× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34ac2e56b46f1c07b3899abfdb8dacf19cd094d4a7fe4fc8b3b84394dfbce370
File name: filenodeexe
Detection ratio: 0 / 56
Analysis date: 2016-06-22 12:55:23 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20160622
AegisLab 20160622
AhnLab-V3 20160622
Alibaba 20160622
ALYac 20160622
Antiy-AVL 20160622
Arcabit 20160622
Avast 20160622
AVG 20160622
Avira (no cloud) 20160622
AVware 20160622
Baidu 20160622
Baidu-International 20160614
BitDefender 20160622
Bkav 20160622
CAT-QuickHeal 20160622
ClamAV 20160622
CMC 20160620
Comodo 20160622
Cyren 20160622
DrWeb 20160622
Emsisoft 20160622
ESET-NOD32 20160622
F-Prot 20160622
F-Secure 20160622
Fortinet 20160622
GData 20160622
Ikarus 20160622
Jiangmin 20160622
K7AntiVirus 20160622
K7GW 20160622
Kaspersky 20160622
Kingsoft 20160622
Malwarebytes 20160622
McAfee 20160622
McAfee-GW-Edition 20160622
Microsoft 20160622
eScan 20160622
NANO-Antivirus 20160622
nProtect 20160622
Panda 20160621
Qihoo-360 20160622
Sophos AV 20160622
SUPERAntiSpyware 20160622
Symantec 20160622
Tencent 20160622
TheHacker 20160621
TotalDefense 20160622
TrendMicro 20160622
TrendMicro-HouseCall 20160622
VBA32 20160621
VIPRE 20160622
ViRobot 20160622
Yandex 20160621
Zillya 20160622
Zoner 20160622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright Joyent, Inc. and other Node contributors. MIT license.

Product Node.js
Original name node.exe
Internal name node
File version 0.6.3
Description Evented I/O for V8 JavaScript
Signature verification Signed file, verified signature
Signing date 1:56 PM 6/22/2016
Signers
[+] Joyent Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 1:55 AM 8/4/2011
Valid to 9:35 PM 10/30/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 67A6904FEFF9353D9C70FD79BDABF485DFABB5C6
Serial number 11 21 D0 0C 56 38 BF 8C EE D2 34 8C EA 51 70 65 BF B2
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-25 10:44:49
Entry Point 0x002963B0
Number of sections 5
PE sections
Overlays
MD5 c87c351c156b3984c5f865f57ce2e811
File type data
Offset 5027840
Size 2920
Entropy 7.39
PE imports
ReportEventA
RegCloseKey
DeregisterEventSource
RegQueryValueExA
RegisterEventSourceA
RegOpenKeyExA
RegEnumKeyExA
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
EncodePointer
SetFileTime
SetConsoleCursorPosition
GetFileAttributesW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
SetFilePointer
OpenFileMappingA
SetErrorMode
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
ResumeThread
GetFullPathNameA
FreeLibrary
LocalFree
ConnectNamedPipe
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
QueueUserWorkItem
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
IsBadWritePtr
PeekNamedPipe
DeviceIoControl
ReadConsoleInputA
GetModuleFileNameW
TryEnterCriticalSection
GetNumberOfConsoleInputEvents
ExitProcess
ReadConsoleInputW
GetVersionExA
GetModuleFileNameA
LoadLibraryA
RaiseException
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
MoveFileW
CreateMutexA
RegisterWaitForSingleObject
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
SetEnvironmentVariableW
SetNamedPipeHandleState
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemInfo
ExitThread
SetHandleInformation
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
OpenThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
WriteConsoleInputW
Process32Next
CreateRemoteThread
SystemTimeToFileTime
DecodePointer
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetProcessHeap
CompareStringW
WaitNamedPipeW
RemoveDirectoryW
GetFileInformationByHandle
UnmapViewOfFile
FindNextFileW
CreateDirectoryW
CreateHardLinkW
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
GlobalMemoryStatus
DuplicateHandle
ExpandEnvironmentStringsA
GetCurrentDirectoryW
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
GetShortPathNameW
HeapCreate
CreateNamedPipeW
GetConsoleCP
UnregisterWaitEx
GetEnvironmentStringsW
CreateNamedPipeA
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
UnregisterWait
GetCurrentProcessId
CreateIoCompletionPort
GetConsoleTitleW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
SetConsoleTitleW
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileExA
CloseHandle
Process32First
GetACP
GetModuleHandleW
GetVersion
FileTimeToLocalFileTime
IsValidCodePage
SetConsoleMode
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
GetProcessMemoryInfo
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
timeGetTime
getaddrinfo
htonl
shutdown
WSARecvFrom
WSARecv
accept
WSACreateEvent
WSAStartup
freeaddrinfo
WSASend
getsockname
WSADuplicateSocketW
htons
getpeername
WSAGetLastError
gethostname
getsockopt
FreeAddrInfoW
closesocket
WSACloseEvent
ntohl
inet_addr
send
ntohs
listen
__WSAFDIsSet
connect
WSAEventSelect
WSASetLastError
ioctlsocket
recv
WSAIoctl
GetAddrInfoW
setsockopt
socket
bind
WSASendTo
recvfrom
WSAEnumNetworkEvents
WSASocketW
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.6.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2154496

EntryPoint
0x2963b0

OriginalFileName
node.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Joyent, Inc. and other Node contributors. MIT license.

FileVersion
0.6.3

TimeStamp
2011:11:25 11:44:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
node

ProductVersion
0.6.3

FileDescription
Evented I/O for V8 JavaScript

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Joyent, Inc

CodeSize
2872320

ProductName
Node.js

ProductVersionNumber
0.6.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d24b32d1ba41e8acefd47e4e69224469
SHA1 a0e44b11be2b69ef4d3820d0f2e8cc3b54222c42
SHA256 34ac2e56b46f1c07b3899abfdb8dacf19cd094d4a7fe4fc8b3b84394dfbce370
ssdeep
49152:Lq9OneUDymNwDkoLO9rSGfKQwgIP9v/ERpsVWvZSUa/Ty9coEuxPMKpkFVqu5:LX3ymNKklrSGfZHIPJNVWvZCV

authentihash 85e3f5926f3bd10dc83c43c7fd4a0ffbc13b66405bfd00da683f4a12044d85de
imphash b0ba7df1d241c40e9eb639514e72f8e0
File size 4.8 MB ( 5030760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (73.3%)
Win32 Dynamic Link Library (generic) (11.6%)
Win32 Executable (generic) (7.9%)
Generic Win/DOS Executable (3.5%)
DOS Executable Generic (3.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-02-10 07:08:11 UTC ( 5 years ago )
Last submission 2016-06-22 12:55:23 UTC ( 2 years, 8 months ago )
File names node
filenodeexe
node.exe
node.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!