× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f6bd99b32ea8943a9d3458acd7117512869c71d2298a5b4f88c56c11fcfddf6
File name: 754eb8cb4388b7b59b511b7023eda244eb40b464
Detection ratio: 9 / 69
Analysis date: 2018-12-04 10:29:30 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181204
Cyren W32/MSIL_Agent.DZ.gen!Eldorado 20181204
ESET-NOD32 a variant of MSIL/Kryptik.QHB 20181204
F-Prot W32/MSIL_Agent.DZ.gen!Eldorado 20181204
Ikarus Trojan.Agent 20181203
Kaspersky UDS:DangerousObject.Multi.Generic 20181204
Malwarebytes Trojan.FakeSig 20181204
Webroot W32.Trojan.Gen 20181204
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181204
Ad-Aware 20181204
AegisLab 20181204
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181204
Antiy-AVL 20181204
Arcabit 20181204
Avast 20181204
Avast-Mobile 20181203
AVG 20181204
Avira (no cloud) 20181204
Babable 20180918
Baidu 20181203
BitDefender 20181204
Bkav 20181203
CAT-QuickHeal 20181203
ClamAV 20181203
CMC 20181204
Comodo 20181204
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
DrWeb 20181204
eGambit 20181204
Emsisoft 20181204
Endgame 20181108
F-Secure 20181204
Fortinet 20181204
GData 20181204
Sophos ML 20181128
Jiangmin 20181204
K7AntiVirus 20181204
K7GW 20181204
Kingsoft 20181204
MAX 20181204
McAfee 20181204
McAfee-GW-Edition 20181204
Microsoft 20181204
eScan 20181204
NANO-Antivirus 20181204
Palo Alto Networks (Known Signatures) 20181204
Panda 20181203
Qihoo-360 20181204
Rising 20181204
SentinelOne (Static ML) 20181011
Sophos AV 20181204
SUPERAntiSpyware 20181128
Symantec 20181204
Symantec Mobile Insight 20181204
TACHYON 20181204
Tencent 20181204
TheHacker 20181202
TotalDefense 20181204
Trapmine 20181128
TrendMicro 20181204
TrendMicro-HouseCall 20181204
Trustlook 20181204
VBA32 20181204
ViRobot 20181204
Yandex 20181204
Zillya 20181203
Zoner 20181204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2018 Avery Dennison Corporation

Product Diagnose SQL Server performance issues
Original name r2.exe
Internal name r2.exe
File version 5.13.12.4
Description Diagnose SQL Server performance issues
Comments iwopebefuwumubazuw
Signature verification Signed file, verified signature
Signing date 3:16 AM 12/4/2018
Signers
[+] ET HOMES LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/03/2018
Valid to 11:59 PM 11/29/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 96017D39206397B324EE9BD68FAD41D2CA7B2E53
Serial number 00 8C D1 C0 06 FA 3D 0E 45 80 DE 16 40 AB AC 1C 91
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-02 21:01:13
Entry Point 0x0008600A
Number of sections 5
.NET details
Module Version ID 1799af12-faff-41f2-a3cd-8e02f5429413
PE sections
Overlays
MD5 5324b3b0f122705e5cdddfa37dea04fd
File type data
Offset 517632
Size 7768
Entropy 7.49
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
iwopebefuwumubazuw

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.13.12.4

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Diagnose SQL Server performance issues

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
327168

EntryPoint
0x8600a

OriginalFileName
r2.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Avery Dennison Corporation

FileVersion
5.13.12.4

TimeStamp
2008:11:02 22:01:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
r2.exe

ProductVersion
5.13.12.4

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Avery Dennison Corporation

CodeSize
189440

ProductName
Diagnose SQL Server performance issues

ProductVersionNumber
5.13.12.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 8fdb95d160425028281e22b2187d1232
SHA1 754eb8cb4388b7b59b511b7023eda244eb40b464
SHA256 1f6bd99b32ea8943a9d3458acd7117512869c71d2298a5b4f88c56c11fcfddf6
ssdeep
12288:CrL84PzEG1ZA1VP87Syv4grHvDdirOjz0aFSEYigO1tCtceldn:C3PIGfOVU7Syv4gr5m8zbFQOGl5

authentihash 63eb839bb7e33659b4d21317df74b1c77e2491a818609a196b3fec09a4ae28be
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 513.1 KB ( 525400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (59.0%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
revoked-cert peexe assembly signed overlay

VirusTotal metadata
First submission 2018-12-04 10:29:30 UTC ( 3 months, 2 weeks ago )
Last submission 2018-12-04 10:29:30 UTC ( 3 months, 2 weeks ago )
File names r2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!