× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfcec50dd2671062b89977e10b24e1ed29065657c027ff230dedd01b85bbcc43
File name: DE4928DF40C4ADDA25BB03EB537B9B00BE9380E4.dll
Detection ratio: 0 / 53
Analysis date: 2015-12-28 05:49:45 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20151224
AegisLab 20151227
Yandex 20151226
AhnLab-V3 20151228
Alibaba 20151208
Antiy-AVL 20151228
Arcabit 20151228
Avast 20151228
AVG 20151228
AVware 20151228
Baidu-International 20151227
BitDefender 20151228
Bkav 20151227
ByteHero 20151228
CAT-QuickHeal 20151228
ClamAV 20151228
CMC 20151217
Comodo 20151228
Cyren 20151227
DrWeb 20151228
Emsisoft 20151228
ESET-NOD32 20151228
F-Prot 20151227
F-Secure 20151228
Fortinet 20151228
GData 20151228
Ikarus 20151228
Jiangmin 20151228
K7AntiVirus 20151227
K7GW 20151228
Kaspersky 20151228
Malwarebytes 20151228
McAfee 20151228
McAfee-GW-Edition 20151228
Microsoft 20151228
eScan 20151228
NANO-Antivirus 20151228
nProtect 20151224
Panda 20151227
Rising 20151227
Sophos AV 20151228
SUPERAntiSpyware 20151228
Symantec 20151227
Tencent 20151228
TheHacker 20151228
TotalDefense 20151227
TrendMicro 20151228
TrendMicro-HouseCall 20151228
VBA32 20151225
VIPRE 20151228
ViRobot 20151228
Zillya 20151227
Zoner 20151228
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright© 1995-2009 McAfee, Inc. All Rights Reserved.

Publisher McAfee
Product VirusScan Enterprise
File version 8.7.0.747
Description VirusScan Shared Utility Library
Signature verification Signed file, verified signature
Signing date 1:41 AM 2/5/2011
Signers
[+] McAfee
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 9/13/2008
Valid to 12:59 AM 10/10/2011
Valid usage Code Signing
Algorithm SHA1
Thumbprint 4F638B91E12390598F037E533C0AEA529AD1A371
Serial number 56 4A 36 1E 16 8A 81 A8 F3 EF AA DA 33 25 08 E1
[+] VeriSign Class 3 Code Signing 2004 CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-05 21:46:42
Entry Point 0x0001D0B6
Number of sections 5
PE sections
Overlays
MD5 3227c941aae663b604c41e24c8e97e28
File type data
Offset 200704
Size 5440
Entropy 7.22
PE imports
GetTokenInformation
GetSidSubAuthorityCount
RegDeleteValueW
GetSidSubAuthority
RegCloseKey
OpenProcessToken
RegSetValueExW
GetSidIdentifierAuthority
RegCreateKeyExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExA
RegConnectRegistryW
InitCommonControlsEx
PropertySheetW
GetTextMetricsW
TextOutW
CreateFontIndirectW
CreatePen
Rectangle
GetDeviceCaps
DeleteDC
SetBkMode
CreateFontW
DeleteObject
GetObjectW
RealizePalette
SetTextColor
CreatePalette
GetStockObject
SelectPalette
CreateCompatibleDC
StretchBlt
SelectObject
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
GetLastError
InitializeCriticalSection
GlobalFindAtomW
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
OutputDebugStringW
LoadLibraryW
DeviceIoControl
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
GetComputerNameW
DebugBreak
GetThreadLocale
GlobalUnlock
GetVersionExA
LoadLibraryA
lstrlenW
GetLocalTime
CopyFileW
FreeLibrary
DeleteCriticalSection
GetCurrentProcess
IsBadWritePtr
EnterCriticalSection
CompareFileTime
GlobalLock
LockResource
CreateThread
GetSystemDefaultLCID
LoadLibraryExW
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetDateFormatW
GetCurrentThread
LeaveCriticalSection
GetTimeFormatW
GlobalAddAtomW
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
GlobalFree
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
MulDiv
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
FindFirstFileExW
GetModuleHandleW
IsBadStringPtrW
GetExitCodeProcess
FormatMessageW
TerminateProcess
CreateEventW
GetProcAddress
LoadResource
FindResourceW
CreateFileW
GlobalAlloc
CreateProcessW
GetFileAttributesW
InterlockedDecrement
Sleep
SetFileAttributesW
CloseHandle
GetTickCount
GetCurrentThreadId
GetLocaleInfoW
GetCurrentProcessId
GetEnvironmentVariableW
GetOEMCP
InterlockedIncrement
LZOpenFileW
LZSeek
LZRead
LZClose
SysFreeString
SysReAllocString
SysStringLen
SysAllocString
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SetFocus
AppendMenuW
GetSysColor
GetParent
CreateDialogIndirectParamW
UpdateWindow
DrawTextExW
EndDialog
DrawTextW
SetClassLongW
KillTimer
DialogBoxParamW
GetMessageW
ShowWindow
SetPropW
EndPaint
LoadBitmapW
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
EnableWindow
GetDC
EnumChildWindows
SendDlgItemMessageW
GetSystemMenu
SetWindowPos
TranslateMessage
IsWindowEnabled
GetDlgItemTextW
PostMessageW
SetMenuItemInfoW
DispatchMessageW
GetScrollInfo
GetMenuItemID
CreateDialogParamW
ReleaseDC
BeginPaint
SetClipboardData
GetMenu
SetCursor
DestroyWindow
wsprintfW
EmptyClipboard
LoadStringW
SetWindowTextW
GetDlgItem
RemovePropW
SystemParametersInfoW
IsIconic
ScreenToClient
CharNextW
InvalidateRect
CloseClipboard
GetSubMenu
SetTimer
LoadImageW
GetClassNameW
GetMenuItemCount
OpenClipboard
GetClientRect
GetWindowTextW
SetDlgItemTextW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
SendMessageW
GetMenuItemInfoW
IsChild
GetMenuStringW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetOpenFileNameW
CommDlgExtendedError
Ord(111)
Ord(90)
Ord(66)
_purecall
malloc
_wcsupr
realloc
wcstoul
_wcsnicmp
__dllonexit
_snwprintf
swprintf
printf
towupper
_except_handler3
_wcsdup
qsort
_onexit
wcslen
wcscmp
wcsncat
towlower
_itow
wcsrchr
_adjust_fdiv
_wcsicmp
tolower
iswctype
wcschr
wcsncpy
free
wcscat
_wsplitpath
_initterm
wprintf
memmove
difftime
swscanf
wcscpy
time
wcsstr
wcsncmp
_wtol
_wtoi
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize
StringFromGUID2
WinMainDialogCreated1
WinMainDialogDestroyed1
WinMainMouseActivateProcessModalWindow
WinMainSetProcessModalWindow
WinMainActivateProcessModalWindow
PE exports
Number of PE resources by type
RT_DIALOG 21
Struct(240) 2
RT_BITMAP 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
4.0

FileSubtype
0

FileVersionNumber
8.7.0.747

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
90112

PrivateBuild
VSE.8.7.0.747 F1,F2,F3,F4,F5,F6

EntryPoint
0x1d0b6

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-2009 McAfee, Inc. All Rights Reserved.

FileVersion
8.7.0.747

TimeStamp
2009:08:05 22:46:42+01:00

FileType
Win32 DLL

PEType
PE32

ProductVersion
8.7.0

FileDescription
VirusScan Shared Utility Library

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
McAfee, Inc.

CodeSize
118784

ProductName
VirusScan Enterprise

ProductVersionNumber
8.7.0.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 901df916fe8ce427c1c28815006af86b
SHA1 207c2e9bbb5ae59a0b97da189a7d469da75ba44b
SHA256 dfcec50dd2671062b89977e10b24e1ed29065657c027ff230dedd01b85bbcc43
ssdeep
3072:lkF8CkCvvsrmxiDI95eqyP+4cOYcQKBX2A0wr9tih1IUKEtik:lkyCkCnY6iDIaqyP/cOtQK7ptOiqik

authentihash 454c7ac52d8e7041463df0b64d86cf83d0e0d1aaa418f3092591f65cece35a1b
imphash 81c9df4d0c00077722cd7701bb2ab85c
File size 201.3 KB ( 206144 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2011-04-20 14:40:32 UTC ( 8 years, 1 month ago )
Last submission 2011-04-20 14:40:32 UTC ( 8 years, 1 month ago )
File names shutil.dll
shutil.dll
shutil.dll
shutil.dll
DE4928DF40C4ADDA25BB03EB537B9B00BE9380E4.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!