× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51985a57e085d8b17042f0cdc1f905380b792854733eb3275fd8fce4e3bb886b
File name: Juscheckr.exe
Detection ratio: 0 / 64
Analysis date: 2017-08-02 23:13:22 UTC ( 1 year, 6 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170802
AVG 20170802
AVware 20170802
Ad-Aware 20170802
AegisLab 20170802
AhnLab-V3 20170802
Antiy-AVL 20170802
Arcabit 20170802
Avast 20170802
Avira (no cloud) 20170802
Baidu 20170728
BitDefender 20170802
Bkav 20170802
CAT-QuickHeal 20170802
CMC 20170802
ClamAV 20170802
Comodo 20170802
CrowdStrike Falcon (ML) 20170710
Cylance 20170803
Cyren 20170802
DrWeb 20170802
ESET-NOD32 20170802
Emsisoft 20170802
Endgame 20170721
F-Prot 20170802
F-Secure 20170802
Fortinet 20170802
GData 20170802
Ikarus 20170802
Sophos ML 20170607
Jiangmin 20170802
K7AntiVirus 20170802
K7GW 20170802
Kaspersky 20170802
Kingsoft 20170803
MAX 20170802
Malwarebytes 20170802
McAfee 20170802
McAfee-GW-Edition 20170802
eScan 20170802
Microsoft 20170802
NANO-Antivirus 20170802
Palo Alto Networks (Known Signatures) 20170803
Panda 20170802
Qihoo-360 20170803
Rising 20170802
SUPERAntiSpyware 20170803
SentinelOne (Static ML) 20170718
Sophos AV 20170802
Symantec 20170802
Tencent 20170803
TheHacker 20170801
TrendMicro 20170802
TrendMicro-HouseCall 20170802
VBA32 20170801
VIPRE 20170802
ViRobot 20170802
Webroot 20170803
WhiteArmor 20170731
Yandex 20170801
Zillya 20170802
ZoneAlarm by Check Point 20170802
Zoner 20170802
nProtect 20170802
Alibaba 20170802
Symantec Mobile Insight 20170802
Trustlook 20170803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name MSBuild.exe
Internal name MSBuild.exe
File version 3.5.30729.4926 built by: NetFXw7
Description MSBuild.exe
Comments Flavor=Retail
Signature verification Signed file, verified signature
Signing date 4:56 AM 5/23/2009
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Code Signing PCA
Valid from 09:24 PM 10/22/2008
Valid to 09:34 PM 01/22/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9E95C625D81B2BA9C72FD70275C3699613AF61E3
Serial number 61 06 27 81 00 00 00 00 00 08
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 10:31 PM 08/22/2007
Valid to 07:00 AM 08/25/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Timestamping PCA
Valid from 07:02 PM 07/25/2008
Valid to 07:12 PM 07/25/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37
Serial number 61 06 94 2D 00 00 00 00 00 09
[+] Microsoft Timestamping PCA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 01:04 AM 09/16/2006
Valid to 07:00 AM 09/15/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-23 00:46:25
Entry Point 0x000106BE
Number of sections 3
.NET details
Module Version ID 096504cc-b0b6-4bcf-96bd-5e60b870c10f
PE sections
Overlays
MD5 55eb5d4c5c73ba41b1ec2c417230e85d
File type data
Offset 81920
Size 5968
Entropy 7.39
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Flavor=Retail

InitializedDataSize
16384

ImageVersion
0.0

ProductName
Microsoft .NET Framework

FileVersionNumber
3.5.30729.4926

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
DDBLD145

FileTypeExtension
exe

OriginalFileName
MSBuild.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
3.5.30729.4926 built by: NetFXw7

TimeStamp
2009:05:23 01:46:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSBuild.exe

ProductVersion
3.5.30729.4926

FileDescription
MSBuild.exe

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
61440

FileSubtype
0

ProductVersionNumber
3.5.30729.4926

EntryPoint
0x106be

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 2e5f1cf69f92392f8829fc9c9263ae9b
SHA1 97b9ca766bbbdaa8c9ec960dc41b598f7fad82a5
SHA256 51985a57e085d8b17042f0cdc1f905380b792854733eb3275fd8fce4e3bb886b
ssdeep
1536:K96ZJwk1oO+huJs4HN0Auo7G+DKSOawsqVO3GGBq5:BMFCHV1G+DKSOawsGuBq5

authentihash cd4988e8fc64dae471594e2b299a3e57112bc02f0b86c81b6b47ffb1c6250b73
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 85.8 KB ( 87888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe assembly signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msbuild.exe as its name.
VirusTotal metadata
First submission 2010-08-21 14:08:42 UTC ( 8 years, 6 months ago )
Last submission 2019-02-08 11:49:40 UTC ( 1 week, 1 day ago )
File names svhost.exe
46c3e764-fabd-4b8d-8905-ea1cde260999.tmp
47eefb16.01d1ece3a64f6a15
sjhost.exe
saasmon.exe
f2f5d704f8d6a75741f8f78d3043ded6f420fcbb.exe
MSBuild.exe
systemutils.exe
chrome.exe
winsys.exe
notepadd.exe
runhost.exe
sswma.exe
54d98b5d-bc86-4a7a-a862-87e43072348c.tmp
6ec57c0d-28fd-472e-bfbc-055e90e692da.tmp
c1a0684b-e451-4ab8-abaf-46aabbf5d8e2.tmp
winex.exe
wavset.exe
explorer.exe
cvhost.exe
taskmgr.exe
msbuild(1200).exe
svhost.exe
newetn.exe
svhost.exee
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!