL
Internal name DPFPApi
File version 5.1.1.935
Description DPFPApi functions
Signature verification Signed file, verified signature
Signing date 10:54 PM 12/29/2010
Signers
[+] DigitalPersona
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 4/22/2010
Valid to 12:59 AM 5/23/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B436D1559C7E4A9BE340677042369E5B8B8B3310
Serial number 21 B3 3A AD 43 31 EC 21 2D C4 2B 39 23 64 86 5E
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-29 21:26:36
Entry Point 0x00044767
Number of sections 5
PE sections
Overlays
MD5 ce39006b9f6cc57ac4ea2afdcecf5f42
File type data
Offset 489984
Size 5456
Entropy 7.20
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
RegQueryValueExA
InitializeAcl
RegDeleteKeyW
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSidToSidW
RegOpenKeyExW
ConvertSidToStringSidW
RegEnumKeyA
RegQueryInfoKeyW
GetTokenInformation
IsValidSid
ImpersonateSelf
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
RegOpenKeyExA
GetLengthSid
InitializeSid
SetSecurityInfo
RegEnumValueW
RevertToSelf
RegSetValueExW
GetSidLengthRequired
CheckTokenMembership
EqualSid
AddAce
CryptEncodeObject
CryptDecodeObject
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
RegisterWaitForSingleObject
GetSystemDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryW
GetProcAddress
GetProcessHeap
lstrcpyW
GetModuleHandleA
ResetEvent
GetComputerNameA
FindFirstFileW
DuplicateHandle
GlobalLock
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
UnregisterWaitEx
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
UnregisterWait
GetCurrentProcessId
ProcessIdToSessionId
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
NetUserGetInfo
NetApiBufferFree
VarUI4FromStr
SysStringLen
UnRegisterTypeLib
SysAllocStringLen
RegisterTypeLib
SysAllocString
SysStringByteLen
LoadTypeLib
SysFreeString
RpcRevertToSelf
RpcImpersonateClient
RpcMgmtIsServerListening
RpcStringBindingComposeW
RpcEpRegisterW
RpcBindingFree
RpcServerRegisterIf
RpcServerInqBindings
RpcStringFreeW
RpcServerUnregisterIf
NdrServerCall2
RpcBindingSetAuthInfoW
NdrClientCall2
RpcMgmtWaitServerListen
RpcServerUseProtseqEpW
RpcEpUnregister
RpcServerUseProtseqW
RpcMgmtStopServerListening
RpcServerListen
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingVectorFree
PathRenameExtensionW
GetWindowThreadProcessId
GetUserObjectInformationW
PeekMessageW
SendMessageW
GetAncestor
GetForegroundWindow
IsWindow
CloseDesktop
GetGUIThreadInfo
FindWindowExW
EnumChildWindows
GetWindowInfo
SetThreadDesktop
OpenInputDesktop
CharNextW
GetThreadDesktop
UnloadUserProfile
CreateStreamOnHGlobal
CoTaskMemAlloc
GetHGlobalFromStream
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
CoGetStandardMarshal
OleRun
CoTaskMemFree
StringFromGUID2
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
CodeSize
369664

FileDescription
DPFPApi functions

InitializedDataSize
119296

ImageVersion
0.0

ProductName
HP ProtectTools Security Manager

FileVersionNumber
5.1.1.935

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
dll

OriginalFileName
DPFPApi.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.1.935

TimeStamp
2010:12:29 22:26:36+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DPFPApi

SubsystemVersion
5.0

ProductVersion
5.1.1.935

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright DigitalPersona, Inc. 1996-2010

MachineType
Intel 386 or later, and compatibles

CompanyName
DigitalPersona, Inc.

LegalTrademarks
DigitalPersona

FileSubtype
0

ProductVersionNumber
5.1.1.935

EntryPoint
0x44767

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 99811f403b405822474cff7a158cb3de
SHA1 fdee26d4f69711843d4eb11167d7ab77180684b3
SHA256 b8a7da401b3e76f8971c362f38a677cbcdc96f075f8186c9636bb9dc48440326
ssdeep
6144:SZENMdsK+5BLFsfttUUSVCJvzeIvx35z5SNfIdwEzQFpaDk02Y:SZpi5YDUrVmvzPvx35z58fIJaY

authentihash 117c9435415c57f3c0f90fd590447299156e15f2aee596be46862f6dc3e7f0e5
imphash 4768b366479a0025323a1b8c7695a71f
File size 483.8 KB ( 495440 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.4%)
Windows ActiveX control (29.7%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2011-04-15 13:41:42 UTC ( 7 years, 7 months ago )
Last submission 2011-04-15 13:41:42 UTC ( 7 years, 7 months ago )
File names DPFPApi.DLL
DPFPApi.DLL
DPFPApi.dll
sbs_ve_ambr_20151105204911.232_ 67262
sbs_ve_ambr_20150625212339.928_ 14098
DPFPApi.dll
AF2E2F3650F7B4078FB50739D5A5BA008619004E.dll
sbs_ve_ambr_20150805222411.087_ 105660
sbs_ve_ambr_20150710214353.935_ 67638
sbs_ve_ambr_20151128212705.038_ 19266
DPFPApi
sbs_ve_ambr_20150816222033.889_ 27595
dpfpapi.dll.D93E5A59_DC16_41F7_9E63_BD32EA94FCE9
sbs_ve_ambr_20150810215747.225_ 82631
sbs_ve_ambr_20160025213635.789_ 23160
DPFPApi.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!