× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b7cea4838d892a0a0f625bab2df3d378a035c365209db3c573253f037882229
File name: Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
Detection ratio: 0 / 54
Analysis date: 2015-12-20 11:42:02 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151220
AegisLab 20151220
Yandex 20151219
AhnLab-V3 20151220
Alibaba 20151208
Antiy-AVL 20151220
Arcabit 20151220
Avast 20151220
AVG 20151220
Avira (no cloud) 20151220
AVware 20151220
Baidu-International 20151220
BitDefender 20151220
Bkav 20151219
ByteHero 20151220
CAT-QuickHeal 20151219
ClamAV 20151219
CMC 20151217
Comodo 20151219
Cyren 20151220
DrWeb 20151220
Emsisoft 20151220
ESET-NOD32 20151220
F-Prot 20151220
F-Secure 20151218
Fortinet 20151220
GData 20151220
Ikarus 20151220
Jiangmin 20151220
K7AntiVirus 20151220
K7GW 20151220
Kaspersky 20151220
Malwarebytes 20151220
McAfee 20151220
McAfee-GW-Edition 20151220
Microsoft 20151220
eScan 20151220
NANO-Antivirus 20151220
nProtect 20151218
Panda 20151220
Rising 20151218
Sophos AV 20151220
SUPERAntiSpyware 20151220
Symantec 20151217
Tencent 20151220
TheHacker 20151220
TotalDefense 20151220
TrendMicro 20151220
TrendMicro-HouseCall 20151220
VBA32 20151218
VIPRE 20151219
ViRobot 20151220
Zillya 20151218
Zoner 20151220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows® Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 8.00.7600.16385 (win7_rtm.090713-1255)
Description Win32 Cabinet Self-Extractor
Signature verification Signed file, verified signature
Signing date 10:22 PM 12/9/2009
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Code Signing PCA
Valid from 09:24 PM 10/22/2008
Valid to 09:34 PM 01/22/2010
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9E95C625D81B2BA9C72FD70275C3699613AF61E3
Serial number 61 06 27 81 00 00 00 00 00 08
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 10:31 PM 08/22/2007
Valid to 07:00 AM 08/25/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Timestamping PCA
Valid from 07:02 PM 07/25/2008
Valid to 07:12 PM 07/25/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37
Serial number 61 06 94 2D 00 00 00 00 00 09
[+] Microsoft Timestamping PCA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 01:04 AM 09/16/2006
Valid to 07:00 AM 09/15/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 07:00 AM 01/10/1997
Valid to 07:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:42:43
Entry Point 0x00006AF8
Number of sections 4
PE sections
Overlays
MD5 2cc910749bfeee5ae18721da7d3d3536
File type data
Offset 2715136
Size 6032
Entropy 7.38
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetCurrentProcess
LocalAlloc
_llseek
GetTempPathA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
SetFileAttributesA
FreeLibrary
LocalFree
LoadResource
FindClose
FormatMessageA
ExitProcess
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
CreateMutexA
SetFilePointer
_lclose
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
TerminateThread
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GlobalLock
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
CreateEventA
CreateFileA
GetLastError
DosDateTimeToFileTime
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
InterlockedCompareExchange
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
FreeResource
CreateProcessA
Sleep
FindResourceA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
_acmdln
memset
_ismbblead
__p__fmode
__p__commode
__setusermatherr
memcpy
?terminate@@YAXXZ
_amsg_exit
exit
_XcptFilter
__getmainargs
_exit
_vsnprintf
_controlfp
_initterm
__set_app_type
Number of PE resources by type
RT_RCDATA 14
RT_ICON 13
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 43
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
2670080

ImageVersion
6.1

ProductName
Windows Internet Explorer

FileVersionNumber
8.0.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
WEXTRACT.EXE .MUI

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.00.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:42:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
8.00.7600.16385

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
6.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
44032

FileSubtype
0

ProductVersionNumber
8.0.7600.16385

EntryPoint
0x6af8

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 af911be206423bf440ea9d4df075a632
SHA1 ed1108a525066d1f850023cb5bfa05fc4ed21983
SHA256 6b7cea4838d892a0a0f625bab2df3d378a035c365209db3c573253f037882229
ssdeep
49152:JDHlPyp6jE1/8Sfov72CmSj/pL2gyIPgaStBPEBiwChHHVPlcnSebHc8:DaUjw/8Xv69fgyIPgaXiPbPlzer9

authentihash 280d16d76764e86456ce427d151b82f6fcb24acb7e803e050744d274779bdc97
imphash 2339ac77bf9371500ebbf86df3a10d43
File size 2.6 MB ( 2721168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID MS generic-sfx Cabinet File Unpacker (32/64bit MSCFU) (44.3%)
Win32 MS Cabinet Self-Extractor (WExtract stub) (38.4%)
InstallShield setup (5.4%)
Win32 Executable MS Visual C++ (generic) (3.9%)
Win64 Executable (generic) (3.4%)
Tags
peexe via-tor overlay signed software-collection

VirusTotal metadata
First submission 2009-12-10 04:33:12 UTC ( 9 years, 2 months ago )
Last submission 2019-02-22 02:52:27 UTC ( 1 day, 22 hours ago )
File names Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
Windows Vista USB - DVD Tool.exe
Windows7_USB_DVD_Download_Tool_Installer-spaces.ru.exe
Windows-USB-DVD-Download-Tool.exe
%EC%9C%88%EB%8F%84%EC%9A%B07%20usb%20%EB%B6%80%ED%8C%85%EB%94%94%EC%8A%A4%ED%81%AC%20%ED%94%84%EB%A1%9C%EA%B7%B8%EB%9E%A8.exe
Windows 7 USB - DVD Tool.mp3
Windows 7 USB-DVD Tool.exe
USB-DVD-Tool.exe
Windows7 USB Download Tool.exe
inst.exe
J6bpmRyOJonT3VoXnDag%3D%3D&limit=0&content_type=application%2Fx-msdownload&fsize=2721168&hid=c3f79ba674a60ed89e31b2c4da2e4d4e&media_type=executable&tknv=v2&rtoken=x3f3ZDI8J61A&force_default=no&ycrid=na-438909c033d3e2910a7e96e5a5c7b040-downloader8e&ts=561eaece18f00&s=f6fe84a60b661e939b55d4ccffdd753cf25a2aad93d027cff1906c9b61455a2a&pb=U2FsdGVkX19axEgO0Zob6Ci7DIMgkOWEl9w0RfllqsHZ97BYf7Pm8TppHgwPvmUi_5hbIvTXAK0cRzYYpr2pIkzKhQOYuYOUA9BMiX1LAUg=
%EC%9C%88%EB%8F%84%EC%9A%B010%20usb%20%EB%B6%80%ED%8C%85%EB%94%94%EC%8A%A4%ED%81%AC%20%ED%94%84%EB%A1%9C%EA%B7%B8%EB%9E%A8.exe
Windows7-USB-DVD1024-DLTool.exe
Windows7-USB-DVD-tool%281%29.exe
Windows7-USB-DVD-Tools.exe
Windows7-USB-DVD-Download-Tool-Installer-en-US-2.exe
windowsusbdvdtool_19480.exe
myfile.exe
Windows 7 USB - DVD Tool.exe
Windows7-USB-DVD-Download-Tool-Installer-en-US(3).exe
Windows7-USB-DVD-tools.exe
Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
Windows 7 USB DVD Tool.exe
windows-7-usbdvd-download-tool_10300.exe
Windows 7 USB DVD Download Tool.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!