× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd34e9b647195403ea3399d51d4fe483885e321a17ec8da11a4f458266b861ba
File name: FencesMenu.dll
Detection ratio: 0 / 56
Analysis date: 2016-04-10 22:49:30 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20160410
AegisLab 20160410
AhnLab-V3 20160410
Alibaba 20160408
ALYac 20160410
Antiy-AVL 20160410
Arcabit 20160410
Avast 20160410
AVG 20160410
Avira (no cloud) 20160410
AVware 20160410
Baidu 20160409
Baidu-International 20160410
BitDefender 20160410
Bkav 20160409
CAT-QuickHeal 20160409
ClamAV 20160408
CMC 20160408
Comodo 20160410
Cyren 20160410
DrWeb 20160410
Emsisoft 20160410
ESET-NOD32 20160410
F-Prot 20160410
F-Secure 20160410
Fortinet 20160404
GData 20160410
Ikarus 20160410
Jiangmin 20160410
K7AntiVirus 20160410
K7GW 20160404
Kaspersky 20160410
Kingsoft 20160410
Malwarebytes 20160410
McAfee 20160409
McAfee-GW-Edition 20160410
Microsoft 20160410
eScan 20160410
NANO-Antivirus 20160410
nProtect 20160408
Panda 20160410
Qihoo-360 20160410
Rising 20160410
Sophos AV 20160410
SUPERAntiSpyware 20160410
Symantec 20160410
Tencent 20160410
TheHacker 20160409
TrendMicro 20160410
TrendMicro-HouseCall 20160410
VBA32 20160410
VIPRE 20160410
ViRobot 20160410
Yandex 20160410
Zillya 20160409
Zoner 20160410
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2008-2012 Stardock Corporation

Product Fences
Original name FencesMenu.dll
Internal name Fences
File version 2.0.1.0
Description Stardock Fences Shell Extension
Signature verification Signed file, verified signature
Signing date 9:31 PM 10/29/2012
Signers
[+] Stardock Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 10/4/2011
Valid to 12:59 AM 10/4/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 83FCEC08891B6A993D1133609EB65C932412B093
Serial number 4C 2D A3 0D 1E 21 04 59 D4 C5 F5 7B BB 91 96 4E
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-29 20:31:26
Entry Point 0x00014F2C
Number of sections 6
PE sections
Overlays
MD5 4a529bd1ca8a5f94047b5293a0df392b
File type data
Offset 471040
Size 7896
Entropy 7.38
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
CreateDIBSection
GetStockObject
GetStdHandle
WaitForSingleObject
HeapDestroy
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
InterlockedDecrement
GlobalFindAtomW
OutputDebugStringW
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetProcessWorkingSetSize
EnumSystemLocalesA
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
GlobalAddAtomW
CreateThread
CreateSemaphoreW
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GlobalSize
LeaveCriticalSection
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
lstrcpynW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
Sleep
SetConsoleCtrlHandler
LoadRegTypeLib
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
SysAllocString
LoadTypeLib
SysFreeString
VarUI4FromStr
SHGetPathFromIDListW
Ord(196)
Ord(256)
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetMalloc
PathFileExistsW
StrStrIW
PathFindExtensionW
PathIsDirectoryW
RegisterWindowMessageW
GetParent
ReleaseDC
GetPropW
DefWindowProcW
FindWindowW
KillTimer
GetMessageW
ShowWindow
SetPropW
GetWindowThreadProcessId
SetWindowLongW
IsWindow
RegisterClassExW
UnhookWindowsHookEx
WindowFromPoint
SetWindowPos
TranslateMessage
GetWindow
PostMessageW
RegisterClipboardFormatW
GetDC
GetWindowLongW
GetCursorPos
wvsprintfW
SendMessageW
wsprintfW
UnregisterClassW
GetClientRect
DispatchMessageW
CallNextHookEx
SetTimer
GetClassNameW
SetWindowsHookExW
LoadCursorW
SendMessageTimeoutW
CreateWindowExW
InsertMenuItemW
CharNextW
GetAncestor
DestroyWindow
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipBitmapUnlockBits
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCloneImage
GdipBitmapLockBits
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
PE exports
Number of PE resources by type
RT_ICON 5
REGISTRY 2
RT_MANIFEST 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
257024

EntryPoint
0x14f2c

OriginalFileName
FencesMenu.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008-2012 Stardock Corporation

FileVersion
2.0.1.0

TimeStamp
2012:10:29 21:31:26+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Fences

ProductVersion
2.0.1.0

FileDescription
Stardock Fences Shell Extension

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Stardock

CodeSize
212992

ProductName
Fences

ProductVersionNumber
2.0.1.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 1eafe5aa9ac485bd5c178a89cf9afa11
SHA1 3e720a69778d66593eaa2e94b60423af0908330d
SHA256 cd34e9b647195403ea3399d51d4fe483885e321a17ec8da11a4f458266b861ba
ssdeep
12288:BqVWpgJs534EqYK7EC7cWMJTIAAemqbcpF1PrV:npguRK7zfMJ9AMuF1Z

authentihash 7335b48d7710b71bb4450cacf1627f0bc030b785464c2a4c3642b175c545cbbe
imphash c20ad3abf291667c4b16ccfc9a699d41
File size 467.7 KB ( 478936 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (55.3%)
Windows ActiveX control (31.9%)
Win32 Executable MS Visual C++ (generic) (8.5%)
Win32 Dynamic Link Library (generic) (1.8%)
Win32 Executable (generic) (1.2%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2013-01-10 14:25:17 UTC ( 6 years ago )
Last submission 2016-04-10 22:49:30 UTC ( 2 years, 9 months ago )
File names f889e250-sample
fencesmenu.dll
fencesmenu.dll
FencesMenu.dll
FencesMenu.dll
fencesmenu.tbd
vt-upload-dcgDRS
fencesmenu.dll
fencesmenu.dll
FencesMenu.dll
f889e250-sample
Fences
FencesMenu.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!