× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 754469e65ff1af029195d2245550882edcbc4004c9be800ff87e97ae1020eeb9
File name: visioviewer_4339-1001_x86_en-us.exe
Detection ratio: 0 / 67
Analysis date: 2018-06-21 21:22:18 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware 20180621
AegisLab 20180621
AhnLab-V3 20180621
Alibaba 20180621
ALYac 20180621
Antiy-AVL 20180621
Arcabit 20180621
Avast 20180621
Avast-Mobile 20180621
AVG 20180621
Avira (no cloud) 20180621
AVware 20180621
Babable 20180406
Baidu 20180621
BitDefender 20180621
Bkav 20180621
CAT-QuickHeal 20180621
ClamAV 20180621
CMC 20180621
Comodo 20180621
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180621
Cyren 20180621
DrWeb 20180621
eGambit 20180621
Emsisoft 20180621
Endgame 20180612
ESET-NOD32 20180621
F-Prot 20180621
F-Secure 20180621
Fortinet 20180621
GData 20180621
Ikarus 20180621
Sophos ML 20180601
Jiangmin 20180621
K7AntiVirus 20180621
K7GW 20180621
Kaspersky 20180621
Kingsoft 20180621
Malwarebytes 20180621
MAX 20180621
McAfee 20180621
McAfee-GW-Edition 20180621
Microsoft 20180621
eScan 20180621
NANO-Antivirus 20180621
Palo Alto Networks (Known Signatures) 20180621
Panda 20180621
Qihoo-360 20180621
Rising 20180621
SentinelOne (Static ML) 20180618
Sophos AV 20180621
SUPERAntiSpyware 20180621
Symantec 20180621
Symantec Mobile Insight 20180619
TACHYON 20180621
Tencent 20180621
TheHacker 20180621
TrendMicro 20180621
TrendMicro-HouseCall 20180621
Trustlook 20180621
VBA32 20180621
VIPRE 20180621
ViRobot 20180621
Webroot 20180621
Yandex 20180621
Zillya 20180621
ZoneAlarm by Check Point 20180621
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
File version 16.0.4339.1001
Signature verification Signed file, verified signature
Signing date 8:17 PM 1/29/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 6:42 PM 6/4/2015
Valid to 6:42 PM 9/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 7:14 PM 10/7/2015
Valid to 7:14 PM 1/7/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 44BAC5F3D2818F5C974138626B43F72CEE86F28F
Serial number 33 00 00 00 8C FF F2 E5 18 1E 16 21 22 00 00 00 00 00 8C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-15 14:48:37
Entry Point 0x00023885
Number of sections 5
PE sections
Overlays
MD5 bbd0709daa312dc9395b137272b7d8f9
File type data
Offset 375808
Size 12288168
Entropy 8.00
PE imports
CreateFontIndirectA
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
FreeLibraryAndExitThread
LoadResource
FindClose
TlsGetValue
SetLastError
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
InitializeCriticalSectionEx
RtlUnwind
ExitThread
Process32Next
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetDiskFreeSpaceExA
ExpandEnvironmentStringsA
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalAlloc
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
FindResourceA
GetOEMCP
VariantChangeType
SysFreeString
VariantInit
VariantClear
SysAllocString
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CoInitialize
Number of PE resources by type
RT_DIALOG 6
RT_ICON 2
RT_VERSION 2
RT_MANIFEST 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
138752

ImageVersion
0.0

FileVersionNumber
16.0.4339.1001

LanguageCode
Neutral

FileFlagsMask
0x003f

MOSEVersion
BETA

CharacterSet
Windows, Latin1

LinkerVersion
14.0

EntryPoint
0x23885

MIMEType
application/octet-stream

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
16.0.4339.1001

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2015:09:15 15:48:37+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
16.0.4339.1001

SubsystemVersion
6.1

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
236032

FileSubtype
0

ProductVersionNumber
16.0.4339.1001

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 366892fdfef417aef6e77d06a5127eef
SHA1 f86893caee3aae8b40f41ea8b3d93ee7b215df25
SHA256 754469e65ff1af029195d2245550882edcbc4004c9be800ff87e97ae1020eeb9
ssdeep
393216:k62S8cUWtn0Dvd3sBE4LLoqTQa+jCR4sI:KpcRtnOdi/oqTQw4n

authentihash 6e22de0c23054dbc93352fbe38c0e51878045f3b013f118d4edfd8e196393dc0
imphash 27df6cc99f149de8c4fafc78a2e969ad
File size 12.1 MB ( 12663976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-06-03 07:33:55 UTC ( 2 years, 5 months ago )
Last submission 2018-01-18 08:09:19 UTC ( 10 months ago )
File names visioviewer_4339-1001_x86_en-us.exe
visioviewer_4339-1001_x86_en-us.exe
visioviewer_2016_x86_en-us.exe
visioviewer_4339-1001_x86_en-us.exe
visioviewer_4339-1001_x86_en-us.exe
visioviewer_4339-1001_x86_en-us.exe
@@partial@@_visioviewer_4339-1001_x86_en-us.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!