× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c0ba73dcb8f5a8c179db77f46dcd343e71faeec16d7d1c9ae2bf64bb21371db
File name: cmagic.exe
Detection ratio: 0 / 71
Analysis date: 2019-03-09 14:48:58 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190309
AegisLab 20190309
AhnLab-V3 20190309
Alibaba 20190306
ALYac 20190309
Antiy-AVL 20190309
Arcabit 20190309
Avast 20190309
Avast-Mobile 20190308
AVG 20190309
Avira (no cloud) 20190309
Babable 20180918
Baidu 20190306
BitDefender 20190309
Bkav 20190308
CAT-QuickHeal 20190309
ClamAV 20190309
CMC 20190309
Comodo 20190309
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190309
Cyren 20190309
DrWeb 20190309
eGambit 20190309
Emsisoft 20190309
Endgame 20190215
ESET-NOD32 20190309
F-Prot 20190309
F-Secure 20190309
Fortinet 20190309
GData 20190309
Ikarus 20190309
Sophos ML 20181128
Jiangmin 20190309
K7AntiVirus 20190309
K7GW 20190309
Kaspersky 20190309
Kingsoft 20190309
Malwarebytes 20190309
MAX 20190309
McAfee 20190309
McAfee-GW-Edition 20190309
Microsoft 20190307
eScan 20190309
NANO-Antivirus 20190309
Palo Alto Networks (Known Signatures) 20190309
Panda 20190309
Qihoo-360 20190309
Rising 20190309
SentinelOne (Static ML) 20190203
Sophos AV 20190309
SUPERAntiSpyware 20190307
Symantec 20190309
Symantec Mobile Insight 20190220
TACHYON 20190309
Tencent 20190309
TheHacker 20190308
TotalDefense 20190309
Trapmine 20190301
TrendMicro 20190309
TrendMicro-HouseCall 20190309
Trustlook 20190309
VBA32 20190307
VIPRE 20190309
ViRobot 20190309
Webroot 20190309
Yandex 20190308
Zillya 20190307
ZoneAlarm by Check Point 20190309
Zoner 20190309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product Clipboard Magic
File version
Description Clipboard Magic Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 5:22 AM 5/22/2018
Signers
[+] CyberMatrix Corporation, Inc.
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 05/22/2018
Valid to 11:59 PM 05/22/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8203F2767D9E9AB8B99E379AE14AB40541C62C5D
Serial number 41 C8 56 62 0C 6E 52 63 EB 43 95 B2 EE E6 D6 C1
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000AA98
Number of sections 8
PE sections
Overlays
MD5 29d7c7fb5e37712124046ade6f46544c
File type data
Offset 57856
Size 1639376
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
GetACP
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetSystemDirectoryA
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Clipboard Magic Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0xaa98

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.05

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CyberMatrix Corporation, Inc.

CodeSize
41472

ProductName
Clipboard Magic

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0c306023b99824c79711f110b34d3022
SHA1 976869e7b513f3d53816a0984a6ca31cedf2fd4f
SHA256 0c0ba73dcb8f5a8c179db77f46dcd343e71faeec16d7d1c9ae2bf64bb21371db
ssdeep
49152:575JC3W51YQFHxirv3yBBZf/0m+zvxIue61:B5Sp2iz3yBLfT4ZIru

authentihash 996e73d8ab286c811bb5baf497d4395e186e351cd796c6f81b18e0892f01c08f
imphash 2fb819a19fe4dee5c03e8c6a79342f79
File size 1.6 MB ( 1697232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-22 05:32:38 UTC ( 11 months ago )
Last submission 2018-07-25 20:48:39 UTC ( 8 months, 3 weeks ago )
File names cmagic.exe
cmagic.exe
cmagic.exe
cmagic.exe
clipboard magic v5.03.exe
cmagic.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs