× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 27520be20cc4af058cebb5cea5340aa03389276f1849e9acb55047875f1ef33d
File name: BCompare-4.1.1.20615.exe
Detection ratio: 0 / 56
Analysis date: 2015-09-25 14:10:12 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware 20150925
AegisLab 20150925
Yandex 20150923
AhnLab-V3 20150925
Alibaba 20150925
ALYac 20150925
Antiy-AVL 20150925
Arcabit 20150925
Avast 20150925
AVG 20150925
Avira (no cloud) 20150925
AVware 20150925
Baidu-International 20150925
BitDefender 20150925
Bkav 20150925
ByteHero 20150925
CAT-QuickHeal 20150924
ClamAV 20150924
CMC 20150925
Comodo 20150925
Cyren 20150925
DrWeb 20150925
Emsisoft 20150925
ESET-NOD32 20150925
F-Prot 20150925
F-Secure 20150925
Fortinet 20150925
GData 20150925
Ikarus 20150925
Jiangmin 20150924
K7AntiVirus 20150925
K7GW 20150925
Kaspersky 20150925
Kingsoft 20150925
Malwarebytes 20150925
McAfee 20150925
McAfee-GW-Edition 20150925
Microsoft 20150925
eScan 20150925
NANO-Antivirus 20150925
nProtect 20150925
Panda 20150925
Qihoo-360 20150925
Rising 20150924
Sophos AV 20150925
SUPERAntiSpyware 20150925
Symantec 20150924
Tencent 20150925
TheHacker 20150923
TrendMicro 20150925
TrendMicro-HouseCall 20150925
VBA32 20150924
VIPRE 20150925
ViRobot 20150925
Zillya 20150924
Zoner 20150925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Scooter Software, Inc.

Product Beyond Compare 4
File version 4.1.1.20615
Description Beyond Compare 4 Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 6:06 PM 9/24/2015
Signers
[+] Scooter Software Inc
Status Valid
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 7/24/2014
Valid to 12:59 AM 7/24/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 114C5EFEA524C3F2546507EF52C2508D03CE35CE
Serial number 6B 61 7B 33 B2 7F 8E 29 DA C9 35 71 1C 1F 42 F1
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-24 17:03:51
Entry Point 0x00018404
Number of sections 9
PE sections
Overlays
MD5 cf8cd6aff80ede2416cf3a21369e10ff
File type data
Offset 473600
Size 20137432
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetUserDefaultUILanguage
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
lstrcmpiA
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
EnumSystemLocalesW
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrlenW
GetExitCodeProcess
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetModuleHandleW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetLocaleInfoW
lstrcpynW
RemoveDirectoryW
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
SetFilePointer
GetSystemDefaultUILanguage
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
ResetEvent
FindFirstFileW
IsValidLocale
GetACP
GetCurrentThreadId
SetEvent
LocalFree
FormatMessageW
GetFileAttributesW
LoadLibraryW
CreateEventW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SetWindowLongW
MessageBoxW
PeekMessageW
CharUpperW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CallWindowProcW
CharNextW
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_STRING 6
RT_RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
4.1.1.20615

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
377344

EntryPoint
0x18404

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Scooter Software, Inc.

FileVersion
4.1.1.20615

TimeStamp
2015:09:24 18:03:51+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
4.1.1.20615

FileDescription
Beyond Compare 4 Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Scooter Software

CodeSize
95232

ProductName
Beyond Compare 4

ProductVersionNumber
4.1.1.20615

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 e60ba30be630309e064347dbabbcd447
SHA1 fd7db8ba7c5ee11bc98651f1f052de5f9b97afd7
SHA256 27520be20cc4af058cebb5cea5340aa03389276f1849e9acb55047875f1ef33d
ssdeep
393216:at2o73zUfXDErHb1a5QNLroiA9+iheNYVaxtPwwqnxbuPhYJ4LTS:at2TDK1ZUi3Y8xtYwMxbXJ4Lu

authentihash cc3b82661cff36616a5dd310c768232f42f444b9459588d5d886d5e5c4d92a3f
imphash f066f73ad0d1aad479d617b8d63583a2
File size 19.7 MB ( 20611032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (45.2%)
Win32 EXE PECompact compressed (generic) (43.6%)
Win32 Executable (generic) (4.7%)
Win16/32 Executable Delphi generic (2.1%)
Generic Win/DOS Executable (2.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-09-24 20:30:16 UTC ( 2 years ago )
Last submission 2016-12-03 01:17:38 UTC ( 10 months, 2 weeks ago )
File names BCompare-4.1.1.20615.exe
BCUpdate.exe
739599
BCompareSetup.exe
BCUpdate.exe
BCUpdate.exe
BCompare-4.1.1.20615.exe
BCUpdate.exe
BCompare-4.1.1.20615.exe
BCUpdate.exe
filename
bitc394.tmp
BCUpdate.exe
be3404.tmpscan
BCompare-4.1.1.20615.exe
unconfirmed 662937.crdownload
BCompare-4.1.1.20615.exe
BCompare-4.1.1.20615.exe
e8f304.tmpscan
bitebee.tmp
704404.tmpscan
bcompare-4.1.1.20615.exe
HTTP-FyPKz21bglZlznLT4i.txt
bcupdate.exe
BCompare-4.1.1.20615.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs