× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0ab15288662b91d8fa4a5f77d8d72c08a55b0c88324c1cd1441265818aa0c61
File name: smona124825283245343920001
Detection ratio: 0 / 41
Analysis date: 2009-07-22 12:16:29 UTC ( 4 years, 11 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20090722
AhnLab-V3 20090722
AntiVir 20090722
Antiy-AVL 20090722
Authentium 20090722
Avast 20090721
BitDefender 20090722
CAT-QuickHeal 20090722
ClamAV 20090722
Comodo 20090721
DrWeb 20090722
F-Prot 20090721
F-Secure 20090722
Fortinet 20090722
GData 20090722
Ikarus 20090722
Jiangmin 20090722
K7AntiVirus 20090721
McAfee 20090721
McAfee+Artemis 20090721
McAfee-GW-Edition 20090722
Microsoft 20090722
NOD32 20090722
NOD32Beta 20090722
Norman 20090721
PCTools 20090721
Panda 20090721
Prevx 20090722
Rising 20090722
Sophos 20090722
Sunbelt 20090721
Symantec 20090722
TheHacker 20090721
TrendMicro 20090722
VBA32 20090722
ViRobot 20090722
VirusBuster 20090721
a-squared 20090722
eSafe 20090721
eTrust-Vet 20090722
nProtect 20090722
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 1987-2000 Microsoft Corp.

Publisher Microsoft Corporation
Product MSCOMCTL
Original name MSCOMCTL.OCX
Internal name MSCOMCTL
File version 6.01.9816
Description Windows Common Controls ActiveX Control DLL
Comments March 24, 2009
Signature verification Signed file, verified signature
Signing date 8:57 PM 3/24/2009
Signers
[+] Microsoft Corporation
Status Certificate out of its validity period
Valid from 10:24 PM 10/22/2008
Valid to 10:34 PM 1/22/2010
Valid usage Code Signing
Algorithm SHA1
Thumbrint 9E95C625D81B2BA9C72FD70275C3699613AF61E3
Serial number 61 06 27 81 00 00 00 00 00 08
[+] Microsoft Code Signing PCA
Status Certificate out of its validity period
Valid from 11:31 PM 8/22/2007
Valid to 8:00 AM 8/25/2012
Valid usage Code Signing
Algorithm SHA1
Thumbrint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status Certificate out of its validity period
Valid from 2:55 AM 9/16/2006
Valid to 3:05 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint A2D57D63CF331B177BE147088FEABEC7388BE01D
Serial number 61 49 7C ED 00 00 00 00 00 05
[+] Microsoft Timestamping PCA
Status Valid
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm MD5
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-24 16:36:38
Entry Point 0x0005E270
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetDIBColorTable
GetWindowExtEx
SetMapMode
Arc
PatBlt
OffsetRgn
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetPaletteEntries
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
CreateICA
GetBitmapBits
Rectangle
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetPixel
CreateSolidBrush
DeleteObject
IntersectClipRect
CreateHalftonePalette
GetCharWidthA
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetTextExtentPointW
CreatePatternBrush
GetObjectA
CreateFontA
BitBlt
CreateDCA
CreateBitmap
ExtTextOutW
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
GetViewportExtEx
ExtTextOutA
GetDIBits
GetTextExtentPointA
SetTextAlign
SelectClipRgn
CreateCompatibleDC
GetTextAlign
StretchBlt
GetNearestColor
StretchDIBits
GetBkColor
SetBrushOrgEx
CreateRectRgn
GetClipRgn
GetTextExtentPoint32A
GetTextMetricsA
SetDIBColorTable
Ellipse
SetWindowExtEx
GetTextColor
SetWindowOrgEx
Polyline
SelectObject
SetBkColor
CopyMetaFileA
OffsetWindowOrgEx
SetViewportExtEx
CreateCompatibleBitmap
MoveToEx
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
HeapReAlloc
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
GetProfileIntA
SetLastError
IsBadWritePtr
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
MulDiv
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcpyA
GetTimeFormatA
CreateFileMappingA
GetProcAddress
LocalSize
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
UnmapViewOfFile
lstrlenA
GlobalFree
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
HeapCreate
VirtualFree
RtlMoveMemory
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
CompareStringA
SysStringLen
SysStringByteLen
OleTranslateColor
VariantChangeType
SysAllocString
SafeArrayCreate
VariantCopy
OleCreatePropertyFrame
VariantChangeTypeEx
CreateErrorInfo
SafeArrayAccessData
SafeArrayGetLBound
UnRegisterTypeLib
SafeArrayUnaccessData
VariantCopyInd
SafeArrayDestroy
SafeArrayGetUBound
VariantInit
LoadTypeLibEx
LoadTypeLib
SysFreeString
SysAllocStringByteLen
OleLoadPicture
LoadRegTypeLib
OleCreateFontIndirect
SafeArrayGetElement
OleCreatePictureIndirect
SafeArrayRedim
SafeArrayCopy
SetErrorInfo
RegisterTypeLib
SysAllocStringLen
VariantClear
GetErrorInfo
SafeArrayPutElement
RedrawWindow
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
DestroyWindow
MoveWindow
EnableScrollBar
DestroyMenu
GetMessagePos
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
VkKeyScanA
EndDialog
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
GetWindowTextLengthA
CharUpperA
TrackPopupMenu
GetActiveWindow
GetUpdateRgn
LockWindowUpdate
GetWindowTextA
InvalidateRgn
GetKeyState
PtInRect
GetMessageA
GetParent
SystemParametersInfoA
SetPropA
EqualRect
CallMsgFilterA
CheckRadioButton
CreateCaret
ShowWindow
DrawFrameControl
SetDlgItemInt
GetClipboardFormatNameA
PeekMessageW
EnableWindow
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
DestroyCaret
GetDlgItemInt
CharNextExA
GetIconInfo
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TrackPopupMenuEx
DrawFocusRect
GetDCEx
GetKeyboardLayout
FillRect
CopyRect
DeferWindowPos
GetUpdateRect
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
SendNotifyMessageA
MapVirtualKeyA
DrawEdge
SetCapture
BeginPaint
OffsetRect
SetCaretPos
DrawIcon
KillTimer
CharNextA
RegisterWindowMessageA
CreatePopupMenu
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
SetScrollRange
GetWindowRect
InflateRect
InvertRect
UpdateWindow
PostMessageA
ReleaseCapture
EnumChildWindows
CreateWindowExA
ScreenToClient
SetWindowLongA
SetKeyboardState
CheckDlgButton
RemovePropA
SetWindowTextA
ShowCaret
GetWindowLongA
DrawIconEx
SetTimer
GetDlgItem
ClientToScreen
PostMessageW
DefWindowProcA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
GetKeyboardState
SetWindowsHookExA
IsDlgButtonChecked
ValidateRect
WindowFromDC
GetAsyncKeyState
ReleaseDC
IntersectRect
GetScrollInfo
HideCaret
CreateIconIndirect
GetCapture
GetShellWindow
FindWindowA
MessageBeep
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
GetPropA
UnhookWindowsHookEx
SetDlgItemTextA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
SetScrollInfo
CopyImage
EndDeferWindowPos
GetWindowRgn
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
UnionRect
FrameRect
SetRect
InvalidateRect
wsprintfA
AdjustWindowRect
IsRectEmpty
GetCursor
GetFocus
SetCursor
GetOpenFileNameA
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
ReleaseStgMedium
OleSaveToStream
RegisterDragDrop
OleLoadFromStream
DoDragDrop
RevokeDragDrop
CoTaskMemFree
CreateOleAdviseHolder
PE exports
Number of PE resources by type
RT_STRING 79
RT_DIALOG 30
RT_BITMAP 16
RT_ICON 12
RT_GROUP_ICON 12
RT_GROUP_CURSOR 8
RT_CURSOR 8
TYPELIB 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 167
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

SubsystemVersion
4.0

Comments
March 24, 2009

InitializedDataSize
361472

ImageVersion
0.0

ProductName
MSCOMCTL

FileVersionNumber
6.1.98.16

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
5.2

OriginalFilename
MSCOMCTL.OCX

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.01.9816

TimeStamp
2009:03:24 17:36:38+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSCOMCTL

FileAccessDate
2014:05:11 10:42:53+01:00

ProductVersion
6.01.9816

FileDescription
Windows Common Controls ActiveX Control DLL

OSVersion
4.0

FileCreateDate
2014:05:11 10:42:53+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1987-2000 Microsoft Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
690176

FileSubtype
0

ProductVersionNumber
6.1.98.16

EntryPoint
0x5e270

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 520980110b0ac4854eac5219a10fa7d8
SHA1 8ba897638329290a61ff8dc2cc3f7fceeda241d0
SHA256 e0ab15288662b91d8fa4a5f77d8d72c08a55b0c88324c1cd1441265818aa0c61
ssdeep
24576:FFlLMc2Z6M2ZZR1Urjo/8i85614IX24oA1IHE/D83JZIb5T:Vly6M2vR1q7N6J24oA1KE/DyQ

imphash 3a7844f134df6c0ae94e23b1930767aa
File size 1.0 MB ( 1069376 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (37.4%)
Win32 Executable MS Visual C++ 4.x (25.0%)
Windows ActiveX control (21.6%)
InstallShield setup (8.0%)
Win32 Executable MS Visual C++ (generic) (5.8%)
Tags
peexe pedll signed

VirusTotal metadata
First submission 2009-07-13 20:26:51 UTC ( 4 years, 12 months ago )
Last submission 2014-04-06 06:47:09 UTC ( 3 months ago )
File names MSCOMCTL
smona131172365767225897988
global_controls_mscomctlocx_f0.ee8b18ac_c23d_428a_b10a_d40e4c5374b6
mscomctl.ocx.b3fd975d_ad81_4ed2_aa40_d81211ff1991
smona131240485168868747993
smona131486038334076725349
MSCOMCTL.OCX
smona131375737179411990762
smona_e0ab15288662b91d8fa4a5f77d8d72c08a55b0c88324c1cd1441265818aa0c61.bin
smona131207180285976115935
smona131558598485484996563
smona131024407292700641077
smona130723209362128168481
smona131235266232849829853
smona131446137959067067632
520980110B0AC4854EAC5219A10FA7D8
mscomctl.ocx
smona131556029180479191781
233022F24082780351631064FC96AD005196AAEB.ocx
8ba897638329290a61ff8dc2cc3f7fceeda241d0
smona131708919182000291581
520980110b0ac4854eac5219a10fa7d8.vxe
233022f24082780351631064fc96ad005196aaeb.DLL
smona131722033999120470648
smona130893925213474518399
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!