× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 436a480459a5f38d4f07ebe195113d1b1698cdf5377015645ed710324a1900f7
File name: PowerShell-6.0.1-win-x64.msi
Detection ratio: 0 / 57
Analysis date: 2018-03-02 11:23:46 UTC ( 11 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180302
AegisLab 20180302
AhnLab-V3 20180302
Alibaba 20180302
ALYac 20180302
Arcabit 20180302
Avast 20180302
Avast-Mobile 20180302
AVG 20180302
Avira (no cloud) 20180301
AVware 20180302
Baidu 20180302
BitDefender 20180302
Bkav 20180302
CAT-QuickHeal 20180302
ClamAV 20180302
CMC 20180302
Comodo 20180302
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180302
Cyren 20180302
DrWeb 20180302
eGambit 20180302
Emsisoft 20180302
Endgame 20180301
ESET-NOD32 20180302
F-Prot 20180302
F-Secure 20180302
Fortinet 20180302
GData 20180302
Ikarus 20180302
Sophos ML 20180121
Jiangmin 20180302
K7AntiVirus 20180302
K7GW 20180302
Kaspersky 20180301
Kingsoft 20180302
Malwarebytes 20180302
MAX 20180302
McAfee 20180302
McAfee-GW-Edition 20180302
Microsoft 20180302
eScan 20180302
NANO-Antivirus 20180302
nProtect 20180302
Palo Alto Networks (Known Signatures) 20180302
Panda 20180302
Qihoo-360 20180302
Rising 20180302
SentinelOne (Static ML) 20180225
Sophos AV 20180302
SUPERAntiSpyware 20180302
Symantec 20180302
Symantec Mobile Insight 20180220
Tencent 20180302
TheHacker 20180301
TrendMicro-HouseCall 20180302
Trustlook 20180302
VBA32 20180301
VIPRE 20180302
ViRobot 20180302
Webroot 20180302
WhiteArmor 20180223
Yandex 20180302
Zillya 20180301
ZoneAlarm by Check Point 20180302
Zoner 20180302
The file being studied is a Windows Installer file! These types of files are software components used for the installation, maintenance, and removal of software on modern Microsoft Windows systems.
Authenticode signature block
Signature verification Signed file, verified signature
Signing date 9:56 PM 1/22/2018
Signers
[+] Microsoft Corporation
Status Valid
Valid from 9:20 PM 8/11/2017
Valid to 9:20 PM 8/11/2018
Valid usage Microsoft Publisher, Code Signing
Algorithm sha256RSA
Thumbrint 9ACA9419E53D3C9E56396DD2335FF683A8B0B8F3
Serial number 33 00 00 00 C4 E9 89 F8 7A 81 50 E9 FF 00 00 00 00 00 C4
[+] Microsoft Code Signing PCA 2011
Status Valid
Valid from 9:59 PM 7/8/2011
Valid to 10:09 PM 7/8/2026
Valid usage All
Algorithm sha256RSA
Thumbrint F252E794FE438E35ACE6E53762C0A234A2C52135
Serial number 61 0E 90 D2 00 00 00 00 00 03
[+] Microsoft Root Certificate Authority 2011
Status Valid
Valid from 11:05 PM 3/22/2011
Valid to 11:13 PM 3/22/2036
Valid usage All
Algorithm sha256RSA
Thumbrint 8F43288AD272F3103B6FB1428485EA3014C0BCFE
Serial number 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Valid from 12:00 AM 10/3/2017
Valid to 12:00 AM 1/3/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint FF162BEF155CB3D5B5962BBE084B21FC4D740001
Serial number 33 00 00 00 B6 8B 47 43 B2 CC AD 1F 04 00 00 00 00 00 B6
[+] Microsoft Time-Stamp PCA 2010
Status Valid
Valid from 10:36 PM 7/1/2010
Valid to 10:46 PM 7/1/2025
Valid usage All
Algorithm sha256RSA
Thumbrint 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Serial number 61 09 81 2A 00 00 00 00 00 02
[+] Microsoft Root Certificate Authority 2010
Status Valid
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbrint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
OLE structured storage summary
creation_datetime
2018-01-22 21:42:50
author
Microsoft Corporation
title
Installation Database
page_count
200
word_count
2
application_name
Windows Installer XML Toolset (3.11.0.1701)
last_saved
2018-01-22 21:42:50
revision_number
{E9824889-4F0F-425F-98FF-80B1DE64C1A2}
keywords
Installer
security
2
subject
PowerShell package
template
x64;1033
code_page
Latin I
comments
PowerShell for every system
OLE Streams
name
Root Entry
clsid
000c1084-0000-0000-c000-000000000046
type_literal
root
clsid_literal
on
sid
0
size
18240
type_literal
stream
size
9264
name
\x05DigitalSignature
sid
53
type_literal
stream
size
32
name
\x05MsiDigitalSignatureEx
sid
52
type_literal
stream
size
492
name
\x05SummaryInformation
sid
2
type_literal
stream
size
49726282
name
\u4126\u3865\u41be\u4164
sid
1
type_literal
stream
size
127271
name
\u4192\u4472\u3e7e\u46b2\u4568\u42dc\u43e8\u3baf\u423b\u433e\u44a6
sid
33
type_literal
stream
size
207360
name
\u430b\u4131\u4735\u403e\u46ec\u3a8c
sid
9
type_literal
stream
size
85894
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3aff\u44f0\u3aff\u4464\u4231\u4835
sid
11
type_literal
stream
size
461814
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3aff\u44f0\u3b7f\u412c\u44af\u482a
sid
12
type_literal
stream
size
318
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3aff\u44f0\u3dff\u46a8
sid
15
type_literal
stream
size
318
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3aff\u44f0\u3fbf\u4833
sid
16
type_literal
stream
size
3222
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3cbf\u44a6\u3bbf\u41bb\u412f\u4830
sid
13
type_literal
stream
size
3222
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u3cbf\u44a6\u3cbf\u4271\u4832
sid
14
type_literal
stream
size
107008
name
\u430b\u4131\u4735\u403e\u46ec\u3c9e\u4320\u41bb\u4824
sid
10
type_literal
stream
size
1520
name
\u4840\u3b3f\u43f2\u4438\u45b1
sid
49
type_literal
stream
size
204
name
\u4840\u3c9e\u421d\u45fb
sid
46
type_literal
stream
size
363225
name
\u4840\u3f3f\u4577\u446c\u3b6a\u45e4\u4824
sid
51
type_literal
stream
size
13032
name
\u4840\u3f3f\u4577\u446c\u3e6a\u44b2\u482f
sid
50
type_literal
stream
size
74
name
\u4840\u3f7f\u4164\u422f\u4836
sid
48
type_literal
stream
size
4608
name
\u4840\u3fff\u43e4\u41ec\u45e4\u44ac\u4831
sid
3
type_literal
stream
size
16
name
\u4840\u4115\u4478\u42e6\u448c\u41f1\u45ec\u44ac\u4831
sid
36
type_literal
stream
size
36
name
\u4840\u411b\u4327\u3af2\u45f8\u44b7\u4831
sid
40
type_literal
stream
size
4
name
\u4840\u4192\u4472
sid
32
type_literal
stream
size
48
name
\u4840\u41ca\u4330\u3bb1\u423b\u4626\u4237\u421c\u4634\u4468\u4226
sid
4
type_literal
stream
size
48
name
\u4840\u41ca\u4330\u3fb1\u3f12\u4528\u4238\u41b1\u4828
sid
5
type_literal
stream
size
48
name
\u4840\u41ca\u45f9\u46ce\u41a8\u45f8\u3f28\u4528\u4238\u41b1\u4828
sid
6
type_literal
stream
size
2356
name
\u4840\u420f\u45e4\u4578\u3b28\u4432\u44b3\u4231\u45f1\u4836
sid
30
type_literal
stream
size
16
name
\u4840\u420f\u45e4\u4578\u4828
sid
29
type_literal
stream
size
14
name
\u4840\u4216\u4327\u4824
sid
37
type_literal
stream
size
36
name
\u4840\u421b\u432a\u45f6\u4735
sid
41
type_literal
stream
size
10
name
\u4840\u421b\u44b0\u4239\u430f\u422f
sid
42
type_literal
stream
size
36
name
\u4840\u421d\u45fb\u45dc\u43fc\u4828
sid
45
type_literal
stream
size
12
name
\u4840\u42cc\u41a8\u3aee\u46f2
sid
17
type_literal
stream
size
32
name
\u4840\u42dc\u4572\u41b7\u45f8
sid
43
type_literal
stream
size
32
name
\u4840\u430b\u4131\u4735
sid
8
type_literal
stream
size
210
name
\u4840\u430d\u4235\u45e6\u4572\u483c
sid
25
type_literal
stream
size
506
name
\u4840\u430d\u43e4\u42b2
sid
24
type_literal
stream
size
11700
name
\u4840\u430f\u422f
sid
31
type_literal
stream
size
52
name
\u4840\u431c\u446a\u45e4\u4578\u4828
sid
44
type_literal
stream
size
8
name
\u4840\u444e\u4339\u44b5\u4431\u4468\u4837
sid
27
type_literal
stream
size
168
name
\u4840\u4452\u45f6\u43e4\u3baf\u423b\u4626\u4237\u421c\u4634\u4468\u4226
sid
34
type_literal
stream
size
108
name
\u4840\u4452\u45f6\u43e4\u3faf\u3f12\u4528\u4238\u41b1\u4828
sid
35
type_literal
stream
size
7068
name
\u4840\u448c\u44f0\u4472\u4468\u4837
sid
18
type_literal
stream
size
512
name
\u4840\u448c\u45f1\u44b5\u3b2f\u4472\u4327\u4337\u4472
sid
20
type_literal
stream
size
1560
name
\u4840\u448c\u45f1\u44b5\u3baf\u4239\u45f1
sid
21
type_literal
stream
size
5798
name
\u4840\u448c\u45f1\u44b5\u482f
sid
19
type_literal
stream
size
8
name
\u4840\u44ca\u3f33\u4128\u41b5\u482b
sid
7
type_literal
stream
size
32
name
\u4840\u44de\u456a\u41e4\u4828
sid
47
type_literal
stream
size
4
name
\u4840\u454c\u4128\u4237\u448f\u41ef\u4568
sid
22
type_literal
stream
size
32
name
\u4840\u454d\u4495\u4126\u44b7\u4835
sid
26
type_literal
stream
size
72
name
\u4840\u4559\u44f2\u4568\u4737
sid
39
type_literal
stream
size
1440
name
\u4840\u4596\u3bec\u43ec\u3c68\u45a4\u482b
sid
38
type_literal
stream
size
36
name
\u4840\u460c\u45f6\u4432\u418a\u4337\u4472
sid
23
type_literal
stream
size
40
name
\u4840\u464e\u4468\u3db7\u44e4\u4333\u42b1
sid
28
ExifTool file metadata
MIMEType
image/vnd.fpx

ModifyDate
2018:01:22 20:42:50

Words
2

Author
Microsoft Corporation

FileType
FPX

Title
Installation Database

Comments
PowerShell for every system

Pages
200

FileTypeExtension
fpx

Template
x64;1033

Keywords
Installer

CreateDate
2018:01:22 20:42:50

Security
Read-only recommended

Subject
PowerShell package

CodePage
Windows Latin 1 (Western European)

RevisionNumber
{E9824889-4F0F-425F-98FF-80B1DE64C1A2}

Software
Windows Installer XML Toolset (3.11.0.1701)

File identification
MD5 5ff45cc08fb0140bd39cb5ff17afe3b4
SHA1 fdc72f7a255fb4da79830db64b1fd696064fb881
SHA256 436a480459a5f38d4f07ebe195113d1b1698cdf5377015645ed710324a1900f7
ssdeep
1572864:b5F6o0LX//ZB7O+5o4Py6gaNogyCFzme:r6o07//ZR5oey2NUC

File size 48.9 MB ( 51249152 bytes )
File type Windows Installer
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: PowerShell package, Author: Microsoft Corporation, Keywords: Installer, Comments: PowerShell for every system, Template: x64

TrID Microsoft Windows Installer (89.6%)
Windows Installer Patch (8.7%)
Generic OLE2 / Multistream Compound File (1.5%)
Tags
msi signed

VirusTotal metadata
First submission 2018-01-25 22:03:15 UTC ( 1 year ago )
Last submission 2018-03-02 11:23:46 UTC ( 11 months, 3 weeks ago )
File names PowerShell-6.0.1-win-x64.msi
ffff0fb.msi
c27a87b.msi
2964be.msi
208f268.msi
PowerShell-6.0.1-win-x64.msi
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!