× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bccbbeec54cea2e37d4a4a06885222583f47314c42271624618397d6b4a1b943
File name: ekrnAmon.dll
Detection ratio: 0 / 52
Analysis date: 2014-05-06 06:33:22 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20140506
AegisLab 20140506
Yandex 20140505
AhnLab-V3 20140505
AntiVir 20140506
Antiy-AVL 20140506
Avast 20140506
AVG 20140506
Baidu-International 20140505
BitDefender 20140506
Bkav 20140505
ByteHero 20140506
CAT-QuickHeal 20140506
ClamAV 20140506
CMC 20140429
Commtouch 20140506
Comodo 20140506
DrWeb 20140506
Emsisoft 20140506
ESET-NOD32 20140505
F-Prot 20140506
F-Secure 20140506
Fortinet 20140506
GData 20140506
Ikarus 20140506
Jiangmin 20140506
K7AntiVirus 20140505
K7GW 20140505
Kaspersky 20140506
Kingsoft 20140506
Malwarebytes 20140506
McAfee 20140506
McAfee-GW-Edition 20140505
Microsoft 20140505
eScan 20140506
NANO-Antivirus 20140506
Norman 20140505
nProtect 20140504
Panda 20140505
Qihoo-360 20140506
Rising 20140505
Sophos AV 20140506
SUPERAntiSpyware 20140505
Symantec 20140506
TheHacker 20140504
TotalDefense 20140505
TrendMicro 20140506
TrendMicro-HouseCall 20140506
VBA32 20140505
VIPRE 20140506
ViRobot 20140506
Zillya 20140505
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) ESET, spol. s r.o. 1992-2013. All rights reserved.

Publisher ESET
Product ESET Smart Security
Original name ekrnAmon.dll
Internal name ekrnAmon.dll
File version 6.0.308.0
Description ESET Amon Service
Signature verification Signed file, verified signature
Signing date 1:08 PM 12/21/2012
Signers
[+] ESET
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/6/2010
Valid to 12:59 AM 6/13/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 11D4DADFAE3C289DC80C48991F7D67570A7063EE
Serial number 4C 61 AD DA E2 E6 A4 FC 5E 52 A2 F8 CD 38 E3 83
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer None
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 12/3/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 23C4271D605CB2787A3A85D90282852D7B6B9981
Serial number 22 D8 78 BD 5F 56 04 31 89 22 60 A2 E8 8C D3 50
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-21 12:02:49
Entry Point 0x00029EE0
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorOwner
CopySid
AccessCheck
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
SetSecurityDescriptorDacl
GetSidSubAuthority
OpenProcessToken
GetSecurityDescriptorGroup
DuplicateToken
RegEnumKeyW
GetSecurityDescriptorOwner
GetTokenInformation
DuplicateTokenEx
GetSecurityDescriptorDacl
RegEnumKeyExW
OpenThreadToken
GetLengthSid
InitializeSid
RegDeleteValueW
RevertToSelf
StartServiceW
QueryServiceConfigW
FreeSid
GetSidLengthRequired
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetThreadToken
SetSecurityDescriptorGroup
GetLastError
DisableThreadLibraryCalls
EnterCriticalSection
SuspendThread
TerminateThread
LoadLibraryW
WaitForSingleObject
FindResourceW
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
HeapDestroy
GetTickCount
GetThreadLocale
VirtualProtect
GetVersionExA
GetFileAttributesW
DuplicateHandle
HeapFree
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
SizeofResource
SetThreadPriority
GetCurrentProcessId
GetVolumeInformationW
lstrlenW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
QueryDosDeviceW
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
lstrcpynW
RaiseException
ReleaseSemaphore
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
GetFullPathNameW
LeaveCriticalSection
InterlockedExchange
CreateSemaphoreW
WriteFile
ResetEvent
GetSystemTimeAsFileTime
GetACP
GetVersionExW
WaitForMultipleObjects
SetEvent
LocalFree
TerminateProcess
SetUnhandledExceptionFilter
LockResource
InitializeCriticalSection
LoadResource
FindResourceExW
VirtualQuery
VirtualFree
GetLogicalDriveStringsW
InterlockedDecrement
Sleep
SetEndOfFile
GetLocaleInfoA
HeapAlloc
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
_purecall
rand
malloc
strncpy_s
realloc
srand
_wcsnicmp
_time64
__dllonexit
_snwprintf
?terminate@@YAXXZ
wcsncpy_s
swprintf_s
memset
swscanf_s
_invalid_parameter_noinfo
towupper
__clean_type_info_names_internal
_amsg_exit
_crt_debugger_hook
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
clock
??2@YAPAXI@Z
_lock
qsort
_onexit
_encode_pointer
wcscat_s
_initterm
_wcsupr_s
strcpy_s
_decode_pointer
wcsrchr
??_V@YAXPAX@Z
_adjust_fdiv
_wcsicmp
memmove_s
_unlock
wcschr
_malloc_crt
??3@YAXPAX@Z
free
wcscpy_s
memcpy_s
_CxxThrowException
wcsncmp
calloc
memcpy
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
_wtoi64
??1exception@std@@UAE@XZ
memmove
_vsnwprintf_s
__CxxFrameHandler3
_except_handler4_common
_itow_s
_vscwprintf
_encoded_null
__CppXcptFilter
wcsstr
??0exception@std@@QAE@XZ
_snwprintf_s
_wtoi
SetupDiGetDeviceInstanceIdW
SHGetMalloc
SHGetDesktopFolder
LoadStringW
wsprintfW
UnregisterClassA
CoCreateGuid
PE exports
Number of PE resources by type
RT_DIALOG 10
RT_STRING 10
RT_ICON 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
NEUTRAL 4
PE resources
ExifTool file metadata
CodeSize
180224

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.308.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ESET Amon Service

CharacterSet
Windows, Latin1

InitializedDataSize
81920

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) ESET, spol. s r.o. 1992-2013. All rights reserved.

FileVersion
6.0.308.0

TimeStamp
2012:12:21 13:02:49+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ekrnAmon.dll

FileAccessDate
2014:05:06 07:31:28+01:00

ProductVersion
6.0.308.0

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:05:06 07:31:28+01:00

OriginalFilename
ekrnAmon.dll

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ESET

LegalTrademarks
NOD, NOD32, AMON, ESET are registered trademarks of ESET.

ProductName
ESET Smart Security

ProductVersionNumber
6.0.308.0

EntryPoint
0x29ee0

ObjectFileType
Executable application

File identification
MD5 c255a2fb70315f8f5fd562e7ecd4c8f2
SHA1 d5b4f38e4e5c4633f756dab316f003a71ea3b70e
SHA256 bccbbeec54cea2e37d4a4a06885222583f47314c42271624618397d6b4a1b943
ssdeep
6144:/SEtLu0Ke/FKQNePSqw9exI3sIclLO+OgoRdkoih:/XLu099KMePSqu8I3spLOLWh

imphash a4a71e6176348c622c8f95cd430bbab1
File size 268.1 KB ( 274584 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
pedll signed

VirusTotal metadata
First submission 2014-05-06 06:33:22 UTC ( 4 years, 3 months ago )
Last submission 2014-05-06 06:33:22 UTC ( 4 years, 3 months ago )
File names ekrnAmon.dll
ekrnAmon.dll
ekrnAmon.dll
ekrnAmon.dll
ekrnAmon.dll
ekrnAmon.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!