× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a06318a34ebe4e8f462442108d4bcb70c129437969a32edb547ea30e75e1ef9
File name: tfsbuildservicehost.exe
Detection ratio: 0 / 57
Analysis date: 2015-01-16 23:13:49 UTC ( 2 years, 2 months ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Ad-Aware 20150117
AegisLab 20150117
Yandex 20150116
AhnLab-V3 20150116
Alibaba 20150116
ALYac 20150116
Antiy-AVL 20150116
Avast 20150117
AVG 20150116
Avira (no cloud) 20150116
AVware 20150116
Baidu-International 20150116
BitDefender 20150116
Bkav 20150116
ByteHero 20150117
CAT-QuickHeal 20150116
ClamAV 20150116
CMC 20150116
Comodo 20150116
Cyren 20150116
DrWeb 20150116
Emsisoft 20150116
ESET-NOD32 20150116
F-Prot 20150116
F-Secure 20150116
Fortinet 20150116
GData 20150116
Ikarus 20150116
Jiangmin 20150116
K7AntiVirus 20150116
K7GW 20150116
Kaspersky 20150116
Kingsoft 20150117
Malwarebytes 20150116
McAfee 20150116
McAfee-GW-Edition 20150116
Microsoft 20150116
eScan 20150116
NANO-Antivirus 20150116
Norman 20150116
nProtect 20150116
Panda 20150116
Qihoo-360 20150117
Rising 20150116
Sophos 20150116
SUPERAntiSpyware 20150116
Symantec 20150116
Tencent 20150117
TheHacker 20150116
TotalDefense 20150116
TrendMicro 20150116
TrendMicro-HouseCall 20150116
VBA32 20150116
VIPRE 20150116
ViRobot 20150116
Zillya 20150116
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Visual Studio® 2012
Original name TFSBuildServiceHost.exe
Internal name TFSBuildServiceHost.exe
File version 11.0.51106.1 built by: Q11REL
Description Visual Studio Team Foundation Build Service Host
Signature verification Signed file, verified signature
Signing date 1:20 PM 11/6/2012
Signers
[+] Microsoft Corporation
Status Certificate out of its validity period
Issuer None
Valid from 10:42 PM 9/4/2012
Valid to 10:42 PM 3/4/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint AC1FD0922A4A2A6E5779ACDD628747C28394B0B9
Serial number 33 00 00 00 9D 1E 8D 27 AE B8 F3 D8 38 00 01 00 00 00 9D
[+] Microsoft Code Signing PCA
Status Valid
Issuer None
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm SHA1
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer None
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Certificate out of its validity period
Issuer None
Valid from 10:12 PM 9/4/2012
Valid to 10:12 PM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 2F497C556F94E32731CF86ADD8629C9867C35A24
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer None
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer None
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-06 06:55:43
Entry Point 0x0004A6BE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
WEVT_TEMPLATE 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
49664

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2012

FileVersionNumber
11.0.51106.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

OriginalFilename
TFSBuildServiceHost.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
11.0.51106.1 built by: Q11REL

TimeStamp
2012:11:06 07:55:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TFSBuildServiceHost.exe

FileAccessDate
2015:01:17 00:13:10+01:00

ProductVersion
11.0.51106.1

FileDescription
Visual Studio Team Foundation Build Service Host

OSVersion
4.0

FileCreateDate
2015:01:17 00:13:10+01:00

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
296960

FileSubtype
0

ProductVersionNumber
11.0.51106.1

EntryPoint
0x4a6be

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 962611860bb4311647f9b160fd2785e9
SHA1 c6a06196577e53a80e8d32d9a9476a27832515aa
SHA256 1a06318a34ebe4e8f462442108d4bcb70c129437969a32edb547ea30e75e1ef9
ssdeep
6144:zuVxPM+MvykFBr8djAoIBH72XMnWL6MpUYiXJFNGfG:SXv9Ir8dZJLZynZf

authentihash a5ef281861aa89c867975f3b3c6598a448604f4166078a0dbd84ce82ae19a2ce
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 354.5 KB ( 363024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (49.5%)
Windows Screen Saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe assembly signed

VirusTotal metadata
First submission 2015-01-16 22:42:06 UTC ( 2 years, 2 months ago )
Last submission 2015-01-16 23:13:49 UTC ( 2 years, 2 months ago )
File names FL_TFSBuildServiceHost.exe_Build
TFSBuildServiceHost.exe
TFSBuildServiceHost.exe
tfsbuildservicehost.exe
tfsbuildservicehost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!