× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: e06a65cae4c4bcbc61be84a158f4d7f990ea50f679b787e2efb1fe9fd14e38d8
File name: 443513
Detection ratio: 0 / 57
Analysis date: 2016-04-03 07:41:26 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu 20160402
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160403
F-Prot 20160403
F-Secure 20160403
Fortinet 20160403
GData 20160403
Ikarus 20160403
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160403
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Bluebit Software

Product .NET Matrix Library 5.0.1 (32-bit)
Original name NML50_x86.exe
Internal name NML50_x86
File version 5.0.1
Description This installer database contains the logic and data required to install .NET Matrix Library 5.0.1 (32-bit) .
Signature verification Signed file, verified signature
Signing date 6:32 PM 6/3/2010
Signers
[+] Bluebit Software
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign ObjectSign CA
Valid from 1:59 PM 10/8/2009
Valid to 1:59 PM 10/9/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 0E82F8BF595143C49EEDCFF6D763597FEE113735
Serial number 01 00 00 00 00 01 24 34 6A 25 AF
[+] GlobalSign ObjectSign CA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Primary Object Publishing CA
Valid from 11:00 AM 1/22/2004
Valid to 12:00 PM 1/27/2017
Valid usage All
Algorithm sha1RSA
Thumbprint B859853EF366AC9335763C340A87BD208113055F
Serial number 04 00 00 00 00 01 1E 44 A5 EC BE
[+] GlobalSign Primary Object Publishing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Root CA
Valid from 2:00 PM 1/28/1999
Valid to 1:00 PM 1/27/2017
Valid usage All
Algorithm sha1RSA
Thumbprint 1AAF4DF10D36215E09E4EEFD70E340C2E4DECF38
Serial number 04 00 00 00 00 01 1E 44 A5 E2 4E
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 3/18/2009
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX, appended, 7Z, Unicode, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-03 08:11:22
Entry Point 0x0002453E
Number of sections 4
PE sections
Overlays
MD5 a905c0389bf6dec43b365f899f8994a2
File type application/x-ms-dos-executable
Offset 309760
Size 9424808
Entropy 8.00
PE imports
[+] ADVAPI32.dll
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
StartServiceW
OpenProcessToken
RegSetValueExW
QueryServiceStatus
RegQueryInfoKeyW
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyExW
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
LockServiceDatabase
UnlockServiceDatabase
RegQueryValueExW
[+] COMCTL32.dll
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
[+] GDI32.dll
GetDeviceCaps
GetWindowExtEx
SetMapMode
DeleteDC
CreateFontIndirectW
SetBkMode
GetMapMode
GetStockObject
GetObjectW
SelectObject
GetViewportExtEx
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
[+] KERNEL32.dll
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
GlobalMemoryStatus
GlobalLock
SetEvent
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
SetStdHandle
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
[+] OLEAUT32.dll
VarUI4FromStr
OleLoadPicture
[+] SHELL32.dll
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
[+] USER32.dll
SetFocus
RedrawWindow
GetForegroundWindow
GetParent
EmptyClipboard
GetPropW
SetWindowTextW
DefWindowProcW
FindWindowW
KillTimer
DestroyMenu
PostQuitMessage
ShowWindow
LoadMenuW
SetPropW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
DialogBoxParamW
MapWindowPoints
LoadIconW
GetWindowDC
CloseClipboard
TranslateMessage
GetWindow
PostMessageW
MessageBoxW
EndDialog
DispatchMessageW
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SetClipboardData
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
RemovePropW
SystemParametersInfoW
CallWindowProcW
SetWindowPos
EnableMenuItem
ScreenToClient
CharNextW
InvalidateRect
GetSubMenu
SetTimer
LoadImageW
TrackPopupMenu
GetActiveWindow
ModifyMenuW
GetDesktopWindow
GetSystemMenu
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
OpenClipboard
[+] VERSION.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
[+] ole32.dll
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 12
RT_DIALOG 10
RT_STRING 8
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
104960

ImageVersion
0.0

ProductName
.NET Matrix Library 5.0.1 (32-bit)

FileVersionNumber
5.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
NML50_x86.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.1

TimeStamp
2010:05:03 09:11:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NML50_x86

ProductVersion
5.0.1

FileDescription
This installer database contains the logic and data required to install .NET Matrix Library 5.0.1 (32-bit) .

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) Bluebit Software

MachineType
Intel 386 or later, and compatibles

CompanyName
Bluebit Software

CodeSize
203776

FileSubtype
0

ProductVersionNumber
5.0.1.0

EntryPoint
0x2453e

ObjectFileType
Dynamic link library

File identification
MD5 cf7d9d6b66943798557636f8c93b46a6
SHA1 e01345770502c47f2aa2bd937f2d64da85efcc21
SHA256 e06a65cae4c4bcbc61be84a158f4d7f990ea50f679b787e2efb1fe9fd14e38d8
ssdeep
196608:tQ2Bmno6rtPQRxPt4F4EEhkQ+1mZYiEnaPJNEdMwy26sLGac:hBmoCtPKAzEz+1m+ii4TExT5Cac

authentihash 63bee5eece9ad4847a6a78e4ff6c53f4071503d7bb8ddbf9dc4cd8bff9d419ea
imphash 270a4da2da253ef3fb6eab39526222a3
File size 9.3 MB ( 9734568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed upx overlay

VirusTotal metadata
First submission 2010-06-05 13:40:52 UTC ( 8 years, 8 months ago )
Last submission 2016-11-28 22:22:32 UTC ( 2 years, 2 months ago )
File names NML50_x86
nml50_x86.exe
443513
NML50_x86.exe
NML50_x86.exe
E06A65CAE4C4BCBC61BE84A158F4D7F990EA50F679B787E2EFB1FE9FD14E38D8
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy