× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49e0ba14923da608abcae04a9a56b0689fe6f5ac6bdf0439a46ce35990ac53ee
File name: SDelete
Detection ratio: 0 / 66
Analysis date: 2018-10-15 12:26:36 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20181015
AegisLab 20181015
AhnLab-V3 20181015
Alibaba 20180921
ALYac 20181015
Antiy-AVL 20181015
Arcabit 20181015
Avast 20181015
Avast-Mobile 20181015
AVG 20181015
Avira (no cloud) 20181015
Babable 20180918
Baidu 20181015
BitDefender 20181015
Bkav 20181014
CAT-QuickHeal 20181013
ClamAV 20181015
CMC 20181015
Comodo 20181015
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181015
Cyren 20181015
DrWeb 20181015
eGambit 20181015
Emsisoft 20181015
Endgame 20180730
ESET-NOD32 20181015
F-Prot 20181015
F-Secure 20181015
Fortinet 20181015
GData 20181015
Ikarus 20181015
Sophos ML 20180717
Jiangmin 20181015
K7AntiVirus 20181015
K7GW 20181015
Kaspersky 20181015
Kingsoft 20181015
Malwarebytes 20181015
MAX 20181015
McAfee 20181015
McAfee-GW-Edition 20181015
Microsoft 20181015
eScan 20181015
NANO-Antivirus 20181015
Palo Alto Networks (Known Signatures) 20181015
Panda 20181014
Qihoo-360 20181015
Rising 20181015
SentinelOne (Static ML) 20181011
Sophos AV 20181015
SUPERAntiSpyware 20181015
Symantec 20181015
Symantec Mobile Insight 20181001
TACHYON 20181015
Tencent 20181015
TheHacker 20181011
TrendMicro 20181015
TrendMicro-HouseCall 20181015
Trustlook 20181015
VBA32 20181015
ViRobot 20181015
Webroot 20181015
Yandex 20181012
Zillya 20181012
ZoneAlarm by Check Point 20181015
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1999-2016 Mark Russinovich

Product Sysinternals Sdelete
Original name sdelete.exe
Internal name SDelete
File version 2.0
Description Secure file delete
Signature verification Signed file, verified signature
Signing date 8:11 PM 5/28/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 6:42 PM 6/4/2015
Valid to 6:42 PM 9/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:21 PM 3/30/2016
Valid to 8:21 PM 6/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint C7C18D5C43BDA45B2E58186F2717CD1B2001FCAA
Serial number 33 00 00 00 9B E0 74 37 CB 3D 4D 8D 2E 00 00 00 00 00 9B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-28 19:11:12
Entry Point 0x0000693F
Number of sections 4
PE sections
Overlays
MD5 e8349c178036bbd40cc96f0949dd6d27
File type data
Offset 135168
Size 16032
Entropy 7.43
PE imports
RegCloseKey
RegSetValueExW
CryptGenRandom
RegCreateKeyW
CryptAcquireContextW
RegOpenKeyW
RegQueryValueExW
PrintDlgW
GetDeviceCaps
EndPage
EndDoc
StartPage
StartDocW
SetMapMode
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
DeviceIoControl
ReadConsoleInputA
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetFullPathNameW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
SetConsoleMode
VirtualFree
Sleep
VirtualAlloc
SendMessageW
InflateRect
EndDialog
SetWindowTextW
GetSysColorBrush
DialogBoxIndirectParamW
LoadCursorW
GetDlgItem
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Secure file delete

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
67072

EntryPoint
0x693f

OriginalFileName
sdelete.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1999-2016 Mark Russinovich

FileVersion
2.0

TimeStamp
2016:05:28 20:11:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SDelete

ProductVersion
2.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
75264

ProductName
Sysinternals Sdelete

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 c74673589d5dd38b6443da6054b8dd7a
SHA1 ab48396a0a91af3a6d2dd3c71ae635f8d694e420
SHA256 49e0ba14923da608abcae04a9a56b0689fe6f5ac6bdf0439a46ce35990ac53ee
ssdeep
3072:wWk2IFB/Yokn3uTVZUF7DAXxtiB1rAE0s:wjdhk3u87PEs

authentihash 4c06e1d09f960a71366ba1d74ca5b565b3ca819e7096df06adaa806cdef49e27
imphash 5e7462da27166d003bc079955dfed93d
File size 147.7 KB ( 151200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe via-tor signed overlay

VirusTotal metadata
First submission 2016-06-30 17:47:16 UTC ( 2 years, 8 months ago )
Last submission 2018-05-09 04:49:46 UTC ( 10 months, 3 weeks ago )
File names sdelete.exe
sdelete.exe
sdelete.exe
tmp2556.tmp
sdelete.exe
tmpa5b3.tmp
36533a5b81d3d52f!155-36533a5b81d3d52f!9309-36533a5b81d3d52f!30794-ab48396a0a91af3a6d2dd3c71ae635f8.temp
sdelete.exe
sdelete.exe
D__C1_SysinternalsSuite_sdelete.exe
49E0BA14923DA608ABCAE04A9A56B0689FE6F5AC6BDF0439A46CE35990AC53EE
sdelete.exe
sdelete.exeod
sdelete.exe
sdelete.exe
sdelete.exe
pura.exe
sdelete.exe
sdelete.exe
SDelete.exe
SDelete
sdelete.exe
sdelete.exe
filedata
sdelete.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications