× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03e8fd3c09e5e57f8c01f354a4f4f736401807e51557527b01cdfb4392d73378
File name: PCI-Z.exe
Detection ratio: 0 / 62
Analysis date: 2017-07-16 13:00:58 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20170716
AegisLab 20170716
AhnLab-V3 20170716
Alibaba 20170714
ALYac 20170716
Antiy-AVL 20170716
Arcabit 20170716
Avast 20170716
AVG 20170716
Avira (no cloud) 20170716
AVware 20170716
Baidu 20170714
BitDefender 20170716
CAT-QuickHeal 20170715
ClamAV 20170716
CMC 20170714
Comodo 20170716
CrowdStrike Falcon (ML) 20170710
Cylance 20170716
Cyren 20170716
DrWeb 20170716
Emsisoft 20170716
Endgame 20170713
ESET-NOD32 20170716
F-Prot 20170716
F-Secure 20170716
Fortinet 20170629
GData 20170716
Ikarus 20170716
Sophos ML 20170607
Jiangmin 20170716
K7AntiVirus 20170714
K7GW 20170716
Kaspersky 20170716
Kingsoft 20170716
Malwarebytes 20170716
MAX 20170716
McAfee 20170716
McAfee-GW-Edition 20170716
Microsoft 20170716
eScan 20170716
NANO-Antivirus 20170716
nProtect 20170716
Palo Alto Networks (Known Signatures) 20170716
Panda 20170716
Qihoo-360 20170716
Rising 20170716
SentinelOne (Static ML) 20170516
Sophos AV 20170716
SUPERAntiSpyware 20170716
Symantec 20170715
Symantec Mobile Insight 20170713
Tencent 20170716
TheHacker 20170712
TrendMicro 20170716
TrendMicro-HouseCall 20170716
Trustlook 20170716
VBA32 20170714
VIPRE 20170716
ViRobot 20170716
Webroot 20170716
WhiteArmor 20170713
Yandex 20170714
Zillya 20170714
ZoneAlarm by Check Point 20170716
Zoner 20170716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Freeware

Product PCI-Z
Original name PCI-Z.exe
Internal name PCI-Z
File version 1.31
Description PCI-Z uses PCI ID Repository to detect PCI(-E/-X) devices without drivers.
Signature verification Signed file, verified signature
Signing date 12:15 PM 7/16/2017
Signers
[+] Banelli d.o.o.
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 11/30/2015
Valid to 12:59 AM 11/30/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 00581E22B58F1917D168578EEA01C471C890C8D2
Serial number 00 C8 DC DE AC A4 42 CA BD 2F 55 68 3D 42 C3 7C 55
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-16 11:15:29
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 699ac486db1b384811af0d021e700975
File type data
Offset 696320
Size 5840
Entropy 7.40
PE imports
GetUserNameA
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Replace
ImageList_Create
CreateStatusWindowA
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Add
GetOpenFileNameA
GetSaveFileNameA
SetDIBits
CreatePen
SetStretchBltMode
GetObjectType
GetObjectA
CreateDCA
LineTo
DeleteDC
SetPixel
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
CreateBitmap
MoveToEx
GetStockObject
GetDIBits
CreateCompatibleDC
StretchBlt
StretchDIBits
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
ReadFile
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
FlushFileBuffers
GetVersionExA
LoadLibraryA
GetLocalTime
CreatePipe
GetCurrentProcess
SetConsoleCtrlHandler
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjects
AllocConsole
DeleteFileA
GetCurrentDirectoryA
Module32First
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
GetCurrentThread
GlobalUnlock
SetFilePointer
QueryPerformanceFrequency
CreateSemaphoreA
CreateThread
TlsFree
GetModuleHandleA
DeleteCriticalSection
FindFirstFileA
WriteFile
SetConsoleTitleA
CloseHandle
FreeConsole
GetComputerNameA
GlobalMemoryStatusEx
DuplicateHandle
HeapReAlloc
GlobalLock
SetFileAttributesA
GetDriveTypeA
GetProcessAffinityMask
CreateProcessA
GetTimeZoneInformation
WriteConsoleA
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
CreateFileW
GlobalAlloc
VirtualFree
FindClose
TlsGetValue
Sleep
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
strncmp
rand
malloc
sscanf
setlocale
pow
fread
fclose
strcat
_stricmp
_setjmp3
printf
fflush
fopen
strlen
strncpy
frexp
fabs
mktime
fwrite
wcslen
wcscmp
_strdup
sprintf
localtime
memset
longjmp
tolower
gmtime
free
ceil
atoi
atof
memcpy
strstr
memmove
floor
_CIpow
strcpy
modf
_strnicmp
strcmp
RevokeDragDrop
CoInitialize
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
ShellExecuteExA
MapWindowPoints
GetForegroundWindow
RedrawWindow
DrawStateA
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
ScreenToClient
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetWindowTextLengthA
GetActiveWindow
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
EnumPropsExA
GetKeyState
DestroyWindow
GetMessageA
GetParent
SetPropA
EnumWindows
ShowWindow
GetPropA
CreateIconFromResourceEx
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
SetClipboardData
GetSystemMetrics
IsZoomed
RegisterClassA
GetWindowLongA
CreateMenu
FillRect
GetSysColorBrush
CreateAcceleratorTableA
IsChild
SetFocus
SetCapture
GetScrollPos
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
CharLowerA
GetWindowRect
PostMessageA
ReleaseCapture
EnumChildWindows
SetWindowLongA
RemovePropA
CreatePopupMenu
CreateWindowExA
BringWindowToTop
ClientToScreen
LoadCursorA
LoadIconA
TrackPopupMenu
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
FindWindowA
GetWindowThreadProcessId
AppendMenuA
DrawFrameControl
SetMenu
MoveWindow
MessageBoxA
AdjustWindowRectEx
GetSysColor
RegisterClassExA
SystemParametersInfoA
DestroyIcon
IsWindowVisible
SetCursorPos
SetRect
InvalidateRect
DefFrameProcA
SetWindowTextA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
timeBeginPeriod
__WSAFDIsSet
recv
socket
bind
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
ioctlsocket
connect
sendto
recvfrom
htons
closesocket
gethostbyaddr
select
Number of PE resources by type
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.1.0

Email
info@pci-z.com

Website
http://www.pci-z.com/

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
PCI-Z uses PCI ID Repository to detect PCI(-E/-X) devices without drivers.

CharacterSet
Unicode

InitializedDataSize
340992

EntryPoint
0x1000

OriginalFileName
PCI-Z.exe

MIMEType
application/octet-stream

LegalCopyright
Freeware

FileVersion
1.31

TimeStamp
2017:07:16 12:15:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PCI-Z

ProductVersion
1.31

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Bruno Banelli

CodeSize
365568

ProductName
PCI-Z

ProductVersionNumber
1.3.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c0857511ffa5f0c709ed62137af92646
SHA1 3c97fec72d46243abc0ac4c7bfb27ed2d66eed14
SHA256 03e8fd3c09e5e57f8c01f354a4f4f736401807e51557527b01cdfb4392d73378
ssdeep
12288:hDLCWM/jU6XaSc/AfTpTv87MIYEwe52rDrRdYmu3:hhMLRKf/AftTvKLRVu4mE

authentihash c16cc0dfb1f66b85de2ecae237e29f4021142d42ed2cfc561c2dcee71927c81b
imphash 598c8e2ffad88fb6f820dfcbbce42e8e
File size 685.7 KB ( 702160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-07-16 13:00:58 UTC ( 1 month, 1 week ago )
Last submission 2017-07-16 13:00:58 UTC ( 1 month, 1 week ago )
File names PCI-Z
PCI-Z.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
UDP communications