× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be78a9c28abddff6818b96e41d6854b19cf7152dc8119f7554c12321b83a696b
File name: WAB32res.dll
Detection ratio: 0 / 54
Analysis date: 2014-10-31 13:28:35 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20141031
AegisLab 20141031
Yandex 20141031
AhnLab-V3 20141031
Antiy-AVL 20141031
Avast 20141031
AVG 20141031
Avira (no cloud) 20141031
AVware 20141031
Baidu-International 20141031
BitDefender 20141031
Bkav 20141027
ByteHero 20141031
CAT-QuickHeal 20141031
ClamAV 20141031
CMC 20141031
Comodo 20141031
Cyren 20141031
DrWeb 20141031
Emsisoft 20141031
ESET-NOD32 20141031
F-Prot 20141031
F-Secure 20141031
Fortinet 20141031
GData 20141031
Ikarus 20141031
Jiangmin 20141030
K7AntiVirus 20141031
K7GW 20141031
Kaspersky 20141031
Kingsoft 20141031
Malwarebytes 20141031
McAfee 20141031
McAfee-GW-Edition 20141031
Microsoft 20141031
eScan 20141030
NANO-Antivirus 20141031
Norman 20141031
nProtect 20141031
Qihoo-360 20141031
Rising 20141031
Sophos AV 20141031
SUPERAntiSpyware 20141031
Symantec 20141031
Tencent 20141031
TheHacker 20141028
TotalDefense 20141031
TrendMicro 20141031
TrendMicro-HouseCall 20141031
VBA32 20141031
VIPRE 20141031
ViRobot 20141031
Zillya 20141030
Zoner 20141031
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© ?????????? ?????????? (Microsoft Corp.). ??? ????? ????????.

Publisher Microsoft Corporation
Product ????? Windows Live
Original name WAB32res.dll
Internal name WAB32res.dll
File version 14.0.8050.1202
Description Windows Live Mail
Signature verification Signed file, verified signature
Signing date 7:30 AM 12/3/2008
Signers
[+] Microsoft Corporation
Status Certificate out of its validity period
Issuer None
Valid from 1:23 AM 8/23/2007
Valid to 1:33 AM 2/23/2009
Valid usage Code Signing
Algorithm SHA1
Thumbprint D57FAC60F1A8D34877AEB350E83F46F6EFC9E5F1
Serial number 61 0F 78 4D 00 00 00 00 00 03
[+] Microsoft Code Signing PCA
Status Certificate out of its validity period
Issuer None
Valid from 11:31 PM 8/22/2007
Valid to 8:00 AM 8/25/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Issuer None
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status Certificate out of its validity period
Issuer None
Valid from 2:55 AM 9/16/2006
Valid to 3:05 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint A2D57D63CF331B177BE147088FEABEC7388BE01D
Serial number 61 49 7C ED 00 00 00 00 00 05
[+] Microsoft Timestamping PCA
Status Valid
Issuer None
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer None
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-03 06:15:19
Number of sections 1
PE sections
Number of PE resources by type
RT_STRING 35
RT_BITMAP 13
PNG 9
RT_ICON 8
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 68
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
293888

ImageVersion
6.0

ProductName
Windows Live

FileVersionNumber
14.0.8050.1202

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Windows Live Mail

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
WAB32res.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
14.0.8050.1202

TimeStamp
2008:12:03 07:15:19+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
WAB32res.dll

FileAccessDate
2014:10:31 15:47:39+01:00

ProductVersion
14.0.8050.1202

SubsystemVersion
5.1

OSVersion
6.0

FileCreateDate
2014:10:31 15:47:39+01:00

FileOS
Win32

LegalCopyright
(Microsoft Corp.). .

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
14.0.8050.1202

EntryPoint
0x0000

ObjectFileType
Executable application

File identification
MD5 1b034d7d15c2bda9737c2a6eb1db2831
SHA1 4493c5f4d4d935842fdab29d10ea2caa63478a96
SHA256 be78a9c28abddff6818b96e41d6854b19cf7152dc8119f7554c12321b83a696b
ssdeep
3072:apAZ4Ftr+kSD1W8kwZ+7mnWbKPo/lyrXL3nHT0y0FZrJ/lnWikOj7r8G//:cA0R+kcvkrVP/lyXcrHtH/

authentihash 4eb8a4f8f5bec82ed055abf8091d3156bf4a465c44f3788d61059d6bd75d1184
File size 294.3 KB ( 301384 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2014-10-03 13:04:43 UTC ( 4 years, 6 months ago )
Last submission 2014-10-03 13:04:43 UTC ( 4 years, 6 months ago )
File names vt-upload-pMLqs
wab32res.dll
WAB32res.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!