× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7716e2e5165402bc3337147ee555bc1b4641fe5fdfdc72329e08753697fe1b90
File name: WinCDEmu(clean).exe
Detection ratio: 0 / 66
Analysis date: 2019-02-17 00:46:48 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190213
Ad-Aware 20190218
AegisLab 20190218
AhnLab-V3 20190218
Alibaba 20180921
ALYac 20190218
Antiy-AVL 20190218
Arcabit 20190218
Avast 20190218
Avast-Mobile 20190218
AVG 20190218
Avira (no cloud) 20190218
Babable 20180917
Baidu 20190214
BitDefender 20190218
CAT-QuickHeal 20190218
ClamAV 20190218
CMC 20190218
Comodo 20190218
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190218
Cyren 20190218
DrWeb 20190218
eGambit 20190218
Emsisoft 20190218
Endgame 20190215
ESET-NOD32 20190218
F-Secure 20190218
Fortinet 20190218
GData 20190218
Ikarus 20190218
Sophos ML 20181128
Jiangmin 20190218
K7AntiVirus 20190218
K7GW 20190218
Kaspersky 20190218
Kingsoft 20190218
Malwarebytes 20190218
MAX 20190218
McAfee 20190218
McAfee-GW-Edition 20190218
Microsoft 20190218
eScan 20190218
NANO-Antivirus 20190218
Palo Alto Networks (Known Signatures) 20190218
Panda 20190218
Qihoo-360 20190218
Rising 20190218
SentinelOne (Static ML) 20190203
Sophos AV 20190218
SUPERAntiSpyware 20190213
Symantec 20190218
Symantec Mobile Insight 20190206
TACHYON 20190217
Tencent 20190218
TheHacker 20190217
TotalDefense 20190218
Trapmine 20190123
Trustlook 20190218
VBA32 20190218
VIPRE 20190218
ViRobot 20190218
Webroot 20190218
Yandex 20190215
ZoneAlarm by Check Point 20190218
Zoner 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
LGPL

Product WinCDEmu
Original name WinCDEmu-installer.exe
File version 4.1
Description WinCDEmu installer
Comments http://wincdemu.sysprogs.org/
Signature verification Signed file, verified signature
Signing date 7:12 PM 9/28/2015
Signers
[+] Sysprogs OU
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 09:58 AM 07/24/2013
Valid to 09:58 AM 07/24/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 8880A2309BE334678E3D912671F22049C5A49A78
Serial number 11 21 F7 C4 F0 4F 79 EA 2F 0D D8 72 5F 11 6C 3A ED 65
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 09:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-27 02:53:54
Entry Point 0x0005A900
Number of sections 3
PE sections
Overlays
MD5 93997af57cbe184e74dfc16383417e9a
File type data
Offset 158208
Size 1539600
Entropy 8.00
PE imports
RegOpenKeyA
FillRgn
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
CoInitialize
Number of PE resources by type
RT_DIALOG 11
RT_ICON 9
RT_STRING 5
RT_GROUP_ICON 5
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 24
ENGLISH US 6
NEUTRAL SYS DEFAULT 3
PE resources
ExifTool file metadata
CodeSize
118784

SubsystemVersion
5.1

Comments
http://wincdemu.sysprogs.org/

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
WinCDEmu installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x5a900

OriginalFileName
WinCDEmu-installer.exe

MIMEType
application/octet-stream

LegalCopyright
LGPL

FileVersion
4.1

TimeStamp
2015:09:27 04:53:54+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.1

UninitializedDataSize
249856

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysprogs OU

LegalTrademarks
Sysprogs

ProductName
WinCDEmu

ProductVersionNumber
4.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 2331909926ba27bac6aab1fc600db594
SHA1 6ea5cb4fa2e058172d5bc9b3499cb0ecf0e69069
SHA256 7716e2e5165402bc3337147ee555bc1b4641fe5fdfdc72329e08753697fe1b90
ssdeep
49152:vCF6JSNpswQLWIv42UJFMemx/+pplGY1aIJkVV4dDD/y:vTQNpsNv42iFV4+Fj1aIW4dDjy

authentihash 5bfc4ff921500797b2483073910f7b16941ae2f4fb9377e51ee9dfdc73d8aad1
imphash 2f45dc341e82cb821aa3706313cfae94
File size 1.6 MB ( 1697808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe overlay signed upx via-tor

VirusTotal metadata
First submission 2015-09-29 10:16:13 UTC ( 3 years, 5 months ago )
Last submission 2019-03-22 08:42:34 UTC ( 22 hours, 30 minutes ago )
File names WinCDEmu-V4.1.exe
WinCDEmu-4.1.exe
virtualCD-wincdemu-4.1.exe
WinCDEmu-4.1.exe
WinCDEmu-4.1.exe
WinCDEmu-4.1.exe
IMAGESmitWinCDEmu-4.1.exe
Mounter v.4.1.exe
WinCDEmu-4.1.exe
WinCDEmu-4.1-Installer.exe
WinCDEmu(clean).exe
WinCDEmu-4.1.exe
WinCDEmu-4.1.exe
baixaki_wincdemu.exe
WinCDEmu_4.1.0.0.exe
filename
WinCDEmu-4.1.exe
WinCDEmu-4.1.exe
wincdemu_4-1_fr_338412.exe
_files_WinCDEmu_WinCDEmu-4.1.exe
WinCDEmu-4.1.Exe
WinCDEmu-installer.exe
WinCDEmu-4.1.exe
WinCDEmu-4.1.exe
output.110609918.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs