× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 559eafe456e5d29b19cd3a9d6be7c77f3f576a484434bd5b2aa5b6188aaa00b2
File name: IE11-Windows6.1-x64-en-us.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-28 22:03:49 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160328
AegisLab 20160328
Yandex 20160316
AhnLab-V3 20160328
Alibaba 20160323
ALYac 20160328
Antiy-AVL 20160328
Arcabit 20160328
Avast 20160328
AVG 20160328
Avira (no cloud) 20160328
AVware 20160328
Baidu 20160328
Baidu-International 20160328
BitDefender 20160328
Bkav 20160328
ByteHero 20160328
CAT-QuickHeal 20160328
ClamAV 20160328
CMC 20160322
Comodo 20160328
Cyren 20160328
DrWeb 20160328
Emsisoft 20160328
ESET-NOD32 20160328
F-Prot 20160328
F-Secure 20160328
Fortinet 20160328
GData 20160328
Ikarus 20160328
Jiangmin 20160328
K7AntiVirus 20160328
K7GW 20160323
Kaspersky 20160328
Kingsoft 20160328
Malwarebytes 20160328
McAfee 20160328
McAfee-GW-Edition 20160328
Microsoft 20160328
eScan 20160328
NANO-Antivirus 20160328
nProtect 20160328
Panda 20160328
Qihoo-360 20160328
Rising 20160328
Sophos AV 20160328
SUPERAntiSpyware 20160328
Symantec 20160328
Tencent 20160328
TheHacker 20160328
TrendMicro 20160328
TrendMicro-HouseCall 20160328
VBA32 20160326
VIPRE 20160328
ViRobot 20160328
Zillya 20160328
Zoner 20160328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name iesetup.exe
Internal name iesetup
File version 11.00.9600.16428 (winblue_gdr.131013-1700)
Description Internet Explorer 11 Setup utility
Signature verification Signed file, verified signature
Signing date 3:32 AM 10/15/2013
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 10:33 PM 01/24/2013
Valid to 10:33 PM 04/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 09:12 PM 09/04/2012
Valid to 09:12 PM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 2F497C556F94E32731CF86ADD8629C9867C35A24
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-14 06:13:44
Entry Point 0x0001B243
Number of sections 5
PE sections
Overlays
MD5 68bb695e0b3c909b4103d678cf531a1a
File type data
Offset 55899648
Size 15568
Entropy 7.39
PE imports
RegCreateKeyExW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
RegNotifyChangeKeyValue
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
OpenSCManagerW
RegEnumValueW
RegOpenKeyExW
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatusEx
RegDeleteKeyW
RegQueryValueExW
Ord(336)
InitCommonControlsEx
Ord(328)
Ord(334)
Ord(339)
Ord(332)
Ord(386)
CertVerifyCertificateChainPolicy
GetDeviceCaps
SetTextColor
GetObjectW
CreateFontIndirectW
WaitForSingleObject
EnumUILanguagesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
EnumResourceLanguagesW
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
SetEvent
LocalFree
FormatMessageW
IsWow64Process
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
GetUserDefaultUILanguage
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
RemoveDirectoryW
UnhandledExceptionFilter
LoadLibraryExW
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
TerminateProcess
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
lstrcmpiA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetTempFileNameW
CreateFileMappingW
EnumResourceNamesW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
WaitForMultipleObjects
GetLocaleInfoEx
GetTempPathW
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
GetSystemInfo
FindResourceW
SetProcessShutdownParameters
LCIDToLocaleName
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetTickCount64
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
CloseHandle
GetModuleHandleW
FindResourceExW
CreateProcessW
Sleep
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocString
SysFreeString
VariantInit
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
PathStripPathW
StrCmpNIW
SHDeleteKeyW
PathIsFileSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
Ord(158)
SHRegGetUSValueW
Ord(388)
SHRegSetUSValueW
StrChrW
PathFindExtensionW
PathIsRelativeW
PathIsDirectoryW
SHGetValueW
PathRemoveExtensionW
UpdateWindow
EndDialog
GetMessageW
OffsetRect
FindWindowW
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetWindowRect
TranslateMessage
PostMessageW
SetDlgItemTextW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
SendDlgItemMessageW
LoadStringW
GetDlgItem
SystemParametersInfoW
BringWindowToTop
SetTimer
LoadImageW
IsDialogMessageW
CopyRect
GetDesktopWindow
LoadIconW
DispatchMessageW
SetForegroundWindow
CharNextW
ExitWindowsEx
DestroyWindow
IsThemeActive
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
__p__fmode
??1type_info@@UAE@XZ
??_U@YAPAXI@Z
_wcsnicmp
swprintf_s
memset
swscanf_s
_vsnwprintf
_cexit
?terminate@@YAXXZ
??2@YAPAXI@Z
iswdigit
_wcsicmp
_wtol
_amsg_exit
exit
_XcptFilter
iswalpha
__setusermatherr
_controlfp
??_V@YAXPAX@Z
_acmdln
_CxxThrowException
_ismbblead
_exit
__p__commode
??3@YAXPAX@Z
_except_handler4_common
__getmainargs
memcpy
_itow_s
wcschr
_initterm
__set_app_type
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 21
RT_STRING 13
RT_RCDATA 7
RT_GROUP_ICON 2
RT_DIALOG 1
RT_HTML 1
RT_MANIFEST 1
RT_VERSION 1
TASKSCHEDULEFILE 1
Number of PE resources by language
ENGLISH US 44
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
55788544

ImageVersion
6.3

ProductName
Internet Explorer

FileVersionNumber
11.0.9600.16428

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
iesetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.00.9600.16428 (winblue_gdr.131013-1700)

TimeStamp
2013:10:14 07:13:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iesetup

ProductVersion
11.00.9600.16428

FileDescription
Internet Explorer 11 Setup utility

OSVersion
6.3

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
110080

FileSubtype
0

ProductVersionNumber
11.0.9600.16428

EntryPoint
0x1b243

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 839a1a4d5043d694cd324c33937e00ae
SHA1 ddec9ddc256ffa7d97831af148f6cc45130c6857
SHA256 559eafe456e5d29b19cd3a9d6be7c77f3f576a484434bd5b2aa5b6188aaa00b2
ssdeep
1572864:d+DKba2s2aS5bnjtJAe2dGo1H3ydmMo1T0:YDKbaCVPhSH3G3oR0

authentihash c92a4278aca6b21cd950ec208d8523feb5bccba75f9dfa63c8271b3c0bd31149
imphash 51ae0161f6d3c0e5791362ddd6be25dd
File size 53.3 MB ( 55915216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (44.0%)
Win64 Executable (generic) (28.2%)
Microsoft Visual C++ compiled executable (generic) (16.9%)
Win32 Executable (generic) (4.6%)
OS/2 Executable (generic) (2.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-11-07 17:08:39 UTC ( 5 years, 3 months ago )
Last submission 2019-01-08 03:20:14 UTC ( 1 month, 1 week ago )
File names bitbf34.tmp
bitaa85.tmp
bitc4a2.tmp
bit467.tmp
bitbfee.tmp
bit48ef.tmp
bitb846.tmp
bit92e0.tmp
bit1b44.tmp
bit9b01.tmp
bit614c.tmp
bit9245.tmp
bit58b3.tmp
bitda9f.tmp
bit858a.tmp
bit7c55.tmp
bit6900.tmp
IE11-Windows6_1-x64-en-us.exe
bit368e.tmp
bit50be.tmp
bit807b.tmp
bit81.tmp
bitd9e0.tmp
bit836b.tmp
bit5587.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!