× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 51859b44b9bfe35c7a080d41134e7ef984826662afe5876812c4b0f10d629efc
Dateiname: HDCleaner.exe
Erkennungsrate: 1 / 64
Analyse-Datum: 2017-08-05 10:52:56 UTC ( vor 1 Jahr ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
TrendMicro-HouseCall Suspici.5025EB53 20170805
Ad-Aware 20170805
AegisLab 20170805
AhnLab-V3 20170804
Alibaba 20170804
ALYac 20170805
Antiy-AVL 20170805
Arcabit 20170805
Avast 20170805
AVG 20170805
Avira (no cloud) 20170805
AVware 20170805
Baidu 20170804
BitDefender 20170805
Bkav 20170805
CAT-QuickHeal 20170805
ClamAV 20170805
CMC 20170805
Comodo 20170805
CrowdStrike Falcon (ML) 20170710
Cylance 20170805
Cyren 20170805
DrWeb 20170805
Emsisoft 20170805
Endgame 20170721
ESET-NOD32 20170805
F-Prot 20170805
F-Secure 20170805
Fortinet 20170805
GData 20170805
Ikarus 20170805
Sophos ML 20170607
Jiangmin 20170805
K7AntiVirus 20170804
K7GW 20170805
Kaspersky 20170805
Kingsoft 20170805
Malwarebytes 20170805
MAX 20170805
McAfee 20170804
McAfee-GW-Edition 20170805
Microsoft 20170805
eScan 20170805
NANO-Antivirus 20170805
nProtect 20170805
Palo Alto Networks (Known Signatures) 20170805
Panda 20170805
Qihoo-360 20170805
Rising 20170805
SentinelOne (Static ML) 20170718
Sophos AV 20170805
SUPERAntiSpyware 20170805
Symantec 20170804
Symantec Mobile Insight 20170804
Tencent 20170805
TheHacker 20170804
TrendMicro 20170805
Trustlook 20170805
VBA32 20170803
VIPRE 20170805
ViRobot 20170805
Webroot 20170805
WhiteArmor 20170731
Yandex 20170801
Zillya 20170804
ZoneAlarm by Check Point 20170805
Zoner 20170805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. Alle Rechte vorbehalten.

Product Betriebssystem Microsoft® Windows®
Original name WEXTRACT.EXE
Internal name Wextract
File version 6.00.2900.5512 (xpsp.080413-2105)
Description Win32 Cabinet Self-Extractor
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:33 AM 9/4/2017
Packers identified
F-PROT CAB, Unicode, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-13 18:32:45
Entry Point 0x0000645C
Number of sections 3
PE sections
Overlays
MD5 73c6a26aa0224e874f614c42d433f37e
File type data
Offset 7735808
Size 4432
Entropy 7.59
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetLastError
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LoadLibraryA
GetExitCodeProcess
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
GetModuleFileNameA
IsDBCSLeadByte
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
_llseek
GetCommandLineA
GlobalLock
EnumResourceLanguagesA
TerminateThread
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
CreateEventA
lstrcpyA
_lopen
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
TerminateProcess
CreateProcessA
RemoveDirectoryA
SetUnhandledExceptionFilter
LockResource
LoadResource
WriteFile
GlobalAlloc
LocalFileTimeToFileTime
FindClose
FormatMessageA
GetTickCount
CreateFileA
GetDriveTypeA
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
LoadStringA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 14
RT_DIALOG 6
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN 14
ENGLISH US 14
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
6.0.2900.5512

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
7695360

EntryPoint
0x645c

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. Alle Rechte vorbehalten.

FileVersion
6.00.2900.5512 (xpsp.080413-2105)

TimeStamp
2008:04:13 19:32:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
6.00.2900.5512

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
39424

ProductName
Betriebssystem Microsoft Windows

ProductVersionNumber
6.0.2900.5512

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 76295fda4250c3b6d68b3f13b8bd863a
SHA1 b7fc5387b1ff5d2b0704ad23eddd009ea1fe46be
SHA256 51859b44b9bfe35c7a080d41134e7ef984826662afe5876812c4b0f10d629efc
ssdeep
196608:pBGF6QovoHBb2aK1ZVOQ2hFYNZkaiPaDpMcE5:pBYoCsZROQSfLPyGv

authentihash 086c9afa1a9b7469bb650a7f99ddaeeb877529137192e45fb37dfe036fe1d385
imphash 0ebb3c09b06b1666d307952e824c8697
File size 7.4 MB ( 7740240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-08-05 10:52:56 UTC ( vor 1 Jahr )
Last submission 2017-08-05 10:52:56 UTC ( vor 1 Jahr )
Dateinamen Wextract
WEXTRACT.EXE
HDCleaner.exe
51859B44B9BFE35C7A080D41134E7EF984826662AFE5876812C4B0F10D629EFC.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications