home

MemoryAuditModule.dll

Mandiant Intelligent Response

MANDIANT Corporation

Publisher:
MANDIANT Corporation  (signed and verified)

Product:
Mandiant Intelligent Response

Description:
MIR Memory Audit Module

Version:
1.3.18.0

MD5:
5034d38ca0545c642aea32de7ddac7cd

SHA-1:
e7cf42fe885951ad0fcb714a7746ffe62e958010

SHA-256:
0da72f104b0632aed06bd2caf4db9c8f3b38b625ee6bf24dcfd2f58bf42310f6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/1/2024 8:23:41 PM UTC  (today)

File size:
416.6 KB (426,640 bytes)

Product version:
1.3.3

Copyright:
Copyright © 2009 Mandiant Corporation

Original file name:
MemoryAuditModule.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\mandiant\mandiant intelligent response agent\modules\memoryauditmodule.dll

Digital Signature
Signed by:
MANDIANT Corporation

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
1/16/2008 5:00:00 PM

Valid to:
11/13/2009 4:59:59 PM

Subject:
CN=MANDIANT Corporation, OU=PRODUCT DEVELOPMENT, O=MANDIANT Corporation, L=Alexandria, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0A0BBDDED69A6C6303CF5641FCD39FBC

File PE Metadata
Compilation timestamp:
9/12/2009 6:16:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:XDWWutqSDxSGXhtaN6IYPY5exa+vShZSQ0p/uRqnNsZeJlAaPv9bVFaFIICE0xtO:6lIP15exCT0Vk0XtVFaxQvj3NY+dR08w

Entry address:
0x6D35

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, C0, 5B, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B0, B2, 03, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, EC, B0, 03, 10, C9, C2, 08, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00...
 
[+]

Entropy:
5.7287

Code size:
232 KB (237,568 bytes)

Scan MemoryAuditModule.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.