× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: cbaeb417b4814df755dc85dc249142b4687e6fe341b1c0f2d8f08d440ae80808
Dateiname: DeviceCensus.exe
Erkennungsrate: 0 / 66
Analyse-Datum: 2018-10-23 12:59:25 UTC ( vor 1 Monat, 2 Wochen ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware 20181023
AegisLab 20181023
AhnLab-V3 20181023
Alibaba 20180921
ALYac 20181023
Antiy-AVL 20181023
Arcabit 20181023
Avast 20181023
Avast-Mobile 20181023
AVG 20181023
Avira (no cloud) 20181023
Babable 20180918
Baidu 20181023
BitDefender 20181023
Bkav 20181023
CAT-QuickHeal 20181022
ClamAV 20181023
CMC 20181023
CrowdStrike Falcon (ML) 20180723
Cylance 20181023
Cyren 20181023
DrWeb 20181023
eGambit 20181023
Emsisoft 20181023
Endgame 20180730
ESET-NOD32 20181023
F-Prot 20181023
F-Secure 20181023
Fortinet 20181023
GData 20181023
Ikarus 20181023
Sophos ML 20180717
Jiangmin 20181023
K7AntiVirus 20181023
K7GW 20181023
Kaspersky 20181023
Kingsoft 20181023
Malwarebytes 20181023
MAX 20181023
McAfee 20181023
McAfee-GW-Edition 20181023
Microsoft 20181023
eScan 20181023
NANO-Antivirus 20181023
Palo Alto Networks (Known Signatures) 20181023
Panda 20181023
Qihoo-360 20181023
Rising 20181023
SentinelOne (Static ML) 20181011
Sophos AV 20181023
SUPERAntiSpyware 20181022
Symantec 20181023
Symantec Mobile Insight 20181001
TACHYON 20181023
Tencent 20181023
TheHacker 20181018
TrendMicro 20181023
TrendMicro-HouseCall 20181023
Trustlook 20181023
VBA32 20181023
VIPRE 20181020
ViRobot 20181023
Webroot 20181023
Yandex 20181022
Zillya 20181022
ZoneAlarm by Check Point 20181023
Zoner 20181023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DeviceCensus.exe
Internal name DeviceCensus
File version 10.0.17134.1 (WinBuild.160101.0800)
Description Device Census
Signature verification Signed file, verified signature
Signing date 5:39 AM 4/11/2018
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Production PCA 2011
Valid from 9:23 PM 8/11/2017
Valid to 9:23 PM 8/11/2018
Valid usage NT5 Crypto, Code Signing
Algorithm sha256RSA
Thumbprint 419E77AED546A1A6CF4DC23C1F977542FE289CF7
Serial number 33 00 00 01 74 69 DE 10 8B 37 65 A8 D7 00 00 00 00 01 74
[+] Microsoft Windows Production PCA 2011
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 7:41 PM 10/19/2011
Valid to 7:51 PM 10/19/2026
Valid usage All
Algorithm sha256RSA
Thumbprint 580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D
Serial number 61 07 76 56 00 00 00 00 00 08
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbprint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA 2010
Valid from 6:56 PM 9/7/2016
Valid to 6:56 PM 9/7/2018
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 3970258B14C879DD5F0C5DE98B9CB39499F71CB7
Serial number 33 00 00 00 AC 8A 21 BC 7A D2 9B 72 F4 00 00 00 00 00 AC
[+] Microsoft Time-Stamp PCA 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:36 PM 7/1/2010
Valid to 10:46 PM 7/1/2025
Valid usage All
Algorithm sha256RSA
Thumbrint 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Serial number 61 09 81 2A 00 00 00 00 00 02
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbrint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
PE header basic information
Target machine x64
Compilation timestamp 2034-08-30 16:33:15
Entry Point 0x000026B0
Number of sections 7
PE sections
Overlays
MD5 724c77de328e1a3faf045625679027c5
File type data
Offset 26624
Size 8608
Entropy 7.34
PE imports
ApiSetQueryApiSetPresence
CoInitializeEx
CoUninitialize
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
HeapAlloc
GetProcessHeap
WTSGetActiveConsoleSessionId
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExA
VirtualProtect
VirtualQuery
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateProcessAsUserW
QueryPerformanceCounter
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
_purecall
__wgetmainargs
malloc
memset
__dllonexit
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
_fmode
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
_lock
??1type_info@@UEAA@XZ
_onexit
exit
_XcptFilter
_commode
__setusermatherr
_cexit
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_unlock
_exit
__CxxFrameHandler3
_callnewh
memcpy
??3@YAXPEAX@Z
memmove
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_initterm
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.12

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
10.0.17134.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Device Census

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
18432

EntryPoint
0x26b0

OriginalFileName
DeviceCensus.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.17134.1 (WinBuild.160101.0800)

TimeStamp
2034:08:30 17:33:15+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
DeviceCensus

ProductVersion
10.0.17134.1

SubsystemVersion
10.0

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
8704

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.17134.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0cdfb58d187b106d7f6a51588e6e334a
SHA1 e86b11544c4d850eb6c8a83af60cc011b697863b
SHA256 cbaeb417b4814df755dc85dc249142b4687e6fe341b1c0f2d8f08d440ae80808
ssdeep
384:Zp3yhsXbCFYcNC6/9aFp2kJ3XG1vHxUl2RQ2D4xrM9WcGlSWWkgW8l+zDBRJLlQ:ZpF3cNCyaFrXGtyl03orM9PGlS8L1P

authentihash 955df665b2bd34a35956d8ff432e413627271f8d3bec55bb1b9f82b3d3c44294
imphash 1bc286c06df592b67b9bbf5dac9dddf9
File size 34.4 KB ( 35232 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2018-04-17 08:14:32 UTC ( vor 7 Monate, 4 Wochen )
Last submission 2018-12-08 13:41:36 UTC ( vor 3 Tage, 16 Stunden )
Dateinamen DeviceCensus.exe
devicecensus.exe
devicecensus.exe
devicecensus.exe
DeviceCensus
devicecensus.exe
.
DeviceCensus.exe
devicecensus.exe
DeviceCensus.exe_00000000001218137269
DeviceCensus.exe
devicecensus.exe
DeviceCensus.exe
devicecensus.exe
devicecensus.exe
devicecensus.exe
devicecensus.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!