× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39
File name: standalonephase2.dat
Detection ratio: 0 / 50
Analysis date: 2014-02-25 13:56:21 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140225
Yandex 20140223
AhnLab-V3 20140224
AntiVir 20140225
Antiy-AVL 20140225
Avast 20140225
AVG 20140225
Baidu-International 20140225
BitDefender 20140225
Bkav 20140224
ByteHero 20140225
CAT-QuickHeal 20140225
ClamAV 20140225
CMC 20140220
Commtouch 20140225
Comodo 20140225
DrWeb 20140225
Emsisoft 20140225
ESET-NOD32 20140225
F-Prot 20140225
F-Secure 20140225
Fortinet 20140225
GData 20140225
Ikarus 20140225
Jiangmin 20140225
K7AntiVirus 20140225
K7GW 20140225
Kaspersky 20140225
Kingsoft 20140225
Malwarebytes 20140225
McAfee 20140225
McAfee-GW-Edition 20140225
Microsoft 20140225
eScan 20140225
NANO-Antivirus 20140225
Norman 20140224
nProtect 20140225
Panda 20140225
Qihoo-360 20140225
Rising 20140223
Sophos AV 20140225
SUPERAntiSpyware 20140225
Symantec 20140225
TheHacker 20140224
TotalDefense 20140225
TrendMicro 20140225
TrendMicro-HouseCall 20140225
VBA32 20140224
VIPRE 20140225
ViRobot 20140225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 4:09 AM 6/2/2013
Signers
[+] Cheat Engine
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 03:26 AM 03/25/2013
Valid to 11:08 AM 07/22/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E896DC18DF16CAE692BD11C874FD70395AFA5A6A
Serial number 11 21 EC FE BA 3F 53 10 2B 74 1B 7E 1A ED B2 50 1C 7C
[+] GlobalSign CodeSigning CA - G2
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 10:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 01:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign Time Stamping Authority
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer GlobalSign Timestamping CA
Valid from 10:32 AM 12/21/2009
Valid to 10:32 AM 12/22/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint AEDF7DF76BBA2410D67DBAF18F5BA15B417E496C
Serial number 01 00 00 00 00 01 25 B0 B4 CC 01
[+] GlobalSign Timestamping CA
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 03/18/2009
Valid to 01:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint 958D23902D5448314F2F811034356A58255CDC9B
Serial number 04 00 00 00 00 01 20 19 C1 90 66
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 01:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000277D0
Number of sections 6
PE sections
Overlays
MD5 c2efe7a843dac5d676184270add0e63d
File type data
Offset 195072
Size 5816
Entropy 7.42
PE imports
SetFilePointer
SetThreadLocale
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
GetStartupInfoA
FileTimeToDosDateTime
GetFileAttributesA
TryEnterCriticalSection
FreeLibrary
TlsSetValue
WaitForSingleObject
ExitProcess
GetThreadLocale
TlsAlloc
GetVersionExA
GetModuleFileNameA
RemoveDirectoryA
DeleteCriticalSection
EnumCalendarInfoA
FileTimeToLocalFileTime
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LockResource
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
TerminateThread
GetProcessHeap
EnumResourceTypesA
CompareStringW
FindResourceExA
CreateThread
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
EnumResourceNamesA
CloseHandle
ResetEvent
EnumResourceLanguagesA
FindNextFileA
SuspendThread
ExitThread
GetUserDefaultLCID
FreeResource
ResumeThread
SetEvent
LocalFree
SetThreadPriority
GetThreadPriority
CreateProcessA
WideCharToMultiByte
InitializeCriticalSection
LoadResource
VirtualFree
CreateEventA
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
LeaveCriticalSection
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
LocalAlloc
SetLastError
CompareStringA
SysReAllocStringLen
SysFreeString
SysAllocStringLen
CharLowerBuffW
CharLowerA
GetSystemMetrics
CharUpperBuffA
MessageBoxA
CharLowerBuffA
CharUpperBuffW
MessageBeep
CharUpperA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
157696

LinkerVersion
2.62

FileTypeExtension
exe

InitializedDataSize
31404

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x277d0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
14292

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 808de473370ef6b5d98ab752f245a3ca
SHA1 800bd4ad10c17471829693fac3cee4502b14f029
SHA256 65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39
ssdeep
3072:WkHnWPw0GnbgoCxI+HRoEp51jdnRNuCQJYgl/Ftgpu5ivZ2in:x240Gnbgog37uCQJYgNPgV2E

authentihash e47349de44206ce473f25304aac642ca5cac9c1e6da687ec7875d6b7477730ff
imphash fa12988c1f536d0d5a773434549432dc
File size 196.2 KB ( 200888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.3%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-11 14:06:26 UTC ( 5 years, 11 months ago )
Last submission 2018-10-22 10:42:38 UTC ( 7 months ago )
File names 1b7b72fd3d8f88c94cd0170573db75ac991e4350bcf4b2ae6996ce580b1158b7
c7575ca27317b28ccc94c3c6fd3a84e8ca23c203ba4871ba4be63a8e5bc7af07
94d5eb2c1aa99a75227ca9f7a0a218ac373d19d6d834405f9668b332afb48d5f
614e5186326afc2f66938b9305f883b0dff1f2312423544e26f6290eea24d014
cdd252b993a4014bf633f363a0072d7ae90fa9b3d04f59561f48f5279cfb7290
ab4357fc66c2e46dd48c911fbb7b9c07c0576517426c1866f22d8e359bb0a203
8906f844a9b01e0420282dce7423b99cd325a856824826b9cce1c8adb76c8ece
Trainer18 State Of decay Ver.14.1.21.26.83 (Update 19) by {MaxTre}.EXE
f08568ddbe427b1d136907737faabac53c155c7f89c87dc1f2dd2c6649ab5cb3
d760984c8a35a19fd01e81dd3ac1720c36b0ecd3e5652340fd6830fc14f16a19
23c85dba4e061019ea4acf2c46ec212714baec5c277626cab206743d3c58bd89
2fcdf0a8937c3fd01fb2d658f3df55c932b8028b4bc2a28c1176116c929e2105
1fea6220997fe6feaba7cd8b7b64d73a94d2ab6427db7c624a582f6518e907f6
49eb5d3945fa214f388cd0c29f862c4d05e200069597d0046f4a318629a3cf9c
2f5a40f32c90518d99336090e8094c75acc9a24415169c152a89ec92df1a42da
3cb383d5fb689a0fe47fa3ac4ed1da3dd3e0800e97317d8cb08daf5402d923fe
86148fe6e19d8940a46cb443485c215d2e6404d584fa996221e08f576231cf0c
60423b1004a4e72c072ea0d157a1874c1cd64ccd48b8c8eacc8105cce247c840
4d893c903bc53c89b28accbd2d761bb57992814d50592ef8bd1239b568efc55a
87049664b8c3e29b91e583870ff4fc4dcea448ecc0567a664b2b4e4d91308f44
c7ebc485b0ce7ae8d5ff3c0eaee9cefc6f92f5bede07fdde84aa4ffe24b1a39e
07b23c80e6cbcf80ef2f2cedd762a566c2aedfaff4b70caeb61b7f4e18f552e0
872f0ffb605eb617af6cd1f9c985609a6a52a610885319ad09a4f71764fa7c49
4dff7a32219b5b3a41fc7f67cbd18b60cfe63af4a964aa9f359686b8d0974019
e39a50cb1782b8986114109e94f01793f6b6198380a66ee4daec531bd9b4476a
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.