× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6787d78f15e0f100950715411646dd8fc991c433166bf262a70eafe57acb5ba5
File name: filename
Detection ratio: 1 / 57
Analysis date: 2016-04-02 11:49:04 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Baidu Multi.Threats.InArchive 20160402
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu-International 20160402
BitDefender 20160402
Bkav 20160402
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160401
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160402
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160401
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2015 Lepide Software Pvt.Ltd. All rights reserved.

Product Kernel for Outlook PST Repair - Evaluation Version
File version 15.9
Description Kernel for Outlook PST Repair - Evaluation Version Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 9:06 AM 12/2/2015
Signers
[+] Lepide Software Private Limited
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Valid from 4:37 PM 4/22/2015
Valid to 4:37 PM 4/22/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F3AB6882AC6A3249C8388242704C1093AC7C62E0
Serial number 11 21 23 36 7A 63 FF D2 14 39 7D 34 19 9F F4 D6 A7 C6
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4F5EA6A9E4BA30A4575DEAD4E4E9D3B2DA66EA7B
Serial number 04 00 00 00 00 01 31 89 C6 4D E1
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 11/18/2009
Valid to 11:00 AM 3/18/2019
Valid usage All
Algorithm sha256RSA
Thumbprint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 57AADEA34E3A84271197B259788D730C6AE22EC9
Serial number 11 21 16 C0 09 98 DC C6 8F A2 7D 25 C3 86 36 A8 83 BB
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 3/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 11/18/2009
Valid to 11:00 AM 3/18/2019
Valid usage All
Algorithm sha256RSA
Thumbrint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, qp, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 fe2190658c34eae827bc52b5402a78ba
File type data
Offset 78848
Size 11687536
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
15.9.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
37376

EntryPoint
0xa5f8

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Lepide Software Pvt.Ltd. All rights reserved.

FileVersion
15.9

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
15.9

FileDescription
Kernel for Outlook PST Repair - Evaluation Version Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lepide Software Pvt.Ltd.

CodeSize
40448

ProductName
Kernel for Outlook PST Repair - Evaluation Version

ProductVersionNumber
15.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 c6c893243160a6726ca45dfa791871e2
SHA1 97110d6ede7bc15d7c2f7d6284c2db77d05208a8
SHA256 6787d78f15e0f100950715411646dd8fc991c433166bf262a70eafe57acb5ba5
ssdeep
196608:prKbpCwYGrh//bFnOKc+U2IksbUDCkssvKJKAKCJTzb3d0VG/iIsoOqla4NfNicG:pubpFY2hzc+UNUDdscEKmF0VG5zaAN7u

authentihash ad1d4201c630db9b1a482b2d4e12c5e3fd1c6b764f6bfa6f70eed00050fdb199
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 11.2 MB ( 11766384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (55.4%)
Win32 EXE PECompact compressed (generic) (21.0%)
Win32 Executable Delphi generic (7.1%)
Windows screen saver (6.6%)
Win32 Dynamic Link Library (generic) (3.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-12-03 14:26:39 UTC ( 2 years, 11 months ago )
Last submission 2018-04-30 00:13:17 UTC ( 6 months, 3 weeks ago )
File names Kernel-PST-Demo.exe
PST-recovery.exe
kernel-pst-demo.exe
filename
Kernel-PST-Demo.exe
kernel-for-outlook-pst-repair.exe
6787D78F15E0F100950715411646DD8FC991C433166BF262A70EAFE57ACB5BA5
776486
repairpsttool.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs