home

mca.dll

Filseclab Malicious Code Analysis

Filseclab Corporation

Publisher:
Filseclab Corporation  (signed and verified)

Product:
Filseclab Malicious Code Analysis

Version:
1, 0, 1, 848

MD5:
b9d83750a748d6033a5425449d509169

SHA-1:
df5fe7b3ebcc94f536777bf41899c934525cd9a6

SHA-256:
6f3564c541d9c1beecc73d273fdc832496bacf8b200dce9770d1d21579a2e5ba

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:15:26 PM UTC  (today)

File size:
181.8 KB (186,192 bytes)

Product version:
1, 0, 1, 848

Copyright:
Copyright (C) Filseclab Corporation

Original file name:
mca.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\isafe\tws\mca.dll

Digital Signature
Signed by:
Filseclab Corporation

Authority:
VeriSign, Inc.

Valid from:
1/29/2012 6:00:00 PM

Valid to:
1/29/2013 5:59:59 PM

Subject:
CN=Filseclab Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Filseclab Corporation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
297FB83700ADA958AFEFF56DD3C66660

File PE Metadata
Compilation timestamp:
9/9/2012 9:18:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:YAa/C+Pjop8ZJxvMoJzaF3wwG2XtkAhyZXLNp+LCwUgjO51ARK+v10fnANMxceA:PSvbopU09DhaLNkLCwVjFRYIyPA

Entry address:
0x75EAA

Entry point:
68, 76, 1D, 17, C7, E8, DD, 1D, 00, 00, 00, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, E8, EF, 8B, FE, FF, 99, B5, 3B, 75, 7B, 57, 63, 57, 7F, 51, 59, 43, 51, 7D, 81, 3A, 84, AD, A2, 45, F9, 7E, 1E, 92, EF, F6, CE, F8, E2, 45, BC, 5B, 7B, 9F, 00, 8E, A9, 5B, 49, 48, CF, E7, 1E, EB, C6, 65, 63, 9A, B4, 61, 97, FC, 1F, 9D, C6, F3, 1B, 76, C4, 5C, DE, E3, 72, 12, D7, 5A, 69, 80, 32, 97, BA, 2A, 95, CB, A6, D2, 0F, E0, 42, 9E, EC, 2B, 62, 23, BB, B2, AB, C4, D9, FC, C5, F2, 8F, B8, 91, 20, 38, 3F, 9D...
 
[+]

Entropy:
7.8776  (probably packed)

Code size:
178 KB (182,272 bytes)

Scan mca.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.