× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07732daccf118f1c5b61e8f781b09934af83ebcb25c0745370b6cdbaa2c42c4a
File name: unobtanium-cli.exe
Detection ratio: 0 / 54
Analysis date: 2016-08-03 02:55:12 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20160803
AegisLab 20160803
AhnLab-V3 20160802
Alibaba 20160802
ALYac 20160803
Antiy-AVL 20160803
Arcabit 20160803
Avast 20160803
AVG 20160803
Avira (no cloud) 20160803
AVware 20160803
Baidu 20160802
BitDefender 20160803
Bkav 20160802
CAT-QuickHeal 20160802
ClamAV 20160803
CMC 20160801
Comodo 20160803
Cyren 20160803
DrWeb 20160803
Emsisoft 20160803
ESET-NOD32 20160803
F-Prot 20160803
F-Secure 20160803
Fortinet 20160803
GData 20160803
Ikarus 20160802
Jiangmin 20160803
K7AntiVirus 20160802
K7GW 20160803
Kaspersky 20160803
Kingsoft 20160803
Malwarebytes 20160803
McAfee 20160803
McAfee-GW-Edition 20160803
Microsoft 20160803
eScan 20160803
NANO-Antivirus 20160803
nProtect 20160802
Panda 20160802
Qihoo-360 20160803
Sophos AV 20160803
SUPERAntiSpyware 20160803
Symantec 20160803
Tencent 20160803
TheHacker 20160802
TrendMicro 20160803
TrendMicro-HouseCall 20160803
VBA32 20160802
VIPRE 20160803
ViRobot 20160803
Yandex 20160802
Zillya 20160802
Zoner 20160803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
2009-2015 The Unobtanium Developers

Product Unobtanium-cli
Original name unobtanium-cli.exe
Internal name unobtanium-cli
File version 0.10.1.1
Description Unobtanium-cli (OSS RPC client for Unobtanium)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000014E0
Number of sections 9
PE sections
Overlays
MD5 ec2ee17380374b4cfa0d7eadc17519cf
File type ASCII text
Offset 3062272
Size 14
Entropy 3.09
PE imports
DeregisterEventSource
RegQueryValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
GetDeviceCaps
CreateDCA
DeleteDC
GetBitmapBits
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetObjectA
GetStdHandle
ReleaseMutex
WaitForSingleObject
FindFirstFileW
GetHandleInformation
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
VerifyVersionInfoA
GetFileInformationByHandle
GetThreadContext
GetFileTime
IsDBCSLeadByteEx
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GetThreadPriority
FreeLibrary
LocalFree
ResumeThread
SetWaitableTimer
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
DeviceIoControl
CopyFileW
GetModuleFileNameW
TryEnterCriticalSection
HeapAlloc
GetModuleFileNameA
QueueUserAPC
VerSetConditionMask
SetThreadPriority
CreateDirectoryExW
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointerEx
SetProcessAffinityMask
GetFullPathNameW
CreateSemaphoreA
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MoveFileExA
SetThreadContext
WaitForMultipleObjectsEx
GlobalMemoryStatus
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
SleepEx
CloseHandle
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
GetStartupInfoA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetCriticalSectionSpinCount
RemoveDirectoryW
FindFirstFileA
ResetEvent
CreateWaitableTimerA
FindNextFileA
TerminateProcess
DuplicateHandle
WaitForMultipleObjects
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GetSystemInfo
WaitForSingleObjectEx
GetQueuedCompletionStatus
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
SetFileTime
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
GetModuleHandleA
FindNextFileW
GetModuleHandleW
GetFileAttributesExW
PostQueuedCompletionStatus
Sleep
OpenEventA
SHGetSpecialFolderPathA
GetDesktopWindow
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
setsockopt
getaddrinfo
getsockopt
recv
send
WSARecv
WSASend
WSACleanup
WSAStartup
select
freeaddrinfo
WSASocketW
shutdown
WSASetLastError
ioctlsocket
closesocket
WSAGetLastError
connect
__lconv_init
wcsftime
fseek
fclose
_snwprintf
strtoul
fflush
fsetpos
_fmode
strtol
__initenv
fwrite
fputs
_fstat64
isspace
_close
iswctype
wcscoll
_exit
__dllonexit
_wfopen
_write
strcoll
memcpy
strstr
memmove
signal
freopen
_initterm
strcmp
memchr
strncmp
memset
strcat
_stricmp
_setmode
fgets
__pioinfo
strchr
fgetpos
isxdigit
ftell
exit
sprintf
strrchr
_acmdln
fputc
ferror
gmtime
free
ungetc
__getmainargs
ungetwc
_stat
_lseeki64
_vsnprintf
_read
wcsxfrm
strcpy
__mb_cur_max
islower
_getch
isupper
_ftime
_iob
setlocale
realloc
strxfrm
__doserrno
calloc
_setjmp3
printf
fopen
strncpy
_cexit
raise
isalnum
qsort
system
_open
_onexit
wcslen
putc
memcmp
__setusermatherr
_fdopen
getenv
atoi
vfprintf
localeconv
strerror
wcscpy
_beginthreadex
_strnicmp
putwc
localtime
malloc
sscanf
fread
abort
fprintf
getwc
towupper
ispunct
feof
_endthreadex
_amsg_exit
_errno
strlen
_lock
_get_osfhandle
towlower
_fileno
longjmp
tolower
_unlock
fwprintf
setbuf
_chsize
iswprint
_filelengthi64
strftime
time
wcsstr
getc
setvbuf
__set_app_type
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
14336

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
0.10.1.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Unobtanium-cli (OSS RPC client for Unobtanium)

CharacterSet
Windows, Latin1

InitializedDataSize
3061248

EntryPoint
0x14e0

OriginalFileName
unobtanium-cli.exe

MIMEType
application/octet-stream

LegalCopyright
2009-2015 The Unobtanium Developers

FileVersion
0.10.1.1

LegalTrademarks1
Distributed under the MIT software license, see the accompanying file COPYING or http://www.opensource.org/licenses/mit-license.php.

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

InternalName
unobtanium-cli

ProductVersion
0.10.1.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Unobtanium

CodeSize
2189824

ProductName
Unobtanium-cli

ProductVersionNumber
0.10.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 dbf6d5edc5029ba4dae98663abd39c9e
SHA1 542b4f0dbac9d7776be43b069a60744249654e92
SHA256 07732daccf118f1c5b61e8f781b09934af83ebcb25c0745370b6cdbaa2c42c4a
ssdeep
49152:geV7RTto9x6TY5LQ9yM2SJlyBo77dEW/m92XI0sK7a1TbRn/0ZoA7L3:geZRTK9x6TkLQ9yMZ+K77dEWNXI0sqiC

authentihash 9a5efafdad21e40f6c791b9ced68313c491d6f5a12b111b20636735252ff4306
imphash 6cdae972f3d310b9c1dd548edd6909c5
File size 2.9 MB ( 3062286 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay via-tor

VirusTotal metadata
First submission 2015-07-18 04:16:22 UTC ( 3 years, 2 months ago )
Last submission 2016-08-03 02:55:12 UTC ( 2 years, 1 month ago )
File names unobtanium-cli
unobtanium-cli.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs