× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 554beef1b969b4dec2fd5041d442bc1142c550e02d38c1fd9b3d552bad1f9e99
File name: ultradefrag-7.0.1.bin.amd64.exe
Detection ratio: 3 / 56
Analysis date: 2016-04-02 06:45:58 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Antiy-AVL VCS[Warning]/JS.Agent.1 20160402
Baidu Win32.Virus.Lamer.g 20160402
McAfee-GW-Edition BehavesLike.Win32.Tool.vc 20160402
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160401
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160401
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160401
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2007-2013 UltraDefrag Development Team

Product Ultra Defragmenter
File version 7.0.1
Description Ultra Defragmenter Setup
Packers identified
F-PROT UPX, NSIS, appended, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0004E620
Number of sections 3
PE sections
Overlays
MD5 3925e911fb7c8d6d04e1afdfad9c98eb
File type data
Offset 80896
Size 2343525
Entropy 8.00
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_ICON 11
RT_DIALOG 7
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
299008

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
7.0.1.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Ultra Defragmenter Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
61440

EntryPoint
0x4e620

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.1

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2007-2013 UltraDefrag Development Team

MachineType
Intel 386 or later, and compatibles

CompanyName
UltraDefrag Development Team

CodeSize
20480

ProductName
Ultra Defragmenter

ProductVersionNumber
7.0.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 c48c6db106ad0bb5692d0e2b346f3d8c
SHA1 aacda9b172e39119fd5a3b1dbf5437788bbf1516
SHA256 554beef1b969b4dec2fd5041d442bc1142c550e02d38c1fd9b3d552bad1f9e99
ssdeep
49152:FRLGQ1hwxqpwlVgrKRtCuSh5fm418apGzBDdE100TVRqQKLokhIQV:FdRWE9rchS7ft8GIVdEy0TXxkuY

authentihash 692912324c328318285017724e9b7c81c87cfc3bf411742086c0b64a4df0159d
imphash 2134f794bcda54794e74b7208adb2204
File size 2.3 MB ( 2424421 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2016-03-26 12:50:44 UTC ( 3 years, 1 month ago )
Last submission 2019-02-25 09:01:15 UTC ( 2 months, 3 weeks ago )
File names UltraDefrag+7.0.1 AMD64.exe
ultradefrag-7.0.1.bin.amd6420170702-15470-59jg9i.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
56f83718c9c465.91583020
ultradefrag-7.0.1.bin.amd64.exe
UltraDefrag_7.0.1_amd64.exe
f387c8ce603851aa801250aa0fd7c9e3721f0616eeb73549402c21fd2e4e2bda085a9c8137d7da0b2bb8181218df51b7a23571313cf071c10f3645c9bd455c0e
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
UltraDefrag-x64_7.0.1.exe
554BEEF1B969B4DEC2FD5041D442BC1142C550E02D38C1FD9B3D552BAD1F9E99
ultradefrag-7.0.1.bin.amd64.exe
UltraDefrag x64_7.0.1.exe
ultradefrag-7.0.1.bin.amd64 (1).exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
554BEEF1B969B4DEC2FD5041D442BC1142C550E02D38C1FD9B3D552BAD1F9E99.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
ultradefrag-7.0.1.bin.amd64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications