× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5
File name: ProcDump
Detection ratio: 0 / 70
Analysis date: 2019-03-12 19:26:10 UTC ( 1 week, 5 days ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190312
AegisLab 20190312
AhnLab-V3 20190312
Alibaba 20190306
ALYac 20190312
Antiy-AVL 20190312
Arcabit 20190312
Avast 20190312
Avast-Mobile 20190312
AVG 20190312
Avira (no cloud) 20190312
Babable 20180918
Baidu 20190306
BitDefender 20190312
Bkav 20190312
CAT-QuickHeal 20190312
ClamAV 20190312
CMC 20190312
Comodo 20190312
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190312
Cyren 20190312
DrWeb 20190312
eGambit 20190312
Emsisoft 20190312
Endgame 20190215
ESET-NOD32 20190312
F-Prot 20190312
F-Secure 20190312
Fortinet 20190312
GData 20190312
Ikarus 20190312
Sophos ML 20181128
Jiangmin 20190312
K7AntiVirus 20190312
K7GW 20190312
Kaspersky 20190312
Kingsoft 20190312
Malwarebytes 20190312
MAX 20190312
McAfee 20190312
McAfee-GW-Edition 20190312
Microsoft 20190312
eScan 20190312
NANO-Antivirus 20190312
Palo Alto Networks (Known Signatures) 20190312
Panda 20190312
Qihoo-360 20190312
Rising 20190312
SentinelOne (Static ML) 20190311
Sophos AV 20190312
SUPERAntiSpyware 20190307
Symantec 20190311
Symantec Mobile Insight 20190220
TACHYON 20190312
Tencent 20190312
TheHacker 20190308
TotalDefense 20190312
Trapmine 20190301
TrendMicro 20190312
TrendMicro-HouseCall 20190312
Trustlook 20190312
VBA32 20190312
ViRobot 20190312
Webroot 20190312
Yandex 20190312
Zillya 20190312
ZoneAlarm by Check Point 20190312
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards

Product ProcDump
Original name procdump
Internal name ProcDump
File version 9.0
Description Sysinternals process dump utility
Signature verification Signed file, verified signature
Signing date 9:36 PM 4/24/2017
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 08:17 PM 08/18/2016
Valid to 08:17 PM 11/02/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 05:58 PM 09/07/2016
Valid to 05:58 PM 09/07/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 210FBBB3BB394B9FF5931F3C8FE96CFE4CBA9779
Serial number 33 00 00 00 C8 47 22 9D A3 0D CA C0 58 00 00 00 00 00 C8
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2017-04-24 20:36:21
Entry Point 0x000188CC
Number of sections 6
PE sections
Overlays
MD5 dc02a009a7732babba2afbef21df05cb
File type data
Offset 325632
Size 16040
Entropy 7.43
PE imports
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
EnumServicesStatusExW
OpenSCManagerW
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
PrintDlgW
GetDeviceCaps
EndPage
EndDoc
StartPage
StartDocW
SetMapMode
GetStdHandle
WaitForSingleObject
DebugBreak
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
DebugActiveProcessStop
RtlUnwindEx
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCPInfo
WaitForDebugEvent
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
OutputDebugStringW
TlsGetValue
GetFullPathNameW
EncodePointer
SetLastError
GetSystemTime
OpenThread
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
RaiseException
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
CreateSemaphoreW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
DebugActiveProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
DeviceIoControl
GetVersionExW
FreeLibrary
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
FlushFileBuffers
RtlPcToFileHeader
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTimeFormatW
GetFileSizeEx
ExpandEnvironmentStringsW
RtlLookupFunctionEntry
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
Process32NextW
GetCurrentDirectoryW
GetCurrentProcessId
ContinueDebugEvent
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
ReadConsoleW
ReleaseSemaphore
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
CreateProcessW
Sleep
GetOEMCP
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules
CommandLineToArgvW
StrStrIW
GetWindowThreadProcessId
LoadCursorW
SendMessageW
LoadStringA
DialogBoxIndirectParamW
EndDialog
EnumWindows
IsWindowVisible
GetSysColorBrush
InflateRect
SetWindowTextW
GetDlgItem
wsprintfW
IsHungAppWindow
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CoUninitialize
CoInitializeEx
CLSIDFromString
CoCreateInstance
CoAllowSetForegroundWindow
PdhAddCounterW
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhCollectQueryData
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
165376

ImageVersion
0.0

ProductName
ProcDump

FileVersionNumber
9.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
procdump

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
9.0

TimeStamp
2017:04:24 21:36:21+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
ProcDump

ProductVersion
9.0

FileDescription
Sysinternals process dump utility

OSVersion
5.2

FileOS
Win32

LegalCopyright
Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards

MachineType
AMD AMD64

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
175104

FileSubtype
0

ProductVersionNumber
9.0.0.0

EntryPoint
0x188cc

ObjectFileType
Unknown

Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
PCAP parents
File identification
MD5 a92669ec8852230a10256ac23bbf4489
SHA1 4bed038c66e7fdbbfb0365669923a73fbc9bb8f4
SHA256 16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5
ssdeep
6144:5ulvQXyijj2FO19VXUjUGTFqxnf85DAK/THw5+VUQwnKK5V2Ax:5uxQXygjzqU/2Jg5V26

authentihash 59cad0e3b8e8d3bfbbc4171922c078be2b4797df339ac061036c6119710a591e
imphash 6219f0a9591135f771a712374981aa3f
File size 333.7 KB ( 341672 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2017-04-29 03:28:28 UTC ( 1 year, 10 months ago )
Last submission 2019-01-29 02:21:28 UTC ( 1 month, 3 weeks ago )
File names procdump64.exe
procdump64.exe
ProcDump
procdump64.exe
procdump64.exe
procdump64.exe
procdump64.exe
procdump64.exe
procdump64.exe
procdump64.exe
procdump64.exe
procdump
procdump64.exe
procdump64.exe
64.exe
16F413862EFDA3ABA631D8A7AE2BFFF6D84ACD9F454A7ADAA518C7A8A6F375A5
procdump64.exe
procdump.exe
16f413862efda3aba631d8a7ae2bfff6d84acd9f454a7adaa518c7a8a6f375a5.bin
procdump64.exe
procdump64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!