× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
File name: 346835c6a4c63f48a0059b8cc7305ec8.tmp
Detection ratio: 0 / 60
Analysis date: 2017-05-22 13:52:59 UTC ( 1 day, 2 hours ago )
Antivirus Result Update
Ad-Aware 20170522
AegisLab 20170522
AhnLab-V3 20170522
Alibaba 20170522
ALYac 20170522
Antiy-AVL 20170522
Arcabit 20170522
Avast 20170522
AVG 20170522
Avira (no cloud) 20170522
AVware 20170522
Baidu 20170503
BitDefender 20170522
CAT-QuickHeal 20170522
ClamAV 20170522
CMC 20170521
Comodo 20170522
CrowdStrike Falcon (ML) 20170130
Cyren 20170522
DrWeb 20170522
Emsisoft 20170522
Endgame 20170515
ESET-NOD32 20170522
F-Prot 20170522
F-Secure 20170522
Fortinet 20170522
GData 20170522
Ikarus 20170522
Invincea 20170519
Jiangmin 20170522
K7AntiVirus 20170522
K7GW 20170522
Kaspersky 20170522
Kingsoft 20170522
Malwarebytes 20170522
McAfee 20170522
McAfee-GW-Edition 20170521
Microsoft 20170522
eScan 20170522
NANO-Antivirus 20170522
nProtect 20170522
Palo Alto Networks (Known Signatures) 20170522
Panda 20170521
Qihoo-360 20170522
Rising 20170522
SentinelOne (Static ML) 20170516
Sophos 20170521
SUPERAntiSpyware 20170522
Symantec 20170522
Symantec Mobile Insight 20170522
Tencent 20170522
TheHacker 20170522
TrendMicro 20170522
TrendMicro-HouseCall 20170522
Trustlook 20170522
VBA32 20170522
VIPRE 20170522
ViRobot 20170522
Webroot 20170522
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
ZoneAlarm by Check Point 20170522
Zoner 20170522
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name IEXPLORE.EXE
Internal name iexplore
File version 11.00.9600.18616 (winblue_ltsb.170302-0600)
Description Internet Explorer
Signature verification Signed file, verified signature
Signing date 5:38 PM 3/4/2017
Signers
[+] Microsoft Corporation
Status Valid
Issuer Microsoft Code Signing PCA
Valid from 9:17 PM 8/18/2016
Valid to 9:17 PM 11/2/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA
Valid from 6:58 PM 9/7/2016
Valid to 6:58 PM 9/7/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint CC5B869DBD2603381FD2E60C387D299EBE0D06CF
Serial number 33 00 00 00 CB D9 52 06 53 BF 3E 2A 59 00 00 00 00 00 CB
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-02 16:44:43
Entry Point 0x00001E40
Number of sections 6
PE sections
Overlays
MD5 ed153053463462dd484c8c89765fc125
File type data
Offset 799744
Size 15560
Entropy 7.40
PE imports
GetNativeSystemInfo
GetLastError
LoadLibraryExW
GetSystemInfo
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
HeapSetInformation
SetProcessDEPPolicy
LoadLibraryExA
Wow64DisableWow64FsRedirection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
SetErrorMode
GetStartupInfoW
GetProcAddress
GetModuleHandleA
RaiseException
ExpandEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
Wow64RevertWow64FsRedirection
CloseHandle
GetSystemTimeAsFileTime
SetDllDirectoryW
IsWow64Process
GetModuleHandleW
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateProcessW
Sleep
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
RegCloseKey
EventRegister
EventWrite
RegGetValueW
RegOpenKeyExW
EventUnregister
RegQueryValueExW
Ord(139)
Ord(32)
Ord(650)
Ord(701)
Ord(9)
__p__fmode
__wgetmainargs
??_U@YAPAXI@Z
wcschr
_vsnwprintf
_cexit
?terminate@@YAXXZ
exit
??_V@YAXPAX@Z
iswalpha
__setusermatherr
_XcptFilter
_amsg_exit
memset
rand_s
__p__commode
_except_handler4_common
wcsncmp
_controlfp
iswspace
_initterm
_exit
_wcmdln
__set_app_type
Number of PE resources by type
RT_ICON 178
RT_GROUP_ICON 27
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 209
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
781824

ImageVersion
6.3

ProductName
Internet Explorer

FileVersionNumber
11.0.9600.18616

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
IEXPLORE.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.00.9600.18616 (winblue_ltsb.170302-0600)

TimeStamp
2017:03:02 17:44:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iexplore

ProductVersion
11.00.9600.18616

FileDescription
Internet Explorer

OSVersion
6.3

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16896

FileSubtype
0

ProductVersionNumber
11.0.9600.18616

EntryPoint
0x1e40

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 8a590f790a98f3d77399be457e01386a
SHA1 a8e91e847a90f70772fd5cd7684d077b95dfcd9d
SHA256 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
ssdeep
24576:qkts/6TgGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUn:qkXMMHMMMvMMZMMMlmMMMiMMMYJMMHMu

authentihash a6b3c224c18b9790a6eecc973b0dc2e2fcbed27f3dd3bce0cac2913ee06dca0d
imphash fc51828b75c4d5037039ac24cc9c9ea2
File size 796.2 KB ( 815304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-03-14 17:23:30 UTC ( 2 months, 1 week ago )
Last submission 2017-05-22 13:52:59 UTC ( 1 day, 2 hours ago )
File names d2671a5c471fd149986139b9ad2ed173.tmp
346835c6a4c63f48a0059b8cc7305ec8.tmp
82f72d5ce0212144b571b11aa88481aa.tmp
e61cc493af96184eb7d2b115d46c58c9.tmp
e74e2149ef638e449b94606cce81223b.tmp
3700702a1a9b854f888bdc81d90012f7.tmp
81cf627273a9f94c814c627711e62f4d.tmp
00215763_d48_crypt_io_copy.tmp
7c5bc25bbe21194dbf4c48e167ce278b.tmp
5512e4802550114f80aa10d549e5a812.tmp
05e4d12c13c96f4a992680fc2f7dd53d.tmp
262f9d587cd9f74a95e8b03b9e178dc7.tmp
b815910aeaf0e1438d77149eb656dea2.tmp
34059063a256e848a522e94d6f743d84.tmp
0f0e53a12bb1b44da6652e07f724eefc.tmp
fb6d72f193e5e44eabf2b20bf48d6e2a.tmp
34e58a93041bb74d98c4c432713d14e7.tmp
7c23036dc4acdc4084dc3a08cc36d9c9.tmp
3895a80fea68314fb3dacda3f0a6825f.tmp
09e0ddf55c37054b95a88c96f2b9a006.tmp
a8f78996a9d0d201d42500002c0dd414_iexplore.exe
3f09c088fbc1874988e05da95bdcaa1e.tmp
cb46f744d756fe4d9542d75eaab9fc74.tmp
5a5d28fdcb982f45b1310de6b407b252.tmp
e777f71596b3974a8f3f9efd54e8ae86.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!