× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57cd0d08badaa0cab4fa7bb2abeef1aadcb87a798937696b9e3431c1b793b869
File name: Client Application
Detection ratio: 0 / 51
Analysis date: 2014-04-16 05:40:01 UTC ( 4 days, 2 hours ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20140415
Ad-Aware 20140416
AegisLab 20140416
Agnitum 20140415
AhnLab-V3 20140415
AntiVir 20140416
Antiy-AVL 20140416
Avast 20140416
Baidu-International 20140415
BitDefender 20140416
Bkav 20140415
ByteHero 20140416
CAT-QuickHeal 20140416
CMC 20140411
ClamAV 20140416
Commtouch 20140416
Comodo 20140416
DrWeb 20140416
ESET-NOD32 20140415
Emsisoft 20140416
F-Prot 20140416
F-Secure 20140416
Fortinet 20140416
GData 20140416
Ikarus 20140416
Jiangmin 20140416
K7AntiVirus 20140415
K7GW 20140415
Kaspersky 20140416
Kingsoft 20140416
Malwarebytes 20140416
McAfee 20140416
McAfee-GW-Edition 20140416
MicroWorld-eScan 20140416
Microsoft 20140416
NANO-Antivirus 20140416
Norman 20140415
Panda 20140415
Qihoo-360 20140416
Rising 20140415
SUPERAntiSpyware 20140416
Sophos 20140416
Symantec 20140416
TheHacker 20140416
TotalDefense 20140415
TrendMicro 20140416
TrendMicro-HouseCall 20140416
VBA32 20140415
VIPRE 20140415
ViRobot 20140416
nProtect 20140415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft SkyDrive
Original name SkyDrive.exe
Internal name Client Application
File version 17.0.2015.0811
Description Microsoft SkyDrive
Signature verification Signed file, verified signature
Signing date 1:58 AM 8/12/2013
Signers
[+] Microsoft Corporation
Status Valid
Valid from 11:33 PM 1/24/2013
Valid to 11:33 PM 4/24/2014
Valid usage Code Signing
Algorithm SHA1
Thumbrint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm SHA1
Thumbrint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Certificate out of its validity period
Valid from 10:12 PM 9/4/2012
Valid to 10:12 PM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 2F497C556F94E32731CF86ADD8629C9867C35A24
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
[+] Microsoft Time-Stamp PCA
Status Valid
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm SHA1
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-12 00:55:55
Entry Point 0x00005462
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
FlsGetValue
GetOEMCP
GetEnvironmentStringsW
FlsSetValue
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
HeapSize
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
FlsAlloc
GetProcAddress
FlsFree
GetProcessHeap
GetTickCount64
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
GetSystemTimeAsFileTime
FlushFileBuffers
SetUnhandledExceptionFilter
WriteFile
CloseHandle
InitOnceExecuteOnce
SetDllDirectoryW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
LCMapStringEx
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
InterlockedDecrement
Sleep
WriteConsoleW
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
SHGetValueW
Number of PE resources by type
RT_ICON 28
REGISTRY 3
RT_GROUP_ICON 2
TYPELIB 1
RT_MESSAGETABLE 1
RT_MANIFEST 1
WEVT_TEMPLATE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 38
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
11.0

ImageVersion
6.2

FileSubtype
0

FileVersionNumber
17.0.2015.811

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
197120

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
17.0.2015.0811

TimeStamp
2013:08:12 01:55:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Client Application

FileAccessDate
2014:04:16 06:41:21+01:00

ProductVersion
17.0.2015.0811

FileDescription
Microsoft SkyDrive

OSVersion
6.2

FileCreateDate
2014:04:16 06:41:21+01:00

OriginalFilename
SkyDrive.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
51200

ProductName
Microsoft SkyDrive

ProductVersionNumber
17.0.2015.811

EntryPoint
0x5462

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 d213f06ae294341f3503fd74e22e7dda
SHA1 aef16a50a9fc008b7ac7222073e2f1021646c810
SHA256 57cd0d08badaa0cab4fa7bb2abeef1aadcb87a798937696b9e3431c1b793b869
ssdeep
3072:4+EjxpAPoZyjMWx12h1Un+vLvbmCuWhI0qLkLzFozTtIycF6I6qkdcq8BT+z:4/xhGMWKnUniFuWhI09LzFozyF6Dqk+K

imphash 32730da0fd38b7d912bda4d949fa8e06
File size 251.1 KB ( 257136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-08-14 00:38:39 UTC ( 8 months, 1 week ago )
Last submission 2014-03-14 09:31:29 UTC ( 1 month ago )
File names SkyDrive.exe
skydrive.exe
file-6096134_exe
vt-upload-BOD7Wa
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
Client Application
SkyDrive.exe
SKYDRIVE.EXE
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
SkyDrive.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!