× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c8a3ea55dc2d1f51b6d49b9b92812f033c272358ab63175e1c32c3afde019e2
File name: crescendo-9457.exe
Detection ratio: 0 / 64
Analysis date: 2019-03-04 14:40:49 UTC ( 3 weeks ago ) View latest
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190304
AegisLab 20190304
AhnLab-V3 20190304
Alibaba 20180921
ALYac 20190304
Antiy-AVL 20190304
Arcabit 20190304
Avast 20190304
Avast-Mobile 20190304
AVG 20190304
Avira (no cloud) 20190304
Babable 20180918
Baidu 20190215
BitDefender 20190304
CAT-QuickHeal 20190304
ClamAV 20190304
CMC 20190304
Comodo 20190304
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190304
DrWeb 20190304
eGambit 20190304
Emsisoft 20190304
Endgame 20190215
ESET-NOD32 20190304
F-Secure 20190304
Fortinet 20190304
GData 20190304
Ikarus 20190304
Sophos ML 20181128
Jiangmin 20190304
K7AntiVirus 20190304
K7GW 20190304
Kaspersky 20190304
Kingsoft 20190304
Malwarebytes 20190304
MAX 20190304
McAfee 20190304
McAfee-GW-Edition 20190304
Microsoft 20190304
eScan 20190304
NANO-Antivirus 20190304
Palo Alto Networks (Known Signatures) 20190304
Panda 20190303
Qihoo-360 20190304
SentinelOne (Static ML) 20190203
Sophos AV 20190304
SUPERAntiSpyware 20190227
Symantec 20190304
Symantec Mobile Insight 20190220
TACHYON 20190304
Tencent 20190304
TheHacker 20190225
TotalDefense 20190304
Trapmine 20190301
Trustlook 20190304
VBA32 20190304
VIPRE 20190304
ViRobot 20190304
Webroot 20190304
Yandex 20190301
ZoneAlarm by Check Point 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
NCH Software

Product Crescendo
Original name Crescendo.exe
Internal name Crescendo
File version 4.01FR
Description Crescendo - Éditeur de notation de musique
Signature verification Signed file, verified signature
Signing date 12:00 AM 1/10/2019
Signers
[+] NCH Software Pty Ltd
Status Valid
Issuer DigiCert EV Code Signing CA
Valid from 12:00 AM 10/03/2018
Valid to 12:00 PM 03/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 160E0AE3B956EA75C9F0A5E5D00C7351E5A1722F
Serial number 05 72 F6 D5 E5 59 56 34 97 F3 53 31 5B 4E 81 47
[+] DigiCert EV Code Signing CA
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 PM 04/18/2012
Valid to 12:00 PM 04/18/2027
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 846896AB1BCF45734855C61B63634DFD8719625B
Serial number 0D D0 E3 37 4A C9 5B DB FA 6B 43 4B 2A 48 EC 06
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-23 22:02:44
Entry Point 0x000011D4
Number of sections 5
PE sections
Overlays
MD5 f13ce976c638de673ab4934929ac5471
File type data
Offset 946176
Size 14440
Entropy 7.24
PE imports
GetLastError
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
ExitProcess
LoadLibraryA
VerSetConditionMask
SizeofResource
LockResource
GetCommandLineW
GetStartupInfoW
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
lstrcpyW
GetModuleFileNameW
WriteFile
CloseHandle
GetModuleHandleW
FreeLibrary
GetTempPathW
LoadResource
FindResourceW
CreateFileW
SetupIterateCabinetW
ShellExecuteW
ShellExecuteExW
MessageBoxW
wsprintfW
CoInitializeEx
CoUninitialize
Number of PE resources by type
RT_ICON 2
Struct(99) 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
English (Australian)

FileFlagsMask
0x0017

FileDescription
Crescendo - diteur de notation de musique

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
943104

EntryPoint
0x11d4

OriginalFileName
Crescendo.exe

MIMEType
application/octet-stream

LegalCopyright
NCH Software

FileVersion
4.01FR

TimeStamp
2018:10:23 23:02:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Crescendo

ProductVersion
4.01FR

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NCH Software

CodeSize
2048

ProductName
Crescendo

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 27e98c90bf6ee085abdcbf700226a337
SHA1 0c2989e8f79f77321e1665c17cbd9ce057c517dc
SHA256 5c8a3ea55dc2d1f51b6d49b9b92812f033c272358ab63175e1c32c3afde019e2
ssdeep
24576:8sajXfvrSOmkvbViGQJpFF9fd6vr8duJdTHe:1ajXTfvQ33fdAl+

authentihash 440232708730a5b755b2a8ef9900eb2fe6ba656f3b84f805363e309a43bdfaad
imphash f1e3b0a5431323b070123d4183ff8736
File size 938.1 KB ( 960616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-10 23:03:22 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-20 15:14:58 UTC ( 5 days, 15 hours ago )
File names Crescendo
crescendosetup.exe
crescendo-9457.exe
crescendosetup.exe
Crescendo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections