× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07bd00808d7dcd05bf3d51765aed7189338c09651a52ec6b545aa9011559a09b
File name: WebDev.WebServer.exe
Detection ratio: 0 / 68
Analysis date: 2018-11-14 16:54:14 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast 20181114
Avast-Mobile 20181114
AVG 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181114
BitDefender 20181114
Bkav 20181114
CAT-QuickHeal 20181114
ClamAV 20181114
CMC 20181114
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181114
Cyren 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
Endgame 20181108
ESET-NOD32 20181114
F-Prot 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181114
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181114
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181114
McAfee-GW-Edition 20181114
Microsoft 20181114
eScan 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181114
Panda 20181114
Qihoo-360 20181114
Rising 20181114
SentinelOne (Static ML) 20181011
Sophos AV 20181114
SUPERAntiSpyware 20181114
Symantec 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181114
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181114
VIPRE 20181114
ViRobot 20181114
Webroot 20181114
Yandex 20181113
Zillya 20181114
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft (R) Visual Studio (R) 2008
Original name WebDev.WebServer.exe
Internal name WebDev.WebServer.exe
File version 9.0.21022.8
Description WebDev.WebServer.exe
Comments WebDev.WebServer.exe
Signature verification Signed file, verified signature
Signing date 10:14 AM 11/8/2007
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Code Signing PCA
Valid from 1:23 AM 8/23/2007
Valid to 1:33 AM 2/23/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D57FAC60F1A8D34877AEB350E83F46F6EFC9E5F1
Serial number 61 0F 78 4D 00 00 00 00 00 03
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 11:31 PM 8/22/2007
Valid to 8:00 AM 8/25/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Timestamping PCA
Valid from 2:55 AM 9/16/2006
Valid to 3:05 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint A2D57D63CF331B177BE147088FEABEC7388BE01D
Serial number 61 49 7C ED 00 00 00 00 00 05
[+] Microsoft Timestamping PCA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-11-07 07:16:27
Entry Point 0x0001D43E
Number of sections 3
.NET details
Module Version ID 6cd2bd6a-2942-4ff4-a1c9-9c9156595e4b
PE sections
Overlays
MD5 df626453dc919f4be3d699cad39fbfbd
File type data
Offset 126976
Size 9232
Entropy 7.41
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
WebDev.WebServer.exe

InitializedDataSize
8192

ImageVersion
0.0

ProductName
Microsoft (R) Visual Studio (R) 2008

FileVersionNumber
9.0.21022.8

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
WebDev.WebServer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.0.21022.8

TimeStamp
2007:11:07 08:16:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WebDev.WebServer.exe

ProductVersion
9.0.21022.8

FileDescription
WebDev.WebServer.exe

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
114688

FileSubtype
0

ProductVersionNumber
9.0.21022.8

EntryPoint
0x1d43e

ObjectFileType
Executable application

AssemblyVersion
9.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 3a597cf3318cc1d84cfcd98490af5b25
SHA1 72ae9a998014f1db68acc56d7e1d5d1ec7c2c161
SHA256 07bd00808d7dcd05bf3d51765aed7189338c09651a52ec6b545aa9011559a09b
ssdeep
1536:Yyv1MfTIXbP1Yf1GlnDMHq06OZiEqEUvcKr64yFX8Cy/Z:oUrol6O40Kr64yFX8Cy/Z

authentihash 17e445400074a9dd2b32d837ef9f406dd733b64022e2c5859815a14b73c66117
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 133.0 KB ( 136208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe nsrl assembly signed overlay

VirusTotal metadata
First submission 2010-06-08 08:53:20 UTC ( 8 years, 9 months ago )
Last submission 2017-03-28 20:16:21 UTC ( 1 year, 11 months ago )
File names webdev.webserver.exe.5044_8.79176.partial
webdev.webserver.exe.5044_3.483151.partial
FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
WebDev.WebServer.EXE
7312#8088_580
WebDev.WebServer.EXE
file-3316102_EXE
webdev.webserver.exe.2452_19.413712.partial
FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
WebDev.WebServer.exe
webdev.webserver.exe.2560_3.78383.partial
FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
sbs_ve_ambr_20160717194249.236_ 1404841
webdev.webserver.exe
a0003201.rbf
FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
webdev.webserver.exe.5044_3.154910.partial
webdev.webserver.exe.2588_4.44923.partial
WebDev.WebServer.EXE
webdev.webserver.exe.13224_9.1527.partial
C1WebUI_file9
FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
C__ProgramFiles_CommonFiles_MicrosoftShared_DevServer_9.0_WebDev.WebServer.EXE
webdev.webserver.exe.5044_4.79047.partial
22669543.rbf
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products MSDN Disc 4402 (Microsoft)
File names FL_Microsoft_VisualStudio_WebServer_EXE_61231_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests