× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
File name: 8a590f790a98f3d77399be457e01386a
Detection ratio: 0 / 64
Analysis date: 2017-07-10 06:49:09 UTC ( 1 week, 5 days ago )
Antivirus Result Update
Ad-Aware 20170710
AegisLab 20170710
AhnLab-V3 20170710
Alibaba 20170710
ALYac 20170710
Antiy-AVL 20170710
Arcabit 20170710
Avast 20170710
AVG 20170710
Avira (no cloud) 20170710
AVware 20170710
Baidu 20170710
BitDefender 20170710
Bkav 20170706
CAT-QuickHeal 20170710
ClamAV 20170710
CMC 20170710
Comodo 20170710
CrowdStrike Falcon (ML) 20170420
Cylance 20170710
Cyren 20170710
DrWeb 20170710
Emsisoft 20170710
Endgame 20170706
ESET-NOD32 20170710
F-Prot 20170710
F-Secure 20170710
Fortinet 20170629
GData 20170710
Ikarus 20170709
Sophos ML 20170607
Jiangmin 20170709
K7AntiVirus 20170710
K7GW 20170710
Kaspersky 20170710
Kingsoft 20170710
Malwarebytes 20170710
MAX 20170710
McAfee 20170710
McAfee-GW-Edition 20170709
Microsoft 20170710
eScan 20170710
NANO-Antivirus 20170710
nProtect 20170710
Palo Alto Networks (Known Signatures) 20170710
Panda 20170709
Qihoo-360 20170710
Rising 20170710
SentinelOne (Static ML) 20170516
Sophos AV 20170710
SUPERAntiSpyware 20170709
Symantec 20170710
Symantec Mobile Insight 20170709
Tencent 20170710
TheHacker 20170709
TotalDefense 20170710
TrendMicro 20170710
TrendMicro-HouseCall 20170710
Trustlook 20170710
VBA32 20170707
VIPRE 20170710
ViRobot 20170710
Webroot 20170710
WhiteArmor 20170706
Yandex 20170707
Zillya 20170707
ZoneAlarm by Check Point 20170710
Zoner 20170710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name IEXPLORE.EXE
Internal name iexplore
File version 11.00.9600.18616 (winblue_ltsb.170302-0600)
Description Internet Explorer
Signature verification Signed file, verified signature
Signing date 5:38 PM 3/4/2017
Signers
[+] Microsoft Corporation
Status Valid
Issuer Microsoft Code Signing PCA
Valid from 9:17 PM 8/18/2016
Valid to 9:17 PM 11/2/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA
Valid from 6:58 PM 9/7/2016
Valid to 6:58 PM 9/7/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint CC5B869DBD2603381FD2E60C387D299EBE0D06CF
Serial number 33 00 00 00 CB D9 52 06 53 BF 3E 2A 59 00 00 00 00 00 CB
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-02 16:44:43
Entry Point 0x00001E40
Number of sections 6
PE sections
Overlays
MD5 ed153053463462dd484c8c89765fc125
File type data
Offset 799744
Size 15560
Entropy 7.40
PE imports
GetNativeSystemInfo
GetLastError
LoadLibraryExW
GetSystemInfo
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
HeapSetInformation
SetProcessDEPPolicy
LoadLibraryExA
Wow64DisableWow64FsRedirection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
SetErrorMode
GetStartupInfoW
GetProcAddress
GetModuleHandleA
RaiseException
ExpandEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
Wow64RevertWow64FsRedirection
CloseHandle
GetSystemTimeAsFileTime
SetDllDirectoryW
IsWow64Process
GetModuleHandleW
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateProcessW
Sleep
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
RegCloseKey
EventRegister
EventWrite
RegGetValueW
RegOpenKeyExW
EventUnregister
RegQueryValueExW
Ord(139)
Ord(32)
Ord(650)
Ord(701)
Ord(9)
__p__fmode
__wgetmainargs
??_U@YAPAXI@Z
wcschr
_vsnwprintf
_cexit
?terminate@@YAXXZ
exit
??_V@YAXPAX@Z
iswalpha
__setusermatherr
_XcptFilter
_amsg_exit
memset
rand_s
__p__commode
_except_handler4_common
wcsncmp
_controlfp
iswspace
_initterm
_exit
_wcmdln
__set_app_type
Number of PE resources by type
RT_ICON 178
RT_GROUP_ICON 27
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 209
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
781824

ImageVersion
6.3

ProductName
Internet Explorer

FileVersionNumber
11.0.9600.18616

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

FileTypeExtension
exe

OriginalFileName
IEXPLORE.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.00.9600.18616 (winblue_ltsb.170302-0600)

TimeStamp
2017:03:02 17:44:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iexplore

ProductVersion
11.00.9600.18616

FileDescription
Internet Explorer

OSVersion
6.3

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16896

FileSubtype
0

ProductVersionNumber
11.0.9600.18616

EntryPoint
0x1e40

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 8a590f790a98f3d77399be457e01386a
SHA1 a8e91e847a90f70772fd5cd7684d077b95dfcd9d
SHA256 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
ssdeep
24576:qkts/6TgGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUn:qkXMMHMMMvMMZMMMlmMMMiMMMYJMMHMu

authentihash a6b3c224c18b9790a6eecc973b0dc2e2fcbed27f3dd3bce0cac2913ee06dca0d
imphash fc51828b75c4d5037039ac24cc9c9ea2
File size 796.2 KB ( 815304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-03-14 17:23:30 UTC ( 4 months, 1 week ago )
Last submission 2017-07-10 06:49:09 UTC ( 1 week, 5 days ago )
File names 43ddc924cf54fa4b86acc7b6c5b86979.tmp
cdb0d2ac84e18748bafbd816e78339a0.tmp
682b4a86c6b00c459467f747dedd05ac.tmp
53ae047152823e41af6478f461efb4f3.tmp
b8f0f85af520214ba671bb14867e992c.tmp
f29db779a974bc4891d53de9a20cfc81.tmp
76b7db5f45733741988032ca770c7ed6.tmp
3700702a1a9b854f888bdc81d90012f7.tmp
5a1378d10a9c5b4ab4b9d00c017e4301.tmp
9da4af097de1e74196d9be78f673db4b.tmp
17b395abc554dc46a89ca1de5ab7e84d.tmp
1f8ef5e3662b174aa48dec269b5bdb29.tmp
36a3ce1f3533bd4bba007e3ac457223b.tmp
iexplore.exe
3583840821db45458d4c1c6d3e0fc0c6.tmp
1d5bfc74407fb740b3c7ea1370d975a6.tmp
6c6f13ab67eb114d82db61172bd3916f.tmp
c5fc95109bd4e84eb0dffd978577e254.tmp
c8feb5bd5b2deb4190296f6704a54bea.tmp
1ff18ce320d76c4a8650b06544ffb971.tmp
805a7b0a3193e949967e19cb3602ad5e.tmp
f3360637e1bcc8429b82305671dfcae0.tmp
aaeb3f0db2b7554bb58ced2bd1b9b3d3.tmp
368ab78d714e6b46ad2f4e79b29cd9c5.tmp
0491760986259143b3663f3cdcc44ad1.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!