× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c2ec8f9be6b7b19a9f3b4beda175226be7352527a386a0ac4a93c6e0c3a74e9
File name: ELEVAT64.EXE
Detection ratio: 0 / 61
Analysis date: 2017-05-25 23:18:08 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware 20170525
AegisLab 20170525
AhnLab-V3 20170525
Alibaba 20170525
ALYac 20170525
Antiy-AVL 20170525
Arcabit 20170525
Avast 20170525
AVG 20170525
Avira (no cloud) 20170525
AVware 20170525
BitDefender 20170525
Bkav 20170525
CAT-QuickHeal 20170525
ClamAV 20170525
CMC 20170525
Comodo 20170525
CrowdStrike Falcon (ML) 20170420
Cyren 20170525
DrWeb 20170525
Emsisoft 20170525
Endgame 20170515
ESET-NOD32 20170525
F-Prot 20170525
F-Secure 20170525
Fortinet 20170525
GData 20170525
Ikarus 20170525
Sophos ML 20170519
Jiangmin 20170525
K7AntiVirus 20170525
K7GW 20170525
Kaspersky 20170525
Kingsoft 20170525
Malwarebytes 20170525
McAfee 20170525
McAfee-GW-Edition 20170525
Microsoft 20170525
eScan 20170525
NANO-Antivirus 20170525
nProtect 20170525
Palo Alto Networks (Known Signatures) 20170525
Panda 20170525
Qihoo-360 20170525
Rising 20170525
SentinelOne (Static ML) 20170516
Sophos AV 20170525
SUPERAntiSpyware 20170525
Symantec 20170525
Symantec Mobile Insight 20170525
Tencent 20170525
TheHacker 20170525
TotalDefense 20170525
TrendMicro 20170525
TrendMicro-HouseCall 20170525
Trustlook 20170525
VBA32 20170525
VIPRE 20170525
ViRobot 20170525
Webroot 20170525
WhiteArmor 20170524
Yandex 20170518
Zillya 20170525
ZoneAlarm by Check Point 20170525
Zoner 20170525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
Copyright (C) 2007

Product Elevate Application
Original name Elevate.exe
Internal name Elevate
File version 1, 0, 0, 2894
Description Elevate
Comments Tool for elevating applications on the command line
PE header basic information
Target machine x64
Compilation timestamp 2016-01-05 11:19:28
Entry Point 0x00001E38
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleHandleW
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
RtlVirtualUnwind
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetProcAddress
GetProcessHeap
SetStdHandle
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
RtlUnwindEx
HeapAlloc
TerminateProcess
GetConsoleCP
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
TlsGetValue
Sleep
WriteConsoleW
TlsSetValue
ExitProcess
GetCurrentThreadId
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
ShellExecuteExW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
Tool for elevating applications on the command line

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2894

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
Elevate

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x1e38

OriginalFileName
Elevate.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007

FileVersion
1, 0, 0, 2894

TimeStamp
2016:01:05 12:19:28+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Elevate

ProductVersion
1, 0, 0, 2894

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Johannes Passing

CodeSize
51712

ProductName
Elevate Application

ProductVersionNumber
1.0.0.2894

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 5c5510128984ab47667ea5ce2a92d1ee
SHA1 4651804448b04aa53790ffe82ead2482ba0834f0
SHA256 2c2ec8f9be6b7b19a9f3b4beda175226be7352527a386a0ac4a93c6e0c3a74e9
ssdeep
1536:pma3ZVz4d1+fKToKpQ/SL0AFm/oGC42cRxOSqC4PvgA7dSK3Q8bgksW4d+/zeYl1:PZVMd1ZTPpQ/+0AFmHh2cRj4PlbMGzem

authentihash 6c44250b0760cfd07aaa3dc56d32e6016d32f86d2277fac129b37ae85b655db3
imphash 4860a3abb963fd797725d50bd0929249
File size 90.0 KB ( 92160 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-01-20 13:01:32 UTC ( 2 years, 4 months ago )
Last submission 2018-05-16 10:38:50 UTC ( 1 week, 3 days ago )
File names Elevate.exe
elevate64.exe
Elevate.exe
Elevate.exe
elevate.exe
Elevate1.exe
Elevate
Elevate.exe
ELEVAT64.EXE
Elevate - копия.exe
elevate.exe
Elevate.exe
Elevate-x64.exe
Elevate.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!