× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e002dfb858e54022c6dc7a4aa1174ac375761569a7dc0aab5734f5fab28b575
File name: mb-clean-3.1.0.1035.exe
Detection ratio: 0 / 69
Analysis date: 2019-03-17 15:53:17 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis 20190313
Ad-Aware 20190317
AegisLab 20190317
AhnLab-V3 20190317
Alibaba 20190306
ALYac 20190317
Antiy-AVL 20190317
Arcabit 20190317
Avast 20190317
Avast-Mobile 20190317
AVG 20190317
Avira (no cloud) 20190317
Babable 20180918
Baidu 20190306
BitDefender 20190317
Bkav 20190314
CAT-QuickHeal 20190317
ClamAV 20190317
CMC 20190317
Comodo 20190317
CrowdStrike Falcon (ML) 20190212
Cybereason 20190314
Cylance 20190317
Cyren 20190317
DrWeb 20190317
eGambit 20190317
Emsisoft 20190317
Endgame 20190215
ESET-NOD32 20190317
F-Prot 20190317
F-Secure 20190317
Fortinet 20190317
GData 20190317
Ikarus 20190317
Sophos ML 20190313
Jiangmin 20190317
K7AntiVirus 20190317
K7GW 20190315
Kaspersky 20190317
Kingsoft 20190317
Malwarebytes 20190317
MAX 20190317
McAfee 20190317
McAfee-GW-Edition 20190317
Microsoft 20190317
eScan 20190317
NANO-Antivirus 20190317
Palo Alto Networks (Known Signatures) 20190317
Panda 20190317
Qihoo-360 20190317
Rising 20190317
SentinelOne (Static ML) 20190311
Sophos AV 20190317
SUPERAntiSpyware 20190314
Symantec 20190316
Symantec Mobile Insight 20190220
TACHYON 20190317
Tencent 20190317
TheHacker 20190315
TotalDefense 20190317
Trapmine 20190301
TrendMicro-HouseCall 20190317
Trustlook 20190317
VBA32 20190315
ViRobot 20190317
Webroot 20190317
Yandex 20190315
Zillya 20190315
ZoneAlarm by Check Point 20190317
Zoner 20190317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
@ Malwarebytes. All rights reserved.

Product mb-clean
Original name mb-clean
Internal name mbam-clean.exe
File version 3.1.0.1035
Description Malwarebytes Cleanup Utility
Signature verification Signed file, verified signature
Signing date 11:10 PM 3/15/2018
Signers
[+] Malwarebytes Corporation
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 12:00 AM 07/21/2016
Valid to 12:00 PM 07/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 249BDA38A611CD746A132FA2AF995A2D3C941264
Serial number 04 4E 3B F5 89 76 88 0F FD 07 44 48 A8 F7 A0 58
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 PM 02/11/2011
Valid to 01:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-15 21:09:31
Entry Point 0x00053651
Number of sections 5
PE sections
Overlays
MD5 0ef22419cc728c0deca5b099fa03113f
File type data
Offset 844800
Size 14112
Entropy 7.27
PE imports
RegCreateKeyExW
CryptDestroyKey
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
RegSetValueW
CryptHashData
RegQueryValueExW
CryptCreateHash
CryptDeriveKey
CloseServiceHandle
OpenProcessToken
RegOpenKeyExW
CreateServiceW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
InitiateSystemShutdownW
CryptDecrypt
CryptDestroyHash
RegEnumValueW
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
QueryServiceStatusEx
ChangeServiceConfigW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetExitCodeProcess
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
OpenEventW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
GetDateFormatA
OpenProcess
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
RemoveDirectoryW
FindNextFileW
InterlockedIncrement
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
CreateProcessW
Sleep
NetWkstaGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
PathFileExistsW
SHDeleteKeyW
GetUserNameExW
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
EndDialog
wsprintfW
DialogBoxParamW
SetWindowTextW
GetSystemMenu
GetDlgItem
GetWindowLongW
ShowWindow
EnableMenuItem
SetDlgItemTextW
SetWindowPos
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetQueryOptionW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
WinVerifyTrust
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity
Number of PE resources by type
RT_ICON 10
RT_DIALOG 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
377344

ImageVersion
0.0

ProductName
mb-clean

FileVersionNumber
3.1.0.1035

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
mb-clean

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.1.0.1035

TimeStamp
2018:03:15 22:09:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mbam-clean.exe

ProductVersion
3.1.0.1035

FileDescription
Malwarebytes Cleanup Utility

OSVersion
5.0

FileOS
Unknown (0)

LegalCopyright
@ Malwarebytes. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Malwarebytes

CodeSize
477184

FileSubtype
0

ProductVersionNumber
3.1.0.1035

EntryPoint
0x53651

ObjectFileType
Executable application

File identification
MD5 323fdfdbbf31de0152453e2fa15a5092
SHA1 a8b87d457d67ea0e6c2974356a04ab8fbe5e0560
SHA256 0e002dfb858e54022c6dc7a4aa1174ac375761569a7dc0aab5734f5fab28b575
ssdeep
12288:W6kurkZKBPzhM+XsXR7bIGdAhN9IMt48txN1SQnTDSubCL1ZCY:W6kJZKB+ldAhNSMt4ON1S2TWRxZCY

authentihash da1a8041600d5748eb07ea1ffa61cd2ae600449739b704f8558078f9d381f8e7
imphash 157644859a533c54f0555a3849525573
File size 838.8 KB ( 858912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-03-20 06:34:58 UTC ( 1 year, 2 months ago )
Last submission 2019-04-19 16:57:46 UTC ( 1 month ago )
File names mb-clean-3.1.0.1035.exe
mb-clean-3.1.0.1035.exe
mb-clean-3.1.0.1035 (1).exe
mb-clean.exe
mb-clean.exe

mb-clean.exe
mb-clean
mb-clean-3.1.0.1035.exe
mb-clean.exe
mb-clean.exe
mb-clean-3.1.0.1035.exe
mb-clean-3.1.0.1035.exe
mb-clean-3.1.0.1035.exe
mb-clean-3.1.0.1035.exe
Malwarebytes Anti-Malware Cleanup Utility 3.1.0.1035.exe
mb-clean.exe
mbam-clean.exe
mb-clean-3.1.0.1035.exe
mb-clean.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Moved files
Created mutexes
Runtime DLLs