× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77a56edab6febb684e2f6b91db4e5363d40930ccc3f44da681bebb9201851b1c
File name: VCFw.exe
Detection ratio: 0 / 58
Analysis date: 2017-01-16 08:11:20 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware 20170116
AegisLab 20170116
AhnLab-V3 20170116
Alibaba 20170116
ALYac 20170116
Antiy-AVL 20170116
Arcabit 20170116
Avast 20170116
AVG 20170116
Avira (no cloud) 20170116
AVware 20170116
Baidu 20170116
BitDefender 20170116
Bkav 20170114
CAT-QuickHeal 20170116
ClamAV 20170116
CMC 20170116
Comodo 20170116
CrowdStrike Falcon (ML) 20161024
Cyren 20170116
DrWeb 20170116
Emsisoft 20170116
ESET-NOD32 20170116
F-Prot 20170116
F-Secure 20170116
Fortinet 20170116
GData 20170116
Ikarus 20170115
Sophos ML 20170111
Jiangmin 20170116
K7AntiVirus 20170116
K7GW 20170116
Kaspersky 20170116
Kingsoft 20170116
Malwarebytes 20170116
McAfee 20170108
McAfee-GW-Edition 20170116
Microsoft 20170116
eScan 20170116
NANO-Antivirus 20170116
nProtect 20170116
Panda 20170115
Qihoo-360 20170116
Rising 20170116
Sophos AV 20170116
SUPERAntiSpyware 20170116
Symantec 20170115
Tencent 20170116
TheHacker 20170116
TotalDefense 20170116
TrendMicro 20170116
TrendMicro-HouseCall 20170116
Trustlook 20170116
VBA32 20170113
VIPRE 20170116
ViRobot 20170116
WhiteArmor 20170113
Yandex 20170115
Zillya 20170113
Zoner 20170116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
©2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Sony Corp.

Product VAIO Content Folder Watcher
Original name VCFw.exe
Internal name VCFw.exe
File version 1.9.0.12220
Description VAIO Content Folder Watcher
Signature verification Signed file, verified signature
Signing date 8:43 AM 12/29/2011
Signers
[+] Sony Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 3/28/2011
Valid to 12:59 AM 3/28/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 08FF0D3EBD2CB8995D62BA1D28566F6329C0E1A9
Serial number 40 1D 53 63 BE F0 AF BF 01 73 32 12 30 3B D7 ED
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-21 11:03:15
Entry Point 0x0009B249
Number of sections 5
PE sections
Overlays
MD5 4b3be78f4c8103bd3d4cc0eaf96fc249
File type data
Offset 952832
Size 7328
Entropy 7.27
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
OpenServiceW
QueryServiceConfigW
ControlService
RegDeleteKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
ConvertStringSidToSidW
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
LookupAccountNameW
CopySid
CreateServiceW
GetTokenInformation
SetServiceStatus
IsValidSid
RegEnumKeyExW
OpenThreadToken
GetLengthSid
CreateProcessAsUserW
RegEnumValueW
RevertToSelf
RegSetValueExW
RegDeleteValueW
OpenSCManagerW
ReportEventW
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
IsWellKnownSid
ChangeServiceConfigW
SetSecurityDescriptorGroup
Ord(68)
Ord(49)
Ord(11)
Ord(10)
Ord(56)
Ord(61)
Ord(20)
Ord(67)
Ord(23)
Ord(31)
Ord(30)
Ord(64)
Ord(17)
Ord(32)
Ord(58)
GetDriveTypeW
FileTimeToSystemTime
GetOverlappedResult
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
GetSystemDefaultLCID
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
FreeLibrary
LocalFree
LoadResource
FindClose
InterlockedDecrement
FindNextChangeNotification
SetFileAttributesW
GetUserDefaultUILanguage
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
GetPriorityClass
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateThread
GetExitCodeThread
SetUnhandledExceptionFilter
DecodePointer
SetPriorityClass
WaitForMultipleObjectsEx
TerminateProcess
FindCloseChangeNotification
CreateSemaphoreW
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetWindowsDirectoryW
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
FindNextFileW
WTSGetActiveConsoleSessionId
ResetEvent
FindFirstFileW
FindFirstFileExW
WaitForMultipleObjects
CreateEventW
ReadDirectoryChangesW
CreateFileW
LeaveCriticalSection
GetLastError
GlobalFree
lstrlenW
FindFirstChangeNotificationW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
HeapSize
InterlockedCompareExchange
CancelIo
GetCurrentThread
RaiseException
ReleaseSemaphore
CloseHandle
GetModuleHandleW
GetFileAttributesExW
FindResourceExW
FindResourceW
Sleep
WNetGetConnectionW
?_Xout_of_range@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
_purecall
__wgetmainargs
malloc
?what@exception@std@@UBEPBDXZ
memset
wcschr
__dllonexit
_wcsnicmp
__RTDynamicCast
wcsncpy_s
swprintf_s
wcstol
wcscpy_s
_invoke_watson
_scwprintf
_fmode
_amsg_exit
?terminate@@YAXXZ
wcstok_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy_s
_errno
??2@YAPAXI@Z
_lock
_onexit
fclose
_wcsnicoll
_wcsdup
fwprintf_s
_XcptFilter
_wfopen_s
_resetstkoflw
__setusermatherr
exit
_initterm_e
wcsrchr
_wcmdln
_cexit
_CxxThrowException
wcscat_s
_putws
memmove_s
_unlock
_exit
_crt_debugger_hook
_commode
??3@YAXPAX@Z
free
wmemcpy_s
__CxxFrameHandler3
_except_handler4_common
_initterm
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
_mktime64
wcsncat_s
_vsnwprintf_s
memmove
_controlfp_s
??0exception@std@@QAE@ABQBD@Z
_itow_s
wcsstr
_vscwprintf
_beginthreadex
_wcslwr_s
wcsnlen
_configthreadlocale
??0exception@std@@QAE@XZ
_wtol
__set_app_type
fgetws
_wtoi
SysStringLen
SysStringByteLen
SafeArrayGetRecordInfo
SafeArrayCreate
VariantCopy
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
UnRegisterTypeLib
SafeArrayUnaccessData
GetRecordInfoFromGuids
SafeArrayDestroy
SafeArrayUnlock
VarBstrCmp
SafeArrayGetUBound
LoadTypeLib
SysFreeString
SysAllocStringByteLen
SafeArrayLock
LoadRegTypeLib
VariantChangeType
DispCallFunc
SafeArrayGetVartype
SafeArrayRedim
SysAllocString
SafeArrayCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarCmp
SysAllocStringLen
VariantClear
RegisterTypeLib
SafeArrayCreateEx
MessageBoxW
PostThreadMessageW
TranslateMessage
CharUpperW
LoadStringW
GetMessageW
CharNextW
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(70)
Ord(205)
CoInitializeEx
CoUninitialize
CoImpersonateClient
CLSIDFromString
CoDisconnectObject
CoCreateInstance
CoInitializeSecurity
CoReleaseServerProcess
CoFreeAllLibraries
CoAddRefServerProcess
CoWaitForMultipleHandles
CoCreateGuid
CoResumeClassObjects
CoTaskMemFree
CoRevertToSelf
StringFromGUID2
CoCreateFreeThreadedMarshaler
Number of PE resources by type
REGISTRY 5
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
JAPANESE DEFAULT 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.0.12220

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
244736

EntryPoint
0x9b249

OriginalFileName
VCFw.exe

MIMEType
application/octet-stream

LegalCopyright
2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Sony Corp.

FileVersion
1.9.0.12220

TimeStamp
2011:12:21 12:03:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VCFw.exe

ProductVersion
1.9.0.12220

FileDescription
VAIO Content Folder Watcher

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sony Corporation

CodeSize
707072

ProductName
VAIO Content Folder Watcher

ProductVersionNumber
1.9.0.12220

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Overlay parents
File identification
MD5 add5a5ba64d0710e1c764a8d4dad510e
SHA1 8b83fb0d0e0aec30fa4de2a9adda3fd4ab479241
SHA256 77a56edab6febb684e2f6b91db4e5363d40930ccc3f44da681bebb9201851b1c
ssdeep
12288:VdwW3bws8iSI7J9zdt/AyjSw6zS1A9XIb9bCY/rRHQMpQT8H/xe:oWLwv0Yyuw6z74CYdQ8HZe

authentihash 8f8920f71b59f5547b93a6a40cbd87dbc3b2421b5dbff012ca2d56e7e52e566e
imphash a7baea36a060296334ad2a2cb75347a1
File size 937.7 KB ( 960160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (73.1%)
Win64 Executable (generic) (17.3%)
Win32 Dynamic Link Library (generic) (4.1%)
Win32 Executable (generic) (2.8%)
Generic Win/DOS Executable (1.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-10-29 10:17:07 UTC ( 6 years, 5 months ago )
Last submission 2017-01-16 08:11:20 UTC ( 2 years, 3 months ago )
File names VCFw.exe
file-4703338_exe
.
VCFw.exe
VCFw.exe
VCFw.exe
vcfw.exe
VCFw.exe
VCFw.exe
vcfw.exe
VCFw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!