× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e00ce12515a21072e91544b92ecaa38c00ea4b581e51a54b9f6eb1a2a1bbc11
File name: SketchBook_8.6.0.0_Win64.exe
Detection ratio: 0 / 65
Analysis date: 2018-07-22 22:28:04 UTC ( 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20180722
AegisLab 20180722
AhnLab-V3 20180722
Alibaba 20180713
ALYac 20180722
Antiy-AVL 20180722
Arcabit 20180722
Avast 20180722
Avast-Mobile 20180722
AVG 20180722
Avira (no cloud) 20180722
AVware 20180722
Babable 20180406
Baidu 20180717
BitDefender 20180722
Bkav 20180719
CAT-QuickHeal 20180722
ClamAV 20180722
CMC 20180722
Comodo 20180722
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180722
Cyren 20180722
DrWeb 20180722
eGambit 20180722
Emsisoft 20180722
Endgame 20180711
ESET-NOD32 20180722
F-Prot 20180722
F-Secure 20180722
Fortinet 20180722
GData 20180722
Sophos ML 20180717
Jiangmin 20180722
K7AntiVirus 20180722
K7GW 20180722
Kaspersky 20180722
Kingsoft 20180722
Malwarebytes 20180722
MAX 20180722
McAfee 20180722
McAfee-GW-Edition 20180722
Microsoft 20180722
eScan 20180722
NANO-Antivirus 20180722
Palo Alto Networks (Known Signatures) 20180722
Panda 20180722
Qihoo-360 20180722
Rising 20180722
SentinelOne (Static ML) 20180701
Sophos AV 20180722
SUPERAntiSpyware 20180722
Symantec 20180722
TACHYON 20180722
Tencent 20180722
TheHacker 20180722
TrendMicro 20180722
TrendMicro-HouseCall 20180722
Trustlook 20180722
VBA32 20180720
VIPRE 20180722
ViRobot 20180722
Webroot 20180722
Yandex 20180720
Zillya 20180720
ZoneAlarm by Check Point 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 9:09 PM 4/29/2018
Signers
[+] Autodesk, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 SHA256 Code Signing CA - G2
Valid from 12:00 AM 06/20/2017
Valid to 11:59 PM 06/20/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 056FEA3C620635D36DA5FD4DB9F9E36E0E4E1080
Serial number 2E 51 D8 F4 D7 66 6F 6C D0 96 5E BE 2A 0C 7B 2A
[+] Symantec Class 3 SHA256 Code Signing CA - G2
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 07/22/2014
Valid to 11:59 PM 07/21/2024
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1392E4C7FF25B9517E931077BBE2664DC87EF70D
Serial number 7C 1B 35 35 4A E7 DB 74 E7 41 5F 11 69 CA 6B A8
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbprint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Counter signers
[+] Symantec SHA256 TimeStamping Signer - G2
Status Valid
Issuer Symantec SHA256 TimeStamping CA
Valid from 12:00 AM 01/02/2017
Valid to 11:59 PM 04/01/2028
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 625AEC3AE4EDA1D169C4EE909E85B3BBC61076D3
Serial number 54 58 F2 AA D7 41 D6 44 BC 84 A9 7B A0 96 52 E6
[+] Symantec SHA256 TimeStamping CA
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 01/12/2016
Valid to 11:59 PM 01/11/2031
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 6FC9EDB5E00AB64151C1CDFCAC74AD2C7B7E3BE4
Serial number 7B 05 B1 D4 49 68 51 44 F7 C9 89 D2 9C 19 9D 12
[+] VeriSign Universal Root Certification Authority
Status Valid
Issuer VeriSign Universal Root Certification Authority
Valid from 12:00 AM 04/02/2008
Valid to 11:59 PM 12/01/2037
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha256RSA
Thumbrint 3679CA35668772304D30A5FB873B0FA77BB70D54
Serial number 40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D
Packers identified
F-PROT CAB, appended, RAR, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-09-20 12:34:46
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 b19120db18f0bdb2bd9f35956046b1d4
File type application/x-rar
Offset 103424
Size 91367280
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
DeleteObject
GetLastError
IsDBCSLeadByte
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
SystemTimeToFileTime
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
ExitProcess
SetFileTime
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetFileAttributesW
GetCPInfo
lstrcmpiA
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTimeFormatA
DeleteFileW
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
WideCharToMultiByte
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CopyRect
WaitForInputIdle
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_ICON 4
RT_RCDATA 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 17
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:09:20 13:34:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
81920

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 779b36124c3593cbabd670d9a201c699
SHA1 9e99e4087d8e9aa91e9d4bc2925b6b23d03907f8
SHA256 1e00ce12515a21072e91544b92ecaa38c00ea4b581e51a54b9f6eb1a2a1bbc11
ssdeep
1572864:hkg0UiYjrV12cbDRzHDDB/d0Sj/22Bfp/BwmUI/8Ezjld5EATsKe+Iqsf10JCS:hzDVYcbDxHDDr08/2Kv8EzL5EcEf7S

authentihash 1fcf732dc4a4b3627af12fc4841750a842f7fd8a56d00b63580b8f118d05faf6
imphash bc5ce990cf54f8d435a68eb97512f73e
File size 87.2 MB ( 91470704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (59.8%)
WinRAR Self Extracting archive (37.9%)
Windows screen saver (0.9%)
Win32 Dynamic Link Library (generic) (0.4%)
Win32 Executable (generic) (0.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-01 04:06:04 UTC ( 9 months, 3 weeks ago )
Last submission 2019-01-31 13:36:26 UTC ( 2 weeks, 5 days ago )
File names SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
1E00CE12515A21072E91544B92ECAA38C00EA4B581E51A54B9F6EB1A2A1BBC11.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
SketchBook_8.6.0.0_Win64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!