× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e039c764c25bcad96015221eb5170e33eb95674f305ecdf838d67873a7fb0c0b
File name: ac1st17.dll
Detection ratio: 0 / 63
Analysis date: 2018-01-26 02:47:34 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware 20180126
AegisLab 20180126
AhnLab-V3 20180125
Alibaba 20180126
ALYac 20180125
Antiy-AVL 20180126
Arcabit 20180126
Avast 20180126
Avast-Mobile 20180125
AVG 20180126
Avira (no cloud) 20180126
AVware 20180124
Baidu 20180124
BitDefender 20180126
Bkav 20180125
CAT-QuickHeal 20180125
CMC 20180125
Comodo 20180126
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180126
Cyren 20180126
DrWeb 20180126
eGambit 20180126
Emsisoft 20180126
Endgame 20171130
ESET-NOD32 20180126
F-Prot 20180126
Fortinet 20180126
GData 20180126
Ikarus 20180125
Sophos ML 20180121
Jiangmin 20180126
K7AntiVirus 20180125
K7GW 20180125
Kaspersky 20180126
Kingsoft 20180126
Malwarebytes 20180126
MAX 20180126
McAfee 20180126
McAfee-GW-Edition 20180126
Microsoft 20180126
eScan 20180126
NANO-Antivirus 20180126
nProtect 20180126
Palo Alto Networks (Known Signatures) 20180126
Panda 20180125
Qihoo-360 20180126
Rising 20180126
SentinelOne (Static ML) 20180115
Sophos AV 20180126
SUPERAntiSpyware 20180126
Symantec 20180125
Symantec Mobile Insight 20180125
Tencent 20180126
TheHacker 20180125
TotalDefense 20180125
TrendMicro-HouseCall 20180126
Trustlook 20180126
VBA32 20180125
VIPRE 20180126
ViRobot 20180125
Webroot 20180126
Yandex 20180112
Zillya 20180125
ZoneAlarm by Check Point 20180126
Zoner 20180126
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1982-2008 by Autodesk, Inc.

Product Autodesk, Inc. ObjectDBX
Original name ac1st17.dll
Internal name ac1st17.dll
File version 17.2.711.0
Description ac1st17.dll
Signature verification Certificate out of its validity period
Signers
[+] Autodesk, Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 8/11/2006
Valid to 12:59 AM 9/22/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6DB0A7B1EEAD45A28DCD7EAA058051B7FF01FEAC
Serial number 73 7E 5B E4 2A 5D 46 2E 3E C1 1D 6C A4 14 4C 42
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-14 03:49:51
Entry Point 0x000077EE
Number of sections 5
PE sections
Overlays
MD5 a4c87047cfd9412b63fe8f33303f780f
File type data
Offset 61440
Size 3224
Entropy 7.08
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetLastError
HeapFree
EnterCriticalSection
WriteProcessMemory
UnmapViewOfFile
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
GetFileAttributesW
GetCommandLineW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetCurrentProcessId
GetProcessHeaps
UnhandledExceptionFilter
TlsGetValue
HeapSize
GetProcAddress
InterlockedCompareExchange
FlushInstructionCache
CreateFileMappingW
CompareStringW
ReleaseSemaphore
MapViewOfFile
TlsFree
HeapUnlock
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
GlobalMemoryStatus
SetLocalTime
HeapReAlloc
GetModuleHandleW
HeapWalk
HeapLock
TerminateProcess
CreateSemaphoreW
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
OutputDebugStringW
InterlockedDecrement
Sleep
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
InterlockedIncrement
??1?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_malloc_crt
malloc
?what@exception@std@@UBEPBDXZ
realloc
??_U@YAPAXI@Z
wcschr
_msize
__dllonexit
_wdupenv_s
swprintf_s
memset
_invalid_parameter_noinfo
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
_wputenv
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
??2@YAPAXI@Z
_get_heap_handle
_lock
_onexit
_encode_pointer
wcscat_s
strcpy_s
_decode_pointer
wcsrchr
??_V@YAXPAX@Z
_adjust_fdiv
_wcsicmp
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
_wgetenv_s
wcscpy_s
__CxxFrameHandler3
_except_handler4_common
wcsncmp
?_query_new_handler@@YAP6AHI@ZXZ
memcpy
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
??1exception@std@@UAE@XZ
_initterm_e
wcsncpy_s
??0exception@std@@QAE@ABQBD@Z
_encoded_null
__CppXcptFilter
??0exception@std@@QAE@XZ
_initterm
LoadStringW
MessageBoxW
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.2.711.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x77ee

OriginalFileName
ac1st17.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1982-2008 by Autodesk, Inc.

FileVersion
17.2.711.0

TimeStamp
2009:04:14 04:49:51+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
ac1st17.dll

ProductVersion
17.2.711.0

FileDescription
ac1st17.dll

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Autodesk, Inc.

CodeSize
32768

ProductName
Autodesk, Inc. ObjectDBX

ProductVersionNumber
17.2.711.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 28d44494d06e9cd6113c38a0595df9cc
SHA1 43a811ba8a870bcd9c63ef311ba9e6e4ad7318c1
SHA256 e039c764c25bcad96015221eb5170e33eb95674f305ecdf838d67873a7fb0c0b
ssdeep
768:DDNFwwtl4u8Dv+Yt6306Dqr8rQn55036uYkE6DqX6XM79ipA0dJM0dJ2BkkmTvck:DUC4RaoX9WVysIcSOD3ZmB5abXjCI

authentihash 365e17f4e6f625ba953c1b5ebf3b1582fa3d08df8e1627dd2044acef7e463fa4
imphash 0a1d7335064b47a800bb4df8d62dac5a
File size 63.1 KB ( 64664 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2012-04-09 10:22:17 UTC ( 7 years ago )
Last submission 2012-04-30 09:35:26 UTC ( 6 years, 11 months ago )
File names 62D90B3298F7D8B2FC9D00EDE071C900CD637428.dll
43a811ba8a870bcd9c63ef311ba9e6e4ad7318c1
ac1st17.dll
ac1st17.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!