× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eef670aafb78cb99d6df7418beec3ae1810c8db922b7d55688e38199bab7a6b6
File name: mpsvc.dll
Detection ratio: 0 / 65
Analysis date: 2018-01-30 14:09:20 UTC ( 1 year, 2 months ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20180130
AVG 20180130
AVware 20180130
Ad-Aware 20180130
AegisLab 20180130
AhnLab-V3 20180130
Antiy-AVL 20180130
Arcabit 20180130
Avast 20180130
Avast-Mobile 20180130
Avira (no cloud) 20180130
Baidu 20180130
BitDefender 20180130
Bkav 20180130
CAT-QuickHeal 20180130
CMC 20180130
ClamAV 20180130
Comodo 20180130
CrowdStrike Falcon (ML) 20171016
Cylance 20180130
Cyren 20180130
DrWeb 20180130
ESET-NOD32 20180130
Emsisoft 20180130
Endgame 20171130
F-Prot 20180130
Fortinet 20180130
GData 20180130
Ikarus 20180130
Sophos ML 20180121
Jiangmin 20180130
K7AntiVirus 20180130
K7GW 20180130
Kaspersky 20180130
Kingsoft 20180130
MAX 20180130
Malwarebytes 20180130
McAfee 20180130
McAfee-GW-Edition 20180130
eScan 20180130
Microsoft 20180130
NANO-Antivirus 20180130
Palo Alto Networks (Known Signatures) 20180130
Panda 20180129
Qihoo-360 20180130
Rising 20180130
SUPERAntiSpyware 20180130
SentinelOne (Static ML) 20180115
Sophos AV 20180130
Symantec 20180130
Tencent 20180130
TheHacker 20180130
TotalDefense 20180130
TrendMicro 20180130
TrendMicro-HouseCall 20180130
VBA32 20180130
VIPRE 20180130
ViRobot 20180130
Webroot 20180130
Yandex 20180112
Zillya 20180129
ZoneAlarm by Check Point 20180130
Zoner 20180130
eGambit 20180130
nProtect 20180130
Alibaba 20180130
Cybereason 20171103
Symantec Mobile Insight 20180126
Trustlook 20180130
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft Malware Protection
Original name MpSvc.dll
Internal name MpSvc.dll
File version 4.3.0215.0
Description Service Module
Signature verification Signed file, verified signature
Signing date 1:46 AM 6/21/2013
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 11:33 PM 1/24/2013
Valid to 11:33 PM 4/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint BC0B6D0D7398035FCFBE8CC1AD8724A23A3A89DB
Serial number 33 00 00 00 AD C6 48 4C 2D CB 9A 42 4C 00 01 00 00 00 AD
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 10:12 PM 9/4/2012
Valid to 10:12 PM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 2F497C556F94E32731CF86ADD8629C9867C35A24
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-20 23:58:22
Entry Point 0x000E7330
Number of sections 5
PE sections
Overlays
MD5 40f8a7f74c1aac5c94b4429a5a15aaf1
File type data
Offset 1225728
Size 34408
Entropy 7.71
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
GetSecurityDescriptorControl
GetAce
OpenServiceW
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
InitializeSecurityDescriptor
RegisterTraceGuidsW
RegQueryValueExW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceConfigW
OpenProcessToken
QueryServiceStatus
SetServiceStatus
DuplicateToken
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
GetSecurityDescriptorOwner
InitiateSystemShutdownExW
CopySid
GetTraceLoggerHandle
GetTokenInformation
GetAclInformation
GetKernelObjectSecurity
IsValidSid
UnregisterTraceGuids
GetSecurityDescriptorDacl
GetTraceEnableLevel
AddAccessAllowedAceEx
GetTraceEnableFlags
RegLoadKeyW
CloseServiceHandle
GetLengthSid
ConvertStringSidToSidW
TraceEvent
CreateProcessAsUserW
OpenThreadToken
RegDeleteValueW
RevertToSelf
StartServiceW
RegSetValueExW
SetSecurityDescriptorControl
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
CheckTokenMembership
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
EqualSid
RegUnLoadKeyW
SetThreadToken
ChangeServiceConfigW
SetKernelObjectSecurity
AddAce
SetNamedSecurityInfoW
GetVolumePathNameW
CreateTimerQueueTimer
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
DebugBreak
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
IsValidLanguageGroup
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetLocaleInfoW
GetTempPathW
GetSystemTimeAsFileTime
GetThreadTimes
GetExitCodeProcess
LocalFree
GetThreadPriority
InitializeCriticalSection
FindClose
QueryDosDeviceW
FindNextChangeNotification
SetFileAttributesW
OutputDebugStringA
GetSystemTime
OpenThread
CopyFileW
RemoveDirectoryW
TryEnterCriticalSection
HeapSetInformation
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
SetFilePointerEx
DeleteTimerQueueTimer
GetSystemPowerStatus
RegisterWaitForSingleObject
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
CreateSemaphoreW
GetDiskFreeSpaceExW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LoadLibraryW
DeviceIoControl
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
OpenProcess
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetTempFileNameW
CreateFileMappingW
GetTimeFormatW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateHardLinkW
GetComputerNameExW
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
CreateEventW
CreateFileW
GetProcessTimes
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
OpenEventW
UnregisterWaitEx
GetSystemWindowsDirectoryW
FindFirstChangeNotificationW
SwitchToThread
CompareFileTime
GetCurrentProcessId
ChangeTimerQueueTimer
ProcessIdToSessionId
CopyFileExW
GetCurrentThread
ReleaseSemaphore
MapViewOfFile
ReadFile
CloseHandle
GetModuleHandleW
FileTimeToLocalFileTime
GetFileAttributesExW
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
ResetEvent
SafeArrayGetDim
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayAccessData
VariantCopy
SafeArrayCreateVector
SafeArrayGetVartype
SysFreeString
SafeArrayCopy
VariantInit
UuidFromStringW
RpcRevertToSelf
RpcServerRegisterIfEx
RpcStringBindingParseW
RpcBindingInqAuthClientW
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerRegisterAuthInfoW
UuidCreate
RpcImpersonateClient
RpcStringFreeW
RpcServerUnregisterIf
NdrServerCall2
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
MpConfigGetValueAlloc
MpManagerStatusQueryEx
MpTelemetryUninitialize
MpConfigSetValue
MpConfigInitialize
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralSetDWORD64
MpConfigUnregisterNotifications
MpTelemetryLiteralSetDWORD
MpUpdateControl
MpTelemetryLiteralSetIfMinDWORD
MpNotificationRegister
MpTelemetrySetString
MpClientUtilExportFunctions
MpTelemetryLiteralAddToStreamDWORD
MpConfigClose
MpScanControl
MpAllocMemory
MpManagerOpen
MpConfigIteratorEnum
MpTelemetryLiteralSetString
MpConfigUninitialize
MpConfigDelValue
MpTelemetryLiteralAddToStreamDWORD64
MpDebugExportFunctions
MpUtilsExportFunctions
MpConfigGetValue
MpTelemetryLiteralIncrementDWORD
MpUpdateStart
MpConfigIteratorClose
MpScanStart
MpTelemetryLiteralAddToStreamString
MpHandleClose
MpConfigIteratorOpen
MpFreeMemory
MpConfigRegisterForNotifications
MpThreatLocalizedInfoQuery
MpConfigOpen
MpTelemetryInitialize
MpTelemetryLiteralSetIfMaxDWORD
MpErrorMessageFormat
MpTelemetrySetDWORD
_purecall
rand
mbtowc
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
realloc
wctomb
memset
wcschr
malloc
__dllonexit
memcmp
__RTDynamicCast
_wcsicmp
??1type_info@@UAE@XZ
toupper
isdigit
_onexit
_vsnwprintf
__pioinfo
_amsg_exit
wcstombs
iswctype
_errno
ldiv
_lock
isxdigit
_wtol
_XcptFilter
_fileno
_wtoi64
srand
wcsrchr
towlower
__CxxFrameHandler
_CxxThrowException
isleadbyte
?terminate@@YAXXZ
_unlock
??1exception@@UAE@XZ
iswspace
?what@exception@@UBEPBDXZ
free
wcsstr
wcsncmp
calloc
memcpy
__badioinfo
memmove
_read
swscanf
_wcsnicmp
_beginthreadex
??0exception@@QAE@XZ
__mb_cur_max
ungetc
_initterm
localeconv
_wtoi
CoInitializeEx
CoUninitialize
IIDFromString
CoCreateInstance
CreateBindCtx
CoGetObject
StringFromGUID2
CoSetProxyBlanket
PE exports
Number of PE resources by type
WEVT_TEMPLATE 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
141824

ImageVersion
6.3

ProductName
Microsoft Malware Protection

FileVersionNumber
4.3.215.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Service Module

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
dll

OriginalFileName
MpSvc.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.3.0215.0

TimeStamp
2013:06:21 00:58:22+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MpSvc.dll

ProductVersion
4.3.0215.0

SubsystemVersion
5.1

OSVersion
6.3

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
1085952

FileSubtype
0

ProductVersionNumber
4.3.215.0

EntryPoint
0xe7330

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 035f371cd4749f660372c157aceb9604
SHA1 86580aa269ad2715f4ce8c5ed70e7c0c80d79b59
SHA256 eef670aafb78cb99d6df7418beec3ae1810c8db922b7d55688e38199bab7a6b6
ssdeep
24576:dtfEiCbb1XnSRS40eu1wUzu/ujA+Q4C0u8P0eR0Q7Zn3VghhADeu:XEiCbb1XfVeCplk0pceGgV3VghhAd

authentihash 3766b5261b663c0c1868ce045d06e49d7def7d176f0f1cbf5da7f33e897beb81
imphash 7f7b63b1d6b455d27951f8671a7bd793
File size 1.2 MB ( 1260136 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
pedll signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with mpsvc.dll as its name.
VirusTotal metadata
First submission 2013-08-30 20:26:20 UTC ( 5 years, 7 months ago )
Last submission 2014-11-02 06:26:42 UTC ( 4 years, 5 months ago )
File names MpSvc.dll
MpSvc.dll
mpsvc.dll
MpSvc.dll
mpsvc.dll
mpsvc.dll
mpsvc.dll
MpSvc.dll
mpsvc.dll
octet-stream
MpSvc.dll
mpsvc.dll
035F371CD4749F660372C157ACEB9604
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!