× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d455a79a3a88b783f17f5de8010a45becdfa4bd7cc0fe62dc70fc229339d17e
File name: ResetPermission.exe
Detection ratio: 2 / 41
Analysis date: 2016-12-20 04:07:29 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_64% (D) 20161024
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161220
Ad-Aware 20161220
AegisLab 20161219
AhnLab-V3 20161219
Alibaba 20161220
ALYac 20161220
Antiy-AVL 20161220
Arcabit 20161220
Avast 20161220
AVG 20161219
Avira (no cloud) 20161220
AVware 20161220
Baidu 20161207
BitDefender 20161220
Bkav 20161219
CAT-QuickHeal 20161219
ClamAV 20161220
CMC 20161219
Comodo 20161220
Cyren 20161220
DrWeb 20161220
Emsisoft 20161220
ESET-NOD32 20161220
F-Prot 20161220
F-Secure 20161219
Fortinet 20161220
GData 20161220
Ikarus 20161219
Sophos ML 20161216
Jiangmin 20161220
K7AntiVirus 20161219
K7GW 20161220
Kaspersky 20161220
Kingsoft 20161220
Malwarebytes 20161220
McAfee 20161220
McAfee-GW-Edition 20161220
Microsoft 20161220
eScan 20161220
NANO-Antivirus 20161220
nProtect 20161219
Panda 20161219
Rising 20161220
Sophos AV 20161220
SUPERAntiSpyware 20161220
Symantec 20161220
Tencent 20161220
TheHacker 20161219
TrendMicro 20161220
TrendMicro-HouseCall 20161220
Trustlook 20161220
VBA32 20161219
VIPRE 20161220
ViRobot 20161220
WhiteArmor 20161212
Yandex 20161219
Zillya 20161219
Zoner 20161220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-20 03:51:43
Entry Point 0x000041CE
Number of sections 6
PE sections
PE imports
GetSaveFileNameW
GetOpenFileNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
FindFirstFileExW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
GetStdHandle
RaiseException
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
SetEndOfFile
GetCPInfo
TlsFree
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
FindNextFileW
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
FindClose
TlsGetValue
SetLastError
ReadConsoleW
TlsSetValue
CloseHandle
ExitProcess
GetCurrentThreadId
GetEnvironmentVariableW
WriteConsoleW
LeaveCriticalSection
SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
GetSubMenu
SetWindowLongW
MessageBoxW
TrackPopupMenu
SendMessageW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
SetDlgItemTextW
GetWindowTextLengthW
GetClientRect
LoadIconW
GetDlgItem
GetWindowTextW
GetWindowLongW
GetDlgItemTextW
ClientToScreen
LoadMenuW
DestroyMenu
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_ICON 2
RT_DIALOG 2
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:12:20 04:51:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
14.0

EntryPoint
0x41ce

InitializedDataSize
50176

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 e1343990e51fc4495a2ef5bfd4ca88ad
SHA1 3e23332c0309d247aca035c128efaf6727d3bb4e
SHA256 5d455a79a3a88b783f17f5de8010a45becdfa4bd7cc0fe62dc70fc229339d17e
ssdeep
3072:Dp1xiaKv5ju31hv36Pu0uAFAQMdOtScaz3VTev5K:9183RjuFE0EA9ev5

authentihash 43b5dc4a999018abc52481d2c86c733fa904e0759945961be706d28aaed59ccf
imphash 6bc2eb9bbe3f1e68c358382538f84404
File size 133.0 KB ( 136192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-20 03:52:18 UTC ( 1 year, 7 months ago )
Last submission 2017-05-15 08:25:22 UTC ( 1 year, 2 months ago )
File names ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
ResetPermission.exe
62da7ae5-a2f4-9dc9-7f13-0d621a8559dd_1d27fdcfc4c2c9a
ResetPermission.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Opened mutexes
Runtime DLLs