× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e15b13c4f6252b61d746b8fc572a6c28e02cba63d899958df55d119bf8f2172b
File name: System.Runtime.Loader.dll
Detection ratio: 0 / 69
Analysis date: 2019-01-02 08:46:02 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Acronis 20181227
Ad-Aware 20190102
AegisLab 20190102
Alibaba 20180921
ALYac 20190102
Antiy-AVL 20190102
Arcabit 20190102
Avast 20190102
Avast-Mobile 20190101
AVG 20190102
Avira (no cloud) 20190101
Babable 20180918
Baidu 20181207
BitDefender 20190102
Bkav 20190102
CAT-QuickHeal 20190101
ClamAV 20190102
CMC 20190101
Comodo 20190102
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20190102
Cyren 20190102
DrWeb 20190102
eGambit 20190102
Emsisoft 20190102
Endgame 20181108
ESET-NOD32 20190101
F-Prot 20190102
F-Secure 20190102
Fortinet 20190102
GData 20190102
Ikarus 20190101
Sophos ML 20181128
Jiangmin 20190102
K7AntiVirus 20190102
K7GW 20190102
Kaspersky 20190102
Kingsoft 20190102
Malwarebytes 20190102
MAX 20190102
McAfee 20190102
McAfee-GW-Edition 20190101
Microsoft 20190101
eScan 20190102
NANO-Antivirus 20190102
Palo Alto Networks (Known Signatures) 20190102
Panda 20190101
Qihoo-360 20190102
Rising 20190102
SentinelOne (Static ML) 20181223
Sophos AV 20190102
SUPERAntiSpyware 20181226
Symantec 20190101
TACHYON 20190102
Tencent 20190102
TheHacker 20181230
TotalDefense 20190101
Trapmine 20181205
TrendMicro 20190102
TrendMicro-HouseCall 20190102
Trustlook 20190102
VBA32 20181229
VIPRE 20190101
ViRobot 20190101
Webroot 20190102
Yandex 20181229
Zillya 20181231
ZoneAlarm by Check Point 20190102
Zoner 20190102
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name System.Runtime.Loader.dll
Internal name System.Runtime.Loader.dll
File version 4.6.26919.02
Description System.Runtime.Loader
Comments System.Runtime.Loader
Signature verification Signed file, verified signature
Signing date 3:34 AM 9/19/2018
Signers
[+] Microsoft Corporation
Status Valid
Issuer Microsoft Code Signing PCA
Valid from 9:11 PM 7/12/2018
Valid to 9:11 PM 7/26/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9DC17888B5CFAD98B3CB35C1994E96227F061675
Serial number 33 00 00 01 B1 DD ED BA 54 E9 65 B8 5F 00 01 00 00 01 B1
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA
Valid from 9:20 PM 8/23/2018
Valid to 9:20 PM 11/23/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 4421564BC1D9F9A3762B304A1FD0688877444123
Serial number 33 00 00 01 10 D5 4E EA 67 1A 74 C9 01 00 00 00 00 01 10
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 02:11:36
Entry Point 0x00002FEE
Number of sections 3
.NET details
Module Version ID 3b7c8327-02ec-4c6f-9268-e7eb15104a37
PE sections
Overlays
MD5 15805a317abe3d2c4fd4091129e7b7ec
File type data
Offset 6656
Size 16112
Entropy 7.42
PE imports
_CorDllMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
System.Runtime.Loader

InitializedDataSize
2048

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
4.6.26919.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, DLL

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
dll

OriginalFileName
System.Runtime.Loader.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.6.26919.02

TimeStamp
2018:09:19 03:11:36+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
System.Runtime.Loader.dll

ProductVersion
4.6.26919.02 @BuiltBy: dlab14-DDVSOWINAGE075 @Branch: release/2.1 @SrcCode: https://github.com/dotnet/corefx/tree/02b11eeee1fbc5f3ef43a1452fe07efd25fa1715

FileDescription
System.Runtime.Loader

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
4096

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x2fee

ObjectFileType
Dynamic link library

AssemblyVersion
4.0.3.0

Compressed bundles
File identification
MD5 4fdf237cbe1dd1ead6d43f34458eb66d
SHA1 9499a37fcd120cc672ed5b68f8878f363cd7f25a
SHA256 e15b13c4f6252b61d746b8fc572a6c28e02cba63d899958df55d119bf8f2172b
ssdeep
384:DPfYs6+pCrWsIWxvUjQK0F0GftpBjCc4HRN7uh8XlBgFS/:DPfk+p0Dca+igB33gO

authentihash 54e944b6b6da106b8451ba83345d140d93ba19de917d1e41e9a42b0f4e17c0d8
imphash dae02f32a21e03ce65412f6e56942daa
File size 22.2 KB ( 22768 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
assembly pedll signed overlay

VirusTotal metadata
First submission 2018-10-20 11:22:09 UTC ( 5 months ago )
Last submission 2018-10-20 11:22:09 UTC ( 5 months ago )
File names System.Runtime.Loader.dll
System.Runtime.Loader.dll
System.Runtime.Loader.dll
fil2BE690353C4AB71EC157BEE1BB193FBE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!