× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d06b95d33e0bd0078a1a8a83baa6b414dc87ab8c5227eda644c75fb90b423fba
File name: dpclback.dll.D93E5A59_DC16_41F7_9E63_BD32EA94FCE9
Detection ratio: 0 / 57
Analysis date: 2016-10-25 10:31:17 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware 20161025
AegisLab 20161025
AhnLab-V3 20161025
Alibaba 20161025
ALYac 20161025
Antiy-AVL 20161025
Arcabit 20161025
Avast 20161025
AVG 20161024
Avira (no cloud) 20161025
AVware 20161025
Baidu 20161025
BitDefender 20161025
Bkav 20161024
CAT-QuickHeal 20161025
ClamAV 20161025
CMC 20161025
Comodo 20161025
CrowdStrike Falcon (ML) 20160725
Cyren 20161025
DrWeb 20161025
Emsisoft 20161025
ESET-NOD32 20161025
F-Prot 20161025
F-Secure 20161025
Fortinet 20161025
GData 20161025
Ikarus 20161025
Sophos ML 20161018
Jiangmin 20161024
K7AntiVirus 20161025
K7GW 20161025
Kaspersky 20161025
Kingsoft 20161025
Malwarebytes 20161025
McAfee 20161025
McAfee-GW-Edition 20161025
Microsoft 20161025
eScan 20161025
NANO-Antivirus 20161025
nProtect 20161025
Panda 20161024
Qihoo-360 20161025
Rising 20161025
Sophos AV 20161025
SUPERAntiSpyware 20161025
Symantec 20161025
Tencent 20161025
TheHacker 20161025
TotalDefense 20161025
TrendMicro 20161025
TrendMicro-HouseCall 20161025
VBA32 20161024
VIPRE 20161025
ViRobot 20161025
Yandex 20161024
Zillya 20161024
Zoner 20161025
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © DigitalPersona, Inc. 1996-2010

Product HP ProtectTools Security Manager
Original name DPClback.DLL
Internal name DPClback
File version 5.1.1.935
Description DPFPApi Callback functions
Signature verification Signed file, verified signature
Signing date 10:53 PM 12/29/2010
Signers
[+] DigitalPersona
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 4/22/2010
Valid to 12:59 AM 5/23/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B436D1559C7E4A9BE340677042369E5B8B8B3310
Serial number 21 B3 3A AD 43 31 EC 21 2D C4 2B 39 23 64 86 5E
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-29 21:25:36
Entry Point 0x00028F4C
Number of sections 5
PE sections
Overlays
MD5 59347229f37ec2afe2663b54e6621e45
File type data
Offset 305664
Size 5456
Entropy 7.20
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
CryptDestroyKey
MakeSelfRelativeSD
RegCloseKey
CopySid
RegQueryValueExA
GetSecurityDescriptorControl
GetAce
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
GetSecurityInfo
GetAclInformation
RegQueryValueExW
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetSecurityDescriptorGroup
MakeAbsoluteSD
RegOpenKeyExW
CryptContextAddRef
GetSecurityDescriptorOwner
CryptImportKey
RegEnumKeyA
ImpersonateSelf
CryptDuplicateKey
GetTokenInformation
CryptReleaseContext
CryptGetUserKey
IsValidSid
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumKeyExW
CryptGenRandom
OpenThreadToken
RegOpenKeyExA
GetLengthSid
InitializeSid
SetSecurityInfo
CryptDestroyHash
CryptAcquireContextW
RegDeleteValueW
RevertToSelf
RegSetValueExW
SetSecurityDescriptorGroup
GetSidLengthRequired
RegEnumValueW
InitializeSecurityDescriptor
CryptEncrypt
EqualSid
GetSecurityDescriptorSacl
SetThreadToken
AddAce
CryptEncodeObject
CryptDecodeObject
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
GetMailslotInfo
ExitThread
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
CreateMailslotW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
GetVersionExA
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryW
GetProcAddress
GetProcessHeap
lstrcpyW
ResetEvent
GetComputerNameA
FindFirstFileW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
ProcessIdToSessionId
GetCPInfo
HeapSize
GetCommandLineA
CancelIo
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
NetApiBufferAllocate
NetWkstaGetInfo
NetApiBufferFree
VarUI4FromStr
SysStringLen
UnRegisterTypeLib
SysAllocStringLen
RegisterTypeLib
SysAllocString
LoadTypeLib
SysFreeString
RegisterWindowMessageW
PeekMessageW
PostThreadMessageW
GetMessageW
MsgWaitForMultipleObjects
TranslateMessage
CharNextW
DispatchMessageW
UnloadUserProfile
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
OleRun
CoTaskMemFree
StringFromGUID2
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
DigitalPersona

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.1.935

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
DPFPApi Callback functions

CharacterSet
Windows, Latin1

InitializedDataSize
72192

EntryPoint
0x28f4c

OriginalFileName
DPClback.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright DigitalPersona, Inc. 1996-2010

FileVersion
5.1.1.935

TimeStamp
2010:12:29 22:25:36+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
DPClback

ProductVersion
5.1.1.935

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DigitalPersona, Inc.

CodeSize
232448

ProductName
HP ProtectTools Security Manager

ProductVersionNumber
5.1.1.935

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 2c82bd4bd82746ffc55d43d15fcc8f4f
SHA1 567d82e4640deb3a76fb4222ea7e0af381ea330f
SHA256 d06b95d33e0bd0078a1a8a83baa6b414dc87ab8c5227eda644c75fb90b423fba
ssdeep
6144:5+pV2NZG2w+wQHadoSH9IPtg20VBXO3D+HRfl6fgM:0pViZG2w+wQ6RHKPtDWBDRugM

authentihash b3327733cd9012dbc508b11e9c2832a44f4093247f12013d099fd3cd5d14a523
imphash 8c3f366e32782a53b7dc782285b89dc5
File size 303.8 KB ( 311120 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (51.4%)
Windows ActiveX control (29.7%)
Win32 Executable MS Visual C++ (generic) (7.9%)
Win64 Executable (generic) (7.0%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2011-04-15 13:42:17 UTC ( 7 years, 7 months ago )
Last submission 2011-04-15 13:42:17 UTC ( 7 years, 7 months ago )
File names sbs_ve_ambr_20160019212743.230_ 117248
1EFABCDD5005B151BF65041E3CB920007BAA0441.dll
dpclback.dll.D93E5A59_DC16_41F7_9E63_BD32EA94FCE9
DPCLBACK.dll
DPCLBACK.dll
DpClback.dll
sbs_ve_ambr_20150710214354.232_ 67647
DPClback
sbs_ve_ambr_20150805222411.367_ 105669
DPClback.DLL
DPCLBACK.dll
sbs_ve_ambr_20150625212340.209_ 14107
DPCLBACK.dll
DPClback.dll
DPCLBACK.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!