× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d94dbcef932c31bc1f2836a8f254b5ad287643e90a96138a5037c1b84185c3d
File name: ccnalabtrial.exe
Detection ratio: 1 / 66
Analysis date: 2018-07-11 13:08:31 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
SentinelOne (Static ML) static engine - malicious 20180701
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180711
ALYac 20180711
Antiy-AVL 20180711
Arcabit 20180711
Avast 20180711
Avast-Mobile 20180711
AVG 20180711
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
Baidu 20180711
BitDefender 20180711
Bkav 20180711
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180711
Comodo 20180711
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180711
DrWeb 20180711
eGambit 20180711
Emsisoft 20180711
Endgame 20180711
ESET-NOD32 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Ikarus 20180711
Sophos ML 20180601
Jiangmin 20180711
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
McAfee-GW-Edition 20180711
Microsoft 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180711
Qihoo-360 20180711
Rising 20180711
Sophos AV 20180711
SUPERAntiSpyware 20180711
Symantec 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180711
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 11.00.9600.16384 (winblue_rtm.130821-1623)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT appended, SFX
PE header basic information
Target machine x64
Compilation timestamp 2014-10-31 05:12:41
Entry Point 0x000080C0
Number of sections 6
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
Ord(23)
Ord(20)
Ord(21)
Ord(22)
GetDeviceCaps
GetLastError
IsDBCSLeadByte
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
TerminateThread
GetCurrentThreadId
GetFileAttributesA
GlobalFree
WaitForSingleObject
LockResource
SetEvent
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
RemoveDirectoryA
LoadLibraryA
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
LocalFileTimeToFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
RtlVirtualUnwind
GetCurrentDirectoryA
UnhandledExceptionFilter
_llseek
GetStartupInfoW
GetDiskFreeSpaceA
GetProcAddress
GetSystemInfo
CreateMutexA
GetTempPathA
CreateThread
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
OutputDebugStringA
SetUnhandledExceptionFilter
WriteFile
_lopen
_lclose
CompareStringA
ResetEvent
EnumResourceLanguagesA
FindNextFileA
GetTempFileNameA
GetSystemDirectoryA
GlobalLock
GetModuleHandleW
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
GetDriveTypeA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetExitCodeProcess
GetWindowsDirectoryA
LoadResource
RtlLookupFunctionEntry
GlobalAlloc
CreateEventA
FindClose
Sleep
FormatMessageA
GetTickCount
CreateFileA
RtlCaptureContext
GetVersion
FindResourceA
SetCurrentDirectoryA
CloseHandle
CharPrevA
EndDialog
SetWindowLongPtrA
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongPtrA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
?terminate@@YAXXZ
_vsnprintf
_ismbblead
__C_specific_handler
_acmdln
_exit
memset
_errno
memcpy
_commode
_amsg_exit
exit
_XcptFilter
__getmainargs
_initterm
_fmode
__setusermatherr
__set_app_type
Number of PE resources by type
RT_ICON 13
RT_RCDATA 11
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
6.3

FileSubtype
0

FileVersionNumber
11.0.9600.16384

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Win32 Cabinet Self-Extractor

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
253440

EntryPoint
0x80c0

OriginalFileName
WEXTRACT.EXE .MUI

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.16384 (winblue_rtm.130821-1623)

TimeStamp
2014:10:31 06:12:41+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Wextract

ProductVersion
11.00.9600.16384

SubsystemVersion
5.2

OSVersion
6.3

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
33280

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.16384

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3305e19bb2ed15113e6c3978144428c9
SHA1 6072afd0bb4c86f017c133e6f18ab899b7b00850
SHA256 5d94dbcef932c31bc1f2836a8f254b5ad287643e90a96138a5037c1b84185c3d
ssdeep
6144:bk0p0yN90QEnHF7HTRbl6l65ZuxAsAto05+jI:Sy90ZlTTF55Yx4to0cI

authentihash db411c02366d129779e514fe853d6f8d5c9e517b33e99177caf747bb8321be95
imphash 013c74198fc6e42dcf33737d6c40c012
File size 281.0 KB ( 287744 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (90.0%)
Win64 Executable (generic) (8.1%)
OS/2 Executable (generic) (0.6%)
Generic Win/DOS Executable (0.5%)
DOS Executable Generic (0.5%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2017-11-24 08:29:53 UTC ( 1 year ago )
Last submission 2018-08-06 10:38:04 UTC ( 4 months, 2 weeks ago )
File names ccnalabtrial.exe
Wextract
ccnatoolkit.exe
ccnatoolkit.exe
WEXTRACT.EXE .MUI
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!