× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 467b5a10c369865f2021d379fc0933cb382146b702bbca4bcb703fc86f4322bb
File name: VB6.0-KB290887-X86.exe
Detection ratio: 0 / 70
Analysis date: 2019-01-19 12:28:01 UTC ( 4 months ago ) View latest
Antivirus Result Update
Acronis 20190119
Ad-Aware 20190119
AegisLab 20190119
AhnLab-V3 20190119
Alibaba 20180921
ALYac 20190119
Antiy-AVL 20190119
Arcabit 20190119
Avast 20190119
Avast-Mobile 20190118
AVG 20190119
Avira (no cloud) 20190119
Babable 20180918
Baidu 20190118
BitDefender 20190119
Bkav 20190119
CAT-QuickHeal 20190118
ClamAV 20190119
CMC 20190119
Comodo 20190119
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190119
Cyren 20190119
DrWeb 20190119
eGambit 20190119
Emsisoft 20190119
Endgame 20181108
ESET-NOD32 20190119
F-Prot 20190119
F-Secure 20190119
Fortinet 20190119
GData 20190119
Ikarus 20190119
Sophos ML 20181128
Jiangmin 20190119
K7AntiVirus 20190119
K7GW 20190119
Kaspersky 20190119
Kingsoft 20190119
Malwarebytes 20190119
MAX 20190119
McAfee 20190119
McAfee-GW-Edition 20190119
Microsoft 20190119
eScan 20190119
NANO-Antivirus 20190119
Palo Alto Networks (Known Signatures) 20190119
Panda 20190119
Qihoo-360 20190119
Rising 20190119
SentinelOne (Static ML) 20190118
Sophos AV 20190119
SUPERAntiSpyware 20190116
Symantec 20190118
TACHYON 20190119
Tencent 20190119
TheHacker 20190118
Trapmine 20190103
TrendMicro 20190119
TrendMicro-HouseCall 20190119
Trustlook 20190119
VBA32 20190118
VIPRE 20190118
ViRobot 20190118
Webroot 20190119
Yandex 20190118
Zillya 20190118
ZoneAlarm by Check Point 20190119
Zoner 20190119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WEXTRACT.EXE
Internal name Wextract
File version 6.00.3790.0 (srv03_rtm.030324-2048)
Description Win32 Cabinet Self-Extractor
Signature verification Signed file, verified signature
Signing date 1:01 AM 3/18/2004
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Microsoft Code Signing PCA
Valid from 05:59 AM 10/25/2003
Valid to 06:09 AM 01/25/2005
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 2A1049B2557DE78CF6592BF68504E23C91ADBF8C
Serial number 61 0E 7D A7 00 00 00 00 00 48
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 08:00 AM 12/10/2000
Valid to 08:00 AM 11/12/2005
Valid usage Code Signing
Algorithm md5RSA
Thumbprint CB22765346A5D0708D1583389BE264383F7F6EB8
Serial number 6A 0B 99 4F C0 00 DE AA 11 D4 D8 40 9A A8 BE E6
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] VeriSign Time Stamping Services Signer
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2008
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-03-25 07:08:18
Entry Point 0x00005D3C
Number of sections 3
PE sections
Overlays
MD5 db2ca9a3fe0940ab23bc17d5f9d7e47e
File type data
Offset 1057792
Size 6944
Entropy 7.36
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetLastError
IsDBCSLeadByte
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LockResource
GetExitCodeProcess
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
RemoveDirectoryA
GlobalAlloc
GetModuleFileNameA
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
_llseek
GetCommandLineA
GlobalLock
EnumResourceLanguagesA
TerminateThread
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
LoadLibraryA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
_lopen
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
TerminateProcess
CreateProcessA
LoadResource
WriteFile
CreateEventA
LocalFileTimeToFileTime
FindClose
FormatMessageA
GetTickCount
CreateFileA
GetDriveTypeA
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
LoadStringA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 11
RT_DIALOG 6
RT_STRING 6
RT_ICON 2
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
5.2

FileSubtype
0

FileVersionNumber
6.0.3790.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Win32 Cabinet Self-Extractor

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
1019904

EntryPoint
0x5d3c

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.00.3790.0 (srv03_rtm.030324-2048)

TimeStamp
2003:03:25 08:08:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
6.00.3790.0

SubsystemVersion
4.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
36864

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.3790.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 ef5b83c4cc60e246bf627d85f6d7397b
SHA1 73ef177008005675134d2f02c6f580515ab0d842
SHA256 467b5a10c369865f2021d379fc0933cb382146b702bbca4bcb703fc86f4322bb
ssdeep
24576:tCl5qpdGrHgNrtjcMAr5REbk2aqrX+t+d3dlXNWArHfXP:tClIk8hk4ut2lXNWAbff

authentihash 5bf85580148a276082dfb49dd39e17747e4f892e45e127c5fc5d9b8ba64cf3f4
imphash c63ba316533609531fac22f3877f847b
File size 1.0 MB ( 1064736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (48.0%)
Win32 MS Cabinet Self-Extractor (WExtract stub) (41.5%)
Win32 Executable MS Visual C++ (generic) (4.2%)
Win64 Executable (generic) (3.7%)
Win32 Dynamic Link Library (generic) (0.9%)
Tags
peexe overlay signed via-tor software-collection

VirusTotal metadata
First submission 2007-11-03 00:49:09 UTC ( 11 years, 6 months ago )
Last submission 2019-05-14 11:58:39 UTC ( 1 week, 4 days ago )
File names visual-basic-sp6-2502-jetelecharge.exe
258815
ef5b83c4cc60e246bf627d85f6d7397b73ef177008005675134d2f02c6f580515ab0d8421064736.exe
Visual Basic 6.0 Runtime Module.exe
Microsoft Visual Visual Basic 6.0 Runtime Library x86.exe
VB6-KB290887-X86.EXE
opxro4aiablhke2nf4bmn5makfnlbwcc.exe
visual-basic-sp6-2502-jetelecharge.exe
visual-basic-6-0-vb6-runtime_visual_basic_6.0_vb6_runtime_sp6_francais_10434.exe
VBRun60sp6.exe
EF5B83C4CC60E246BF627D85F6D7397B
VB6.0-KB290887-X86[1].exe
file-3045068_exe
834.tmp
MS VB6.0-KB290887-X86.exe
file
vb6.0-.exe
VB6.0-KB290887-X86.exe
vbrun60sp6.exe
filename
VB6.0-KB290887-X86 (1).exe
visual-basic-6-0 vb6 runtime visual_basic_6.0 fr 10434.exe
ef5b83c4cc60e246bf627d85f6d7397b
VB6.0-KB290887-X32.exe
vb6.0-kb290887-x86.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!