× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f5f1dbf6caa9c5ef9b2ccbfb5769c99ff47d402d413907d6c4c4fd5539b0c6d
File name: wget64.exe
Detection ratio: 0 / 65
Analysis date: 2017-09-14 18:25:12 UTC ( 6 days, 5 hours ago )
Antivirus Result Update
Ad-Aware 20170914
AegisLab 20170914
AhnLab-V3 20170914
Alibaba 20170911
ALYac 20170914
Antiy-AVL 20170914
Arcabit 20170914
Avast 20170914
Avast-Mobile 20170829
AVG 20170914
Avira (no cloud) 20170914
AVware 20170914
Baidu 20170914
BitDefender 20170914
CAT-QuickHeal 20170914
ClamAV 20170914
CMC 20170914
Comodo 20170914
CrowdStrike Falcon (ML) 20170804
Cylance 20170914
Cyren 20170914
DrWeb 20170914
Emsisoft 20170914
Endgame 20170821
ESET-NOD32 20170914
F-Prot 20170914
F-Secure 20170914
Fortinet 20170914
GData 20170914
Ikarus 20170914
Sophos ML 20170914
Jiangmin 20170914
K7AntiVirus 20170914
K7GW 20170914
Kaspersky 20170914
Kingsoft 20170914
Malwarebytes 20170914
MAX 20170914
McAfee 20170914
McAfee-GW-Edition 20170914
Microsoft 20170914
eScan 20170914
NANO-Antivirus 20170914
nProtect 20170914
Palo Alto Networks (Known Signatures) 20170914
Panda 20170914
Qihoo-360 20170914
Rising 20170914
SentinelOne (Static ML) 20170806
Sophos AV 20170914
SUPERAntiSpyware 20170914
Symantec 20170914
Symantec Mobile Insight 20170914
Tencent 20170914
TheHacker 20170911
TotalDefense 20170914
TrendMicro 20170914
TrendMicro-HouseCall 20170914
Trustlook 20170914
VBA32 20170914
VIPRE 20170914
ViRobot 20170914
Webroot 20170914
WhiteArmor 20170829
Yandex 20170908
Zillya 20170913
ZoneAlarm by Check Point 20170914
Zoner 20170914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:38 PM 2/25/2017
Signers
[+] Jernej Simončič
Status Valid
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 3/28/2016
Valid to 12:59 AM 3/29/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint A2E1E598D17B691542616EE26800E91C64DB99B7
Serial number 03 1C E8 45 CC A9 7A AE 1E AD 8B 64 64 F9 C7 B6
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine x64
Compilation timestamp 1970-02-16 02:21:04
Entry Point 0x00001500
Number of sections 10
PE sections
Overlays
MD5 ae4f532d2a363b77e81bed9ad0d7217f
File type data
Offset 3926528
Size 24424
Entropy 6.38
PE imports
CryptDestroyKey
CryptGetUserKey
CryptReleaseContext
RegisterEventSourceW
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptSetHashParam
CryptGenRandom
CryptAcquireContextW
DeregisterEventSource
ReportEventW
CryptDecrypt
CryptGetProvParam
CryptDestroyHash
CryptCreateHash
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
GetStdHandle
DeleteFiber
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
OpenFileMappingA
GetFileInformationByHandle
IsDBCSLeadByteEx
GetTempPathA
GetCPInfo
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
SetEvent
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
TlsGetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetModuleFileNameW
GetNumberOfConsoleInputEvents
GetModuleFileNameA
FindNextVolumeW
SetConsoleCtrlHandler
RtlVirtualUnwind
GetVolumeInformationW
MultiByteToWideChar
SwitchToFiber
GetModuleHandleA
LockFileEx
CreateThread
SetUnhandledExceptionFilter
ReadConsoleA
GlobalMemoryStatus
ConvertThreadToFiber
GetModuleHandleExW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
RtlCaptureContext
GetVersion
SleepEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
FindVolumeClose
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
ConvertFiberToThread
GetStartupInfoA
UnlockFile
GetFileSize
GetProcAddress
GetConsoleScreenBufferInfo
GetFileSizeEx
FindNextFileW
RtlLookupFunctionEntry
CreateFileMappingA
FindFirstFileW
TerminateProcess
WaitForMultipleObjects
ReadConsoleW
GetTimeZoneInformation
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
FindFirstVolumeW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
UnmapViewOfFile
RtlAddFunctionTable
CreateFiber
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
SetConsoleTitleA
CloseHandle
PeekConsoleInputA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
SetConsoleMode
Sleep
MessageBoxW
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
GetUserObjectInformationW
GetProcessWindowStation
getaddrinfo
WSASocketA
getnameinfo
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
WSAAddressToStringA
htons
WSASetLastError
WSAGetLastError
getsockopt
recv
send
ntohs
select
listen
__WSAFDIsSet
WSAEventSelect
gethostbyname
getpeername
WSACleanup
closesocket
setsockopt
socket
bind
WSAEnumNetworkEvents
__lconv_init
___lc_codepage_func
fclose
_time64
_snwprintf
strtoul
fflush
isxdigit
_fmode
strtol
__initenv
strtok
fwrite
_environ
_mkgmtime64
_fstat64
isspace
_close
iswctype
_exit
rewind
_isatty
_pipe
_wfopen
strstr
_write
memcpy
perror
fputs
memmove
signal
__dllonexit
_lseek
_mkdir
strcmp
memchr
strncmp
tmpfile
_getmaxstdio
fgetc
memset
strcat
_stricmp
_setmode
fgets
__pioinfo
strchr
clock
_sys_errlist
fgetpos
fsetpos
ftell
exit
sprintf
strrchr
_acmdln
strcspn
fputc
ferror
gmtime
free
ungetc
__getmainargs
_gmtime64
_lseeki64
_vsnprintf
puts
_read
_wopen
fseek
strcpy
bsearch
__mb_cur_max
islower
_getch
isupper
strftime
rand
raise
setlocale
realloc
__doserrno
_open_osfhandle
calloc
isprint
strncat
_dup
toupper
fopen
_vsnwprintf
strncpy
_cexit
__C_specific_handler
isalnum
_sys_nerr
_unlink
qsort
_tzset
_open
_onexit
wcslen
isalpha
memcmp
__setusermatherr
srand
_isctype
_utime
getenv
wcscat
atoi
vfprintf
localeconv
strerror
wcscpy
strspn
_strnicmp
localtime
rename
malloc
sscanf
fread
_chmod
abort
fprintf
towupper
ispunct
feof
_amsg_exit
clearerr
_fdopen
_errno
strlen
_lock
_get_osfhandle
_strdup
towlower
_fileno
_getpid
_telli64
tolower
_unlock
_setmaxstdio
strpbrk
isgraph
fwprintf
setbuf
_initterm
__argv
wcstombs
__iob_func
iscntrl
_filelengthi64
wcsstr
_stat64
getc
__set_app_type
CoUninitialize
CoInitializeEx
CoCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
1970:02:16 03:21:04+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
2768896

LinkerVersion
2.25

EntryPoint
0x1500

InitializedDataSize
3921920

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
51200

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 8c45d1a15b9e26fab9e5a1c9e6e89eac
SHA1 64682f06bc59defe394416a2d31932ca433f9a5b
SHA256 0f5f1dbf6caa9c5ef9b2ccbfb5769c99ff47d402d413907d6c4c4fd5539b0c6d
ssdeep
49152:yjxC2rLbU3uLJlL+EQc8FzQ15OZF2uo9/EIOxcO1JjMDj/7GtlqqYRyr1rVwAsO3:gsnsOL2zDjDypO+huzEq99qwoD3

authentihash b0da670896fd2c68e25811a8652e2c8dda176c3eeab1461b6194a4587a19a68b
imphash bb55b0ea272950e22c66f56ce6cd7715
File size 3.8 MB ( 3950952 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2017-02-26 02:07:18 UTC ( 6 months, 3 weeks ago )
Last submission 2017-09-14 18:25:12 UTC ( 6 days, 5 hours ago )
File names wget64.exe
117
wget64.exe
wget.exe
118
wget64.exe
wget64[1].exe
wget.exe
wg3e.exe
wget.exe
wget1.exe
wget.exe
wget.exe
wget64.exe
wget.exe
wget64.exe
wget.exe
443
445
wget64.exe
tmpbc57.tmp
wget64.exe
wget.exe
wget64 (2).exe
wget.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!