× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 590932bbad8c9444fcd98022c0d5fb59b5e818a0003a72145ceb2d642b3b5bfb
File name: cup.exe
Detection ratio: 0 / 55
Analysis date: 2016-06-18 05:44:57 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20160618
AegisLab 20160618
AhnLab-V3 20160617
Alibaba 20160617
ALYac 20160618
Antiy-AVL 20160618
Arcabit 20160618
Avast 20160618
AVG 20160618
Avira (no cloud) 20160617
AVware 20160618
Baidu 20160618
Baidu-International 20160614
BitDefender 20160618
Bkav 20160617
CAT-QuickHeal 20160617
ClamAV 20160618
CMC 20160616
Comodo 20160616
Cyren 20160618
DrWeb 20160618
Emsisoft 20160618
ESET-NOD32 20160617
F-Prot 20160618
F-Secure 20160618
Fortinet 20160618
GData 20160618
Ikarus 20160617
Jiangmin 20160618
K7AntiVirus 20160618
K7GW 20160618
Kaspersky 20160618
Kingsoft 20160618
Malwarebytes 20160617
McAfee 20160618
McAfee-GW-Edition 20160618
Microsoft 20160618
eScan 20160618
NANO-Antivirus 20160618
nProtect 20160617
Panda 20160617
Qihoo-360 20160618
Sophos AV 20160618
SUPERAntiSpyware 20160618
Symantec 20160618
Tencent 20160618
TheHacker 20160617
TrendMicro 20160618
TrendMicro-HouseCall 20160618
VBA32 20160617
VIPRE 20160615
ViRobot 20160618
Yandex 20160616
Zillya 20160617
Zoner 20160618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011 - Present, RealDimensions Software, LLC - All Rights Reserved.

Product chocolatey
Original name cup.exe
Internal name cup.exe
File version 0.9.10.0
Description chocolatey - shim
Comments chocolatey
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-09 16:53:57
Entry Point 0x0000638E
Number of sections 3
.NET details
Module Version ID 4ff65abe-7449-44d2-bdc1-b1f785cf97e4
TypeLib ID 6104579d-2ee7-414d-b467-aa4a1e2d440a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
LegalTrademarks
chocolatey - RealDimensions Software, LLC

SubsystemVersion
4.0

Comments
chocolatey

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.9.10.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
chocolatey - shim

CharacterSet
Unicode

InitializedDataSize
120320

EntryPoint
0x638e

OriginalFileName
cup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011 - Present, RealDimensions Software, LLC - All Rights Reserved.

FileVersion
0.9.10.0

TimeStamp
2016:03:09 17:53:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cup.exe

ProductVersion
0.9.10-beta1-168-g74aa4e6 - shim 0.7.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
RealDimensions Software, LLC

CodeSize
17408

ProductName
chocolatey

ProductVersionNumber
0.9.10.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.9.10.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 77fcbd17e51ba875e71d674af9aa1050
SHA1 eb9107e67dc97bf25976de8bbf1b812ccf7cba32
SHA256 590932bbad8c9444fcd98022c0d5fb59b5e818a0003a72145ceb2d642b3b5bfb
ssdeep
768:0rm/fArz9foyglb/rHF/J/ODKQLD1U7a5vHIxCpGh/rNvvWtJLrcs3:TIz9foy+/rl5O5FU7bxvhTVWtJ

authentihash 09ea4f3cfdcabb2db7a852d7f6c095f6208c5888d9631cd77d71900830764a3e
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 135.0 KB ( 138240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2016-03-11 17:17:09 UTC ( 2 years, 11 months ago )
Last submission 2016-06-18 05:44:57 UTC ( 2 years, 8 months ago )
File names cup.exe
cup.exe
cup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!