× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffc5f420d176f7135124a6e7a4462b5dca987acf80c36ff0a6f2e3879731f0ee
File name: mi.dll
Detection ratio: 1 / 65
Analysis date: 2019-02-21 02:51:15 UTC ( 1 month ago )
Antivirus Result Update
CrowdStrike Falcon (ML) win/malicious_confidence_60% (D) 20190211
Acronis 20190220
Ad-Aware 20190220
AegisLab 20190220
AhnLab-V3 20190220
Alibaba 20180921
ALYac 20190220
Antiy-AVL 20190220
Arcabit 20190220
Avast 20190220
Avast-Mobile 20190220
AVG 20190220
Avira (no cloud) 20190220
Babable 20180917
Baidu 20190214
BitDefender 20190220
CAT-QuickHeal 20190220
ClamAV 20190220
CMC 20190220
Comodo 20190220
Cybereason 20190109
Cylance 20190220
Cyren 20190220
DrWeb 20190220
eGambit 20190220
Emsisoft 20190220
Endgame 20190215
ESET-NOD32 20190220
F-Secure 20190220
Fortinet 20190220
GData 20190220
Ikarus 20190220
Sophos ML 20181128
Jiangmin 20190220
K7AntiVirus 20190220
K7GW 20190220
Kaspersky 20190220
Kingsoft 20190220
Malwarebytes 20190220
MAX 20190220
McAfee 20190220
McAfee-GW-Edition 20190220
Microsoft 20190220
eScan 20190220
NANO-Antivirus 20190220
Palo Alto Networks (Known Signatures) 20190220
Panda 20190220
Qihoo-360 20190220
Rising 20190220
SentinelOne (Static ML) 20190203
Sophos AV 20190220
SUPERAntiSpyware 20190220
Symantec 20190220
Symantec Mobile Insight 20190220
TACHYON 20190220
Tencent 20190220
TheHacker 20190217
TotalDefense 20190220
Trapmine 20190123
Trustlook 20190220
VBA32 20190220
VIPRE 20190220
ViRobot 20190220
Webroot 20190220
Yandex 20190219
ZoneAlarm by Check Point 20190220
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name mi.dll
Internal name mi.dll
File version 10.0.14394.1000 (rs1_srvoob.160718-1700)
Description Management Infrastructure
Signature verification Signed file, verified signature
Signing date 10:30 AM 11/7/2017
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 07:11 PM 08/11/2017
Valid to 07:11 PM 08/11/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 49D59D86505D82942A076388693F4FB7B21254EE
Serial number 33 00 00 01 78 25 5A B5 CD 23 C6 5F 95 00 01 00 00 01 78
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 04:58 PM 09/07/2016
Valid to 04:58 PM 09/07/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 9D2361FA5394ACB4D0C59A07D23DFFFB50E37484
Serial number 33 00 00 00 C1 09 F8 02 41 BB 4D AA DC 00 00 00 00 00 C1
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-19 09:01:44
Entry Point 0x00015140
Number of sections 5
PE sections
Overlays
MD5 8d90a4e347c9894b6bdfcc53bcb090a0
File type data
Offset 95232
Size 16032
Entropy 7.43
PE imports
OpenThreadToken
SetThreadToken
ImpersonateSelf
RevertToSelf
OpenProcessToken
GetLastError
HeapFree
InterlockedPopEntrySList
FreeLibrary
QueryPerformanceCounter
HeapAlloc
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
LoadLibraryExW
GetProcAddress
InitializeSListHead
GetCurrentThread
WideCharToMultiByte
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
TerminateProcess
InterlockedPushEntrySList
Sleep
GetTickCount
GetCurrentThreadId
GetProcessHeap
SetLastError
LoadStringW
RCClass_AddMethodParameterQualifier
RCClass_AddClassQualifierArrayItem
Instance_SetElementArrayItem
Instance_SetElementArray
_OperationOptions_Create@12
RtlQueueAcquireCachedFastLockExclusive
RCClass_AddClassQualifierArray
RCClass_AddMethodQualifierArrayItem
MI_Hash
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
Config_GetRegString
RtlQueueAcquireCachedFastLockShared
_SubscriptionDeliveryOptions_MigrateOptions@8
RCClass_AddMethod
MiErrorCategoryFromWindowsError
_Options_FindValue@8
Instance_IsDynamic
OSC_StringToMiValue
RtlReleaseCachedFastLockExclusive
RtlDeleteCachedFastLock
RCClass_AddElementQualifier
OSC_Type_GetSize
XMLDOM_Parse
PublishDebugMessage
RCClass_AddMethodParameterQualifierArray
RtlTryAcquireCachedFastLockShared
_OperationOptions_MigrateOptions@8
_DestinationOptions_MigrateOptions@16
RCClass_AddElementArrayItem
RtlReleaseCachedFastLockShared
RCClass_AddMethodQualifier
RtlInitializeCachedFastLock
RCClass_AddElementQualifierArrayItem
Class_New
RCClass_AddMethodParameter
RCClass_New
Config_GetProtocolHandlerDetails
RCClass_AddClassQualifier
RtlInterlockedWakeAll
XMLDOM_Free
Instance_New
RCClass_AddElement
RtlInterlockedCompareWait
CimErrorFromErrorCode
Instance_InitDynamic
_SubscriptionDeliveryOptions_Create@12
_DestinationOptions_Create@8
RCClass_AddElementQualifierArray
_DestinationOptions_Duplicate@8
RCClass_AddElementArray
_amsg_exit
_set_output_format
malloc
_i64tow_s
_wcsicmp
wcstoul
wcscpy_s
free
_except_handler4_common
swprintf_s
memset
_XcptFilter
_ui64tow_s
_initterm
memcpy
RtlEqualSid
PE exports
Number of PE resources by type
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
10.0.14394.1000

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Management Infrastructure

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
10240

EntryPoint
0x15140

OriginalFileName
mi.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.14394.1000 (rs1_srvoob.160718-1700)

TimeStamp
2016:07:19 02:01:44-07:00

FileType
Win32 DLL

PEType
PE32

InternalName
mi.dll

ProductVersion
10.0.14394.1000

SubsystemVersion
6.1

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
84992

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.14394.1000

FileTypeExtension
dll

ObjectFileType
Executable application

File identification
MD5 ae1ece463f7b91ed05df1e3b5837bdff
SHA1 ac6047af6a74b54bb5c2b62c70c83c618503c961
SHA256 ffc5f420d176f7135124a6e7a4462b5dca987acf80c36ff0a6f2e3879731f0ee
ssdeep
1536:fZkdgeutrLtB4MIu2eeXmgcOOEK7lCF+0JvCsdjf19/yKWVsoiGtm5mRZooYkFz:fZkfOgA1lCwcV19/tWkoRZoobz

authentihash 91413e94d2edfe2ab8027ce8f426beaf11ac6a23e0506e7d68d66e2009969ae7
imphash ed69bba4ce7caa0a71678423f6bc8518
File size 108.7 KB ( 111264 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2017-11-19 00:42:40 UTC ( 1 year, 4 months ago )
Last submission 2017-11-19 00:42:40 UTC ( 1 year, 4 months ago )
File names mi.dll
mi.dll
fil3CA113666617C339216C44172F8A7A87
mi.dll
filAADE0FF78101EE43A5810999B25AE905
filFE7D407334955CC4B010E6EAAD4EAEC7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!