× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd5175a69cfc1949ecfe7216ca484e160f779f6dbeda6c6210268e734def0fae
File name: ekrnSmon.dll
Detection ratio: 0 / 55
Analysis date: 2015-01-12 22:25:40 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20150124
Yandex 20150124
AhnLab-V3 20150124
Alibaba 20150120
ALYac 20150124
Antiy-AVL 20150124
Avast 20150124
AVG 20150124
Avira (no cloud) 20150124
AVware 20150124
Baidu-International 20150124
BitDefender 20150124
Bkav 20150124
ByteHero 20150124
CAT-QuickHeal 20150124
ClamAV 20150124
CMC 20150124
Comodo 20150124
Cyren 20150124
DrWeb 20150124
Emsisoft 20150124
ESET-NOD32 20150124
F-Prot 20150124
F-Secure 20150124
Fortinet 20150124
GData 20150124
Ikarus 20150124
Jiangmin 20150124
K7AntiVirus 20150124
Kaspersky 20150124
Kingsoft 20150124
Malwarebytes 20150124
McAfee 20150124
McAfee-GW-Edition 20150124
Microsoft 20150124
eScan 20150124
NANO-Antivirus 20150124
Norman 20150123
nProtect 20150123
Panda 20150124
Qihoo-360 20150124
Rising 20150123
Sophos AV 20150124
SUPERAntiSpyware 20150124
Symantec 20150124
Tencent 20150124
TheHacker 20150123
TotalDefense 20150124
TrendMicro 20150124
TrendMicro-HouseCall 20150124
VBA32 20150123
VIPRE 20150124
ViRobot 20150124
Zillya 20150124
Zoner 20150123
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) ESET, spol. s r.o. 1992-2013. All rights reserved.

Publisher ESET
Product ESET Smart Security
Original name ekrnSmonLang.dll
Internal name ekrnSmonLang.dll
File version 6.0.308.0
Description ESET Antispam Service
Signature verification Signed file, verified signature
Signing date 1:09 PM 12/21/2012
Signers
[+] ESET
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/6/2010
Valid to 12:59 AM 6/13/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 11D4DADFAE3C289DC80C48991F7D67570A7063EE
Serial number 4C 61 AD DA E2 E6 A4 FC 5E 52 A2 F8 CD 38 E3 83
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer None
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 12/3/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 23C4271D605CB2787A3A85D90282852D7B6B9981
Serial number 22 D8 78 BD 5F 56 04 31 89 22 60 A2 E8 8C D3 50
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-21 12:00:56
Entry Point 0x0002B57E
Number of sections 5
PE sections
PE imports
GetTokenInformation
DuplicateTokenEx
RegDeleteValueW
RevertToSelf
OpenProcessToken
IsValidSid
FreeSid
DuplicateToken
RegEnumKeyExW
AllocateAndInitializeSid
OpenThreadToken
EqualSid
RegEnumKeyW
RegDeleteKeyW
GetLengthSid
SetThreadToken
GetLastError
EnterCriticalSection
GetShortPathNameW
GetSystemInfo
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
FindNextFileW
DisableThreadLibraryCalls
VirtualProtect
FlushFileBuffers
GetFileAttributesW
lstrlenW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetFileSize
OpenProcess
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
GetFullPathNameW
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
ResetEvent
GetSystemTimeAsFileTime
FindFirstFileW
WaitForMultipleObjects
SetEvent
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualFree
FindClose
Sleep
MoveFileW
SetEndOfFile
GetTickCount
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
strncmp
_wfindfirst64i32
malloc
strncpy_s
strcat_s
realloc
??_U@YAPAXI@Z
_wcsnicmp
_time64
__dllonexit
_stricmp
wcsncpy_s
swprintf_s
memset
toupper
wcscpy_s
towupper
__clean_type_info_names_internal
strchr
?terminate@@YAXXZ
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy_s
_wfindnext64i32
??2@YAPAXI@Z
_lock
qsort
_itoa_s
_wcsicmp
_onexit
_findclose
_amsg_exit
_encode_pointer
??_V@YAXPAX@Z
strcpy_s
_decode_pointer
wcsrchr
towlower
_adjust_fdiv
_strnicmp
_CxxThrowException
tolower
memmove_s
_unlock
wcschr
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
atoi
wcsncmp
_wrename
_purecall
memcpy
_wstat64i32
wcscat_s
strstr
_wremove
memmove
_vsnwprintf_s
_errno
_localtime64_s
_malloc_crt
_vsnprintf_s
_encoded_null
__CppXcptFilter
wcsstr
_initterm
SHGetMalloc
SHGetDesktopFolder
PeekMessageW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PE exports
Number of PE resources by type
RT_STRING 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
LegalTrademarks
NOD, NOD32, AMON, ESET are registered trademarks of ESET.

FileDescription
ESET Antispam Service

InitializedDataSize
69632

ImageVersion
0.0

ProductName
ESET Smart Security

FileVersionNumber
6.0.308.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
8.0

OriginalFilename
ekrnSmonLang.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.0.308.0

TimeStamp
2012:12:21 13:00:56+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ekrnSmonLang.dll

SubsystemVersion
4.0

FileAccessDate
2015:01:24 22:48:52+01:00

ProductVersion
6.0.308.0

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2015:01:24 22:48:52+01:00

FileOS
Win32

LegalCopyright
Copyright (c) ESET, spol. s r.o. 1992-2013. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
ESET

CodeSize
184320

FileSubtype
0

ProductVersionNumber
6.0.308.0

EntryPoint
0x2b57e

ObjectFileType
Executable application

File identification
MD5 b3b0d112a494c4dc5f7d9f828105e79d
SHA1 2d4e9a725a6728a137d4e7a7fff57394da14d26e
SHA256 bd5175a69cfc1949ecfe7216ca484e160f779f6dbeda6c6210268e734def0fae
ssdeep
6144:LmNvISJxI08BsHuiMVTfs97xhiH+jvqOg5ABrK:YvISE5NiMNspxOuvxBrK

authentihash 31b15dbb670d754064f6a540ad6bb81e0b070f49804b64227a05597a94686907
imphash 15f3643960d027eeedfe9694fd00024e
File size 260.1 KB ( 266344 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2014-12-29 20:20:21 UTC ( 3 years, 7 months ago )
Last submission 2014-12-29 20:20:21 UTC ( 3 years, 7 months ago )
File names ekrnSmonLang.dll
ekrnSmon.dll
ekrnSmon.dll
ekrnSmon.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!