× Бисквитките са забранени! Този сайт изисква бисквитките да бъдат разрешени, за да работи правилно.
SHA256: 72b79257444e6227b502d19c432a650d8e87fbc8443b96d72c412dcb1a56faeb
Име на файла: Patch.exe
Съотношение на разпознаване: 0 / 56
Дата на анализиране: 2016-09-02 19:27:09 UTC (преди 2 години, 7 месеци) Преглед на последния
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Антивирусен софтуер Резултат Версия на обновление
ALYac 20160902
AVG 20160902
AVware 20160902
Ad-Aware 20160902
AegisLab 20160902
AhnLab-V3 20160902
Alibaba 20160901
Antiy-AVL 20160902
Arcabit 20160902
Avast 20160902
Avira (no cloud) 20160902
Baidu 20160902
BitDefender 20160902
Bkav 20160901
CAT-QuickHeal 20160902
CMC 20160901
ClamAV 20160902
Comodo 20160902
Cyren 20160902
DrWeb 20160902
ESET-NOD32 20160902
Emsisoft 20160902
F-Prot 20160902
F-Secure 20160902
Fortinet 20160902
GData 20160902
Ikarus 20160902
Sophos ML 20160830
Jiangmin 20160902
K7AntiVirus 20160902
K7GW 20160902
Kaspersky 20160902
Kingsoft 20160902
Malwarebytes 20160902
McAfee 20160902
McAfee-GW-Edition 20160902
eScan 20160902
Microsoft 20160902
NANO-Antivirus 20160902
Panda 20160902
Qihoo-360 20160902
Rising 20160902
SUPERAntiSpyware 20160901
Sophos AV 20160902
Symantec 20160902
Tencent 20160902
TheHacker 20160902
TrendMicro 20160902
TrendMicro-HouseCall 20160902
VBA32 20160902
VIPRE 20160831
ViRobot 20160902
Yandex 20160901
Zillya 20160902
Zoner 20160902
nProtect 20160902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name RegAsm.exe
Internal name RegAsm.exe
File version 4.0.30319.33440 built by: FX45W81RTMREL
Description Microsoft .NET Assembly Registration Utility
Comments Flavor=Retail
Signature verification Signed file, verified signature
Signing date 4:14 AM 8/7/2013
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 11:33 PM 01/24/2013
Valid to 10:33 PM 04/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 09:08 PM 03/27/2013
Valid to 08:08 PM 06/27/2014
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B0A14894A7339739B6B509DE26D9B7AADED2E533
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-05 23:59:04
Entry Point 0x0000D14E
Number of sections 3
.NET details
Module Version ID 03e9f71f-9da6-4ba4-b848-6c0dd5457955
PE sections
Overlays
MD5 2040d315576e0a64b9b301e173d67dee
File type data
Offset 48640
Size 15944
Entropy 7.43
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
Flavor=Retail

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.30319.33440

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft .NET Assembly Registration Utility

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2560

PrivateBuild
DDBLD104

EntryPoint
0xd14e

OriginalFileName
RegAsm.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
4.0.30319.33440 built by: FX45W81RTMREL

TimeStamp
2013:08:06 01:59:04+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
RegAsm.exe

ProductVersion
4.0.30319.33440

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
45568

ProductName
Microsoft .NET Framework

ProductVersionNumber
4.0.30319.33440

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 8ac456013a834bfaefee7f306d302ea9
SHA1 d4fcbb20f2a6a6d1a39fa47adcae902daf4f8dd3
SHA256 72b79257444e6227b502d19c432a650d8e87fbc8443b96d72c412dcb1a56faeb
ssdeep
1536:1Liwrh+tL64DKnJJAzGvchUYcQrq+8jq4TyC:1Lia+tdDKnJJAzGvc22rq+8jFTyC

authentihash b59dd169319435ba55867043e5a7447f9455315112f0199ce77e45e1885c4d1d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 63.1 KB ( 64584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
peexe assembly signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with RegAsm.exe as its name.
VirusTotal metadata
First submission 2013-10-14 02:20:42 UTC (преди 5 години, 6 месеци)
Last submission 2019-03-11 13:15:10 UTC (преди 1 месец, 2 седмици)
Имена на файла RegAsm4.exe
regasm.exe.17844_1.39632.partial
wim4d0d.tmp
~vt706c.tmp
48ffcedee23e2944a0e45b6c84d814c7.tmp
7bdf4240d74bf14ea043d0e7cdff9837.tmp
721890185125b24fa4ef34ce9863277d.tmp
~glh000d.tmp
regasm.exe.2500_1.17.partial
fc42ee845133e8498a04fb803f7814c0.tmp
b3bca374718f7f48aa8a2504931d4c84.tmp
647c50affa261a44bbb18e88395e73b1.tmp
65c255a915e30641a0480a416998860a.tmp
9892eab6c35fcd479748933fff52cd98.tmp
d36ce1b83676d001a41c0000d8275c15_regasm.exe
0c95f2b65f944f4ebdb937f13b67e164.tmp
4285a5d09588ba40a84c45afa3436db9.tmp
90c0ea1365c1cf01a41c00001c141019_regasm.exe
89dac1.tmpscan
de79025e0fdcb342a23a89ca8a872ecb.tmp
dslss.exe
8AC456013A834BFAEFEE7F306D302EA9
RegAsm.exe
51fbeeac5c978b4f8d4f9c8360772766.tmp
regasm_net4.exe
Няма коментари. Никой не е коментирал това, бъдете първи!

Оставете своя коментар…

?
Публикуване

Не сте влезли в акаунта си. Само регистрирани потребители могат да коментират. Влезте и оставете своя коментар!

Няма гласове. Никой не е гласувал за това все още, бъдете първи!