× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 114597c23daba2623f00cc0092df116bad03c2989acf49ba78a3ff64cabfb4d0
File name: IE11-Windows6.1.exe
Detection ratio: 0 / 68
Analysis date: 2019-01-24 05:17:09 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis 20190119
Ad-Aware 20190124
AegisLab 20190124
AhnLab-V3 20190124
Alibaba 20180921
ALYac 20190124
Antiy-AVL 20190124
Arcabit 20190124
Avast 20190124
Avast-Mobile 20190123
AVG 20190124
Avira (no cloud) 20190123
Babable 20180918
Baidu 20190124
BitDefender 20190124
Bkav 20190123
CAT-QuickHeal 20190123
ClamAV 20190124
CMC 20190123
Comodo 20190124
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190124
Cyren 20190124
DrWeb 20190124
Emsisoft 20190124
Endgame 20181108
ESET-NOD32 20190124
F-Prot 20190124
F-Secure 20190124
Fortinet 20190124
GData 20190124
Ikarus 20190123
Sophos ML 20181128
Jiangmin 20190124
K7AntiVirus 20190124
K7GW 20190124
Kaspersky 20190124
Kingsoft 20190124
Malwarebytes 20190124
MAX 20190124
McAfee 20190124
McAfee-GW-Edition 20190124
Microsoft 20190124
eScan 20190124
NANO-Antivirus 20190124
Palo Alto Networks (Known Signatures) 20190124
Panda 20190123
Qihoo-360 20190124
Rising 20190124
SentinelOne (Static ML) 20190118
Sophos AV 20190124
SUPERAntiSpyware 20190123
Symantec 20190124
TACHYON 20190124
Tencent 20190124
TheHacker 20190118
Trapmine 20190123
TrendMicro 20190127
TrendMicro-HouseCall 20190124
Trustlook 20190124
VBA32 20190123
ViRobot 20190124
Webroot 20190124
Yandex 20190122
Zillya 20190123
ZoneAlarm by Check Point 20190124
Zoner 20190124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name iesetup.exe
Internal name iesetup
File version 11.00.9600.16428 (winblue_gdr.131013-1700)
Description Internet Explorer 11 Setup utility
Signature verification Signed file, verified signature
Signing date 6:32 PM 10/14/2013
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 10:33 PM 01/24/2013
Valid to 09:33 PM 04/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 08:12 PM 09/04/2012
Valid to 09:12 PM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 2F497C556F94E32731CF86ADD8629C9867C35A24
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-14 06:13:44
Entry Point 0x0001B243
Number of sections 5
PE sections
Overlays
MD5 a4a8e22bd4e41bacd8539264601b10f9
File type data
Offset 2061824
Size 15568
Entropy 7.39
PE imports
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
RegNotifyChangeKeyValue
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
OpenSCManagerW
RegEnumValueW
RegOpenKeyExW
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatusEx
RegDeleteKeyW
RegQueryValueExW
Ord(336)
InitCommonControlsEx
Ord(328)
Ord(334)
Ord(339)
Ord(332)
Ord(386)
CertVerifyCertificateChainPolicy
GetDeviceCaps
SetTextColor
GetObjectW
CreateFontIndirectW
WaitForSingleObject
EnumUILanguagesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
EnumResourceLanguagesW
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
SetEvent
LocalFree
FormatMessageW
IsWow64Process
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
GetUserDefaultUILanguage
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
RemoveDirectoryW
UnhandledExceptionFilter
LoadLibraryExW
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
TerminateProcess
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
lstrcmpiA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetTempFileNameW
CreateFileMappingW
EnumResourceNamesW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
WaitForMultipleObjects
GetLocaleInfoEx
GetTempPathW
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
GetSystemInfo
FindResourceW
SetProcessShutdownParameters
LCIDToLocaleName
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetTickCount64
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
CloseHandle
GetModuleHandleW
FindResourceExW
CreateProcessW
Sleep
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocString
SysFreeString
VariantInit
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
PathStripPathW
StrCmpNIW
SHDeleteKeyW
PathIsFileSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
Ord(158)
SHRegGetUSValueW
Ord(388)
SHRegSetUSValueW
StrChrW
PathFindExtensionW
PathIsRelativeW
PathIsDirectoryW
SHGetValueW
PathRemoveExtensionW
UpdateWindow
EndDialog
GetMessageW
OffsetRect
FindWindowW
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetWindowRect
TranslateMessage
PostMessageW
SetDlgItemTextW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
SendDlgItemMessageW
LoadStringW
GetDlgItem
SystemParametersInfoW
BringWindowToTop
SetTimer
LoadImageW
IsDialogMessageW
CopyRect
GetDesktopWindow
LoadIconW
DispatchMessageW
SetForegroundWindow
CharNextW
ExitWindowsEx
DestroyWindow
IsThemeActive
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
__p__fmode
??1type_info@@UAE@XZ
??_U@YAPAXI@Z
_wcsnicmp
swprintf_s
memset
swscanf_s
_vsnwprintf
_cexit
?terminate@@YAXXZ
??2@YAPAXI@Z
iswdigit
_wcsicmp
_wtol
_amsg_exit
exit
_XcptFilter
iswalpha
__setusermatherr
_controlfp
??_V@YAXPAX@Z
_acmdln
_CxxThrowException
_ismbblead
_exit
__p__commode
??3@YAXPAX@Z
_except_handler4_common
__getmainargs
memcpy
_itow_s
wcschr
_initterm
__set_app_type
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 21
RT_STRING 13
RT_RCDATA 6
RT_GROUP_ICON 2
RT_DIALOG 1
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
TASKSCHEDULEFILE 1
Number of PE resources by language
ENGLISH US 45
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
6.3

FileSubtype
0

FileVersionNumber
11.0.9600.16428

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Internet Explorer 11 Setup utility

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Unicode

InitializedDataSize
1950720

EntryPoint
0x1b243

OriginalFileName
iesetup.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.16428 (winblue_gdr.131013-1700)

TimeStamp
2013:10:13 23:13:44-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
iesetup

ProductVersion
11.00.9600.16428

SubsystemVersion
6.1

OSVersion
6.3

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
110080

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.16428

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 900bafd0953603a55d5a0e4950705216
SHA1 694eedfb35fa572da0cb4f2c2abd61d873d76735
SHA256 114597c23daba2623f00cc0092df116bad03c2989acf49ba78a3ff64cabfb4d0
ssdeep
24576:+On4hG6ZB+Gk/wrESBkkWtTeZeMqgiPyblfiZ+Akr5BHEzcltrAQwHWkqw9pDXc2:+0qk/wrFkd5clfEw5aarA/HpDXcU1

authentihash 8f42b38be214743603492a77dd26760a2c1651f8e45ed1035a6c6907762088ae
imphash 51ae0161f6d3c0e5791362ddd6be25dd
File size 2.0 MB ( 2077392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (31.7%)
Win32 Executable MS Visual C++ (generic) (23.0%)
Win64 Executable (generic) (20.3%)
Microsoft Visual C++ compiled executable (generic) (12.1%)
Win32 Dynamic Link Library (generic) (4.8%)
Tags
peexe overlay signed via-tor software-collection

VirusTotal metadata
First submission 2013-11-07 16:36:04 UTC ( 5 years, 4 months ago )
Last submission 2019-02-22 20:13:51 UTC ( 1 month ago )
File names ie11-windows6.1.exe.l3108bx.partial
output.46143670.txt
HTTP-Fh0sZD3wrQZf34veaj.txt
27127-673614-internet-explorer.exe
ie11-windows6.1.exe.4gafb33.partial
27127-673618-internet-explorer.exe
bit4aa0.tmp
27127-673615-internet-explorer.exe
0060c302_16f8_crypt_io_copy.tmp
ie11-windows6.1.exe.h3vfw8v.partial
ie11-windows6.1.exe.oudzb15.partial
IE11-Windows6.1.exe
00458f16_17e8_crypt_io_copy.tmp
27127-673620-internet-explorer.exe
ie11-windows6.1 (2).exe
00def309_1c24_crypt_io_copy.tmp
ie11-windows6.1.exe.q7d706u.partial
IE11-Windows6.1本物.exe
ie11-windows6.1.exe.c4i0esn.partial
27127-673613-internet-explorer.exe
bit5668.tmp
file
Internet Explorer 11.exe
05_39#T9#25181
bitdf81.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!