× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5cd86fe04d958250678965f2c057bc10f32274cfa2e58ceb3ec7ced8f3c0d8db
File name: Setup.RemoteDesktopManager.9.2.4.0.exe
Detection ratio: 0 / 50
Analysis date: 2014-05-01 16:27:43 UTC ( 5 years ago )
Antivirus Result Update
Ad-Aware 20140501
AegisLab 20140501
Yandex 20140430
AhnLab-V3 20140501
AntiVir 20140501
Antiy-AVL 20140501
Avast 20140501
AVG 20140501
Baidu-International 20140501
BitDefender 20140501
Bkav 20140428
ByteHero 20140501
CAT-QuickHeal 20140430
ClamAV 20140501
CMC 20140429
Commtouch 20140501
Comodo 20140501
DrWeb 20140501
Emsisoft 20140501
ESET-NOD32 20140501
F-Prot 20140501
F-Secure 20140501
Fortinet 20140430
GData 20140501
Ikarus 20140501
Jiangmin 20140501
K7AntiVirus 20140501
K7GW 20140501
Kingsoft 20140501
Malwarebytes 20140501
McAfee 20140501
McAfee-GW-Edition 20140501
Microsoft 20140501
eScan 20140501
NANO-Antivirus 20140501
Norman 20140501
nProtect 20140430
Panda 20140501
Qihoo-360 20140501
Rising 20140501
Sophos AV 20140501
SUPERAntiSpyware 20140501
Symantec 20140501
TheHacker 20140501
TotalDefense 20140501
TrendMicro 20140501
TrendMicro-HouseCall 20140501
VBA32 20140428
VIPRE 20140501
ViRobot 20140501
Zillya 20140501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Devolutions inc.

Publisher Devolutions inc.
Product Remote Desktop Manager
Original name Setup.RemoteDesktopManager.9.2.4.0.exe
Internal name Setup.RemoteDesktopManager.9.2.4.0
File version 9.2.4.0
Description This installer database contains the logic and data required to install Remote Desktop Manager.
Signature verification Signed file, verified signature
Signing date 2:25 PM 4/2/2014
Signers
[+] Devolutions inc.
Status Valid
Issuer None
Valid from 1:00 AM 8/26/2013
Valid to 12:59 AM 8/27/2018
Valid usage Code Signing
Algorithm SHA1
Thumbprint 1B4B1155D5D8D62D2862269F824A5083BC8146F9
Serial number 00 EB EA B0 F8 75 8C 76 5A 11 BC BF 23 69 E6 6F ED
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-30 14:42:20
Entry Point 0x00031157
Number of sections 5
PE sections
PE imports
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW
GetDeviceCaps
DeleteDC
CreateFontIndirectW
SetBkMode
BitBlt
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
IsValidLocale
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetSystemTimeAsFileTime
InterlockedExchange
WriteFile
SetStdHandle
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FlushInstructionCache
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GlobalMemoryStatus
SearchPathW
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetModuleFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetShortPathNameW
CreateNamedPipeW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
Process32FirstW
lstrcpynW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
VarUI4FromStr
OleLoadPicture
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
PathFileExistsW
MapWindowPoints
RedrawWindow
GetMonitorInfoW
GetForegroundWindow
GetParent
CloseClipboard
EmptyClipboard
GetScrollRange
EndDialog
DestroyWindow
EnumWindows
SetFocus
ModifyMenuW
KillTimer
DestroyMenu
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
EnableMenuItem
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
DialogBoxParamW
DefWindowProcW
LoadIconW
SetPropW
TranslateMessage
GetWindow
PostMessageW
GetPropW
GetDC
CreateWindowExW
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassA
SetClipboardData
IsWindowVisible
LoadStringW
GetClientRect
SetWindowLongW
GetDlgItem
RemovePropW
MessageBoxW
MonitorFromWindow
ScreenToClient
InvalidateRect
GetScrollPos
GetSubMenu
SetTimer
LoadImageW
TrackPopupMenu
GetActiveWindow
FindWindowW
SetWindowTextW
GetWindowTextW
GetDesktopWindow
GetSystemMenu
GetWindowTextLengthW
DispatchMessageW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
CharNextW
CallWindowProcW
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_DIALOG 12
RT_ICON 12
RT_STRING 10
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 43
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
166912

ImageVersion
0.0

ProductName
Remote Desktop Manager

FileVersionNumber
9.2.4.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
This installer database contains the logic and data required to install Remote Desktop Manager.

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFileName
Setup.RemoteDesktopManager.9.2.4.0.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.2.4.0

TimeStamp
2013:09:30 15:42:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.RemoteDesktopManager.9.2.4.0

FileAccessDate
2014:05:01 17:28:02+01:00

ProductVersion
9.2.4.0

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:05:01 17:28:02+01:00

FileOS
Win32

LegalCopyright
Copyright (C) Devolutions inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Devolutions inc.

CodeSize
282112

FileSubtype
0

ProductVersionNumber
9.2.4.0

EntryPoint
0x31157

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 8f586091471b9f19e672f48569b2606b
SHA1 e8afac9b59049eaaf80524b09ba8d75b9438c2f8
SHA256 5cd86fe04d958250678965f2c057bc10f32274cfa2e58ceb3ec7ced8f3c0d8db
ssdeep
786432:3kvPUl9oW9u5KOzxjQecb5laSo1eK3Etpo6MzB:CP5+Oxj9cNi1WpohzB

imphash f20b97c85d8b89a0f90e2b43a55284fa
File size 34.8 MB ( 36527736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-04-03 06:26:43 UTC ( 5 years, 1 month ago )
Last submission 2014-05-01 16:27:43 UTC ( 5 years ago )
File names Setup.RemoteDesktopManager.9.2.4.0.exe
Setup.RemoteDesktopManager.9.2.4.0.exe
Setup.RemoteDesktopManager.9.2.4.0.exe
Setup.RemoteDesktopManager.9.2.4.0
setup.remotedesktopmanager.9.2.4.0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!