× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d14d9770ba084c9878cba7b973f37861b5c36f3f415150253f34fc39e9102e20
File name: Microsoft.Win32.Primitives.dll
Detection ratio: 0 / 69
Analysis date: 2019-01-02 08:47:21 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Acronis 20181227
Ad-Aware 20190102
AegisLab 20190102
Alibaba 20180921
ALYac 20190102
Antiy-AVL 20190102
Arcabit 20190102
Avast 20190102
Avast-Mobile 20190101
AVG 20190102
Avira (no cloud) 20190101
Babable 20180918
Baidu 20181207
BitDefender 20190102
Bkav 20190102
CAT-QuickHeal 20190101
ClamAV 20190102
CMC 20190101
Comodo 20190102
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190102
Cyren 20190102
DrWeb 20190102
eGambit 20190102
Emsisoft 20190102
Endgame 20181108
ESET-NOD32 20190101
F-Prot 20190102
F-Secure 20190102
Fortinet 20190102
GData 20190102
Ikarus 20190101
Sophos ML 20181128
Jiangmin 20190102
K7AntiVirus 20190102
K7GW 20190102
Kaspersky 20190102
Kingsoft 20190102
Malwarebytes 20190102
MAX 20190102
McAfee 20190102
McAfee-GW-Edition 20190101
Microsoft 20190101
eScan 20190102
NANO-Antivirus 20190102
Palo Alto Networks (Known Signatures) 20190102
Panda 20190101
Qihoo-360 20190102
Rising 20190102
SentinelOne (Static ML) 20181223
Sophos AV 20190102
SUPERAntiSpyware 20181226
Symantec 20190101
TACHYON 20190102
Tencent 20190102
TheHacker 20181230
TotalDefense 20190101
Trapmine 20181205
TrendMicro 20190102
TrendMicro-HouseCall 20190102
Trustlook 20190102
VBA32 20181229
VIPRE 20190102
ViRobot 20190101
Webroot 20190102
Yandex 20181229
Zillya 20181231
ZoneAlarm by Check Point 20190102
Zoner 20190102
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name Microsoft.Win32.Primitives.dll
Internal name Microsoft.Win32.Primitives.dll
File version 4.6.26919.02
Description Microsoft.Win32.Primitives
Comments Microsoft.Win32.Primitives
Signature verification Signed file, verified signature
Signing date 3:31 AM 9/19/2018
Signers
[+] Microsoft Corporation
Status Valid
Issuer Microsoft Code Signing PCA
Valid from 9:11 PM 7/12/2018
Valid to 9:11 PM 7/26/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9DC17888B5CFAD98B3CB35C1994E96227F061675
Serial number 33 00 00 01 B1 DD ED BA 54 E9 65 B8 5F 00 01 00 00 01 B1
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp service
Status Valid
Issuer Microsoft Time-Stamp PCA
Valid from 9:20 PM 8/23/2018
Valid to 9:20 PM 11/23/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 0053653A1C825DF77FC1B082A0BD833AA1C62978
Serial number 33 00 00 01 0B BF 86 A4 4E 62 8E E7 04 00 00 00 00 01 0B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 02:11:24
Entry Point 0x00002BDE
Number of sections 3
.NET details
Module Version ID ff8d59fb-0752-4a93-bc17-f70cab9e96e4
PE sections
Overlays
MD5 5e6118aa34d424dd78857d65b9a395d6
File type data
Offset 5632
Size 15920
Entropy 7.42
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Microsoft.Win32.Primitives

InitializedDataSize
2048

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
4.6.26919.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, DLL

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
dll

OriginalFileName
Microsoft.Win32.Primitives.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.6.26919.02

TimeStamp
2018:09:19 03:11:24+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
Microsoft.Win32.Primitives.dll

ProductVersion
4.6.26919.02 @BuiltBy: dlab14-DDVSOWINAGE075 @Branch: release/2.1 @SrcCode: https://github.com/dotnet/corefx/tree/02b11eeee1fbc5f3ef43a1452fe07efd25fa1715

FileDescription
Microsoft.Win32.Primitives

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3072

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x2bde

ObjectFileType
Dynamic link library

AssemblyVersion
4.1.1.0

Compressed bundles
File identification
MD5 9e6ca417d64b57188d726c9f9866f2f0
SHA1 5ba83e6f7feacc8472113c0fa3c6d50353d7d287
SHA256 d14d9770ba084c9878cba7b973f37861b5c36f3f415150253f34fc39e9102e20
ssdeep
384:TqWtUxQWhv3WxvY8nw2F0GftpBjsoU+rc4HRN7RdIjmAlMc7:TrtUVixj+iuoU+rBfW7

authentihash abc99ed0d6113a61d49221c6c878182e733a19c751fb5701c64b33210a7b9de9
imphash dae02f32a21e03ce65412f6e56942daa
File size 21.0 KB ( 21552 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
assembly pedll signed overlay

VirusTotal metadata
First submission 2018-10-20 11:25:05 UTC ( 5 months ago )
Last submission 2018-10-20 11:25:05 UTC ( 5 months ago )
File names Microsoft.Win32.Primitives.dll
Microsoft.Win32.Primitives.dll
Microsoft.Win32.Primitives.dll
Microsoft.Win32.Primitives.dll
fil72B65895C99A3B4A8B66919C10D33CC0
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!