× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82dd6554efe91735476c04ae9c3b28192999246ae13d6f1769611732ea424d79
File name: pendmoves64.exe
Detection ratio: 0 / 67
Analysis date: 2019-02-19 19:15:23 UTC ( 1 month ago )
Antivirus Result Update
Acronis 20190219
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
ALYac 20190219
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190219
AVG 20190219
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
BitDefender 20190219
Bkav 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190219
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190219
Cyren 20190219
DrWeb 20190219
eGambit 20190219
Emsisoft 20190219
Endgame 20190215
ESET-NOD32 20190219
F-Prot 20190219
F-Secure 20190219
Fortinet 20190219
GData 20190219
Sophos ML 20181128
Jiangmin 20190219
K7AntiVirus 20190219
K7GW 20190219
Kaspersky 20190219
Kingsoft 20190219
Malwarebytes 20190219
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
Microsoft 20190219
eScan 20190219
NANO-Antivirus 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190219
Qihoo-360 20190219
Rising 20190219
SentinelOne (Static ML) 20190203
Sophos AV 20190219
SUPERAntiSpyware 20190213
Symantec 20190219
Symantec Mobile Insight 20190207
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190219
Trapmine 20190123
TrendMicro 20190219
TrendMicro-HouseCall 20190219
Trustlook 20190219
VBA32 20190219
ViRobot 20190219
Webroot 20190219
Yandex 20190219
Zillya 20190219
ZoneAlarm by Check Point 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004-2016 Mark Russinovich

Product Sysinternals Pendmoves
Original name pendmoves.exe
Internal name PendMoves
File version 1.3
Description Lists pending delayed movefile operations
Signature verification Signed file, verified signature
Signing date 6:13 PM 6/12/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 04:42 PM 06/04/2015
Valid to 04:42 PM 09/04/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 06:21 PM 03/30/2016
Valid to 06:21 PM 06/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 2AD6BD014B9381498ED5638C461ED67B89273AF0
Serial number 33 00 00 00 98 04 58 CB 7F 23 09 B0 9E 00 00 00 00 00 98
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2016-06-12 17:13:31
Entry Point 0x00004E90
Number of sections 6
PE sections
Overlays
MD5 18b150b13158de4be4ef865bcd346b6f
File type data
Offset 140288
Size 16048
Entropy 7.43
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegQueryInfoKeyA
RegQueryValueExW
PrintDlgA
GetDeviceCaps
SetMapMode
StartDocA
EndDoc
StartPage
EndPage
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetConsoleMode
FileTimeToSystemTime
GetFileAttributesA
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetConsoleMode
DecodePointer
LocalAlloc
SetLastError
UnhandledExceptionFilter
GetCommandLineW
RtlVirtualUnwind
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
ReadFile
SetUnhandledExceptionFilter
WriteFile
RtlCaptureContext
GetTimeFormatA
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
RtlUnwindEx
LocalFree
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
RtlLookupFunctionEntry
CreateFileW
TlsGetValue
Sleep
FormatMessageA
TlsSetValue
CloseHandle
EncodePointer
GetCurrentThreadId
GetProcessHeap
GetStartupInfoW
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
SendMessageA
LoadCursorA
InflateRect
EndDialog
GetSysColorBrush
GetDlgItem
SetWindowTextA
DialogBoxIndirectParamA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Lists pending delayed movefile operations

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
78848

EntryPoint
0x4e90

OriginalFileName
pendmoves.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004-2016 Mark Russinovich

FileVersion
1.3

TimeStamp
2016:06:12 19:13:31+02:00

FileType
Win64 EXE

PEType
PE32+

InternalName
PendMoves

ProductVersion
1.3

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
69632

ProductName
Sysinternals Pendmoves

ProductVersionNumber
1.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 8c6a81533a285d2700fa8f225d6236d4
SHA1 bfb3d979494c4651b46ef4a159dbd5f37f46fdd2
SHA256 82dd6554efe91735476c04ae9c3b28192999246ae13d6f1769611732ea424d79
ssdeep
3072:IC6r5Ighvhw+0/8Thb4b7RN5UFoCWy0bwDmLFJBAEeZ7:IC6r5I+a8ThbKF4oVhRy7

authentihash 432e7d3fbbdd5f63095fc38a305a4cc440e46e2a69a78d0bbf258e3b8bb8ee1a
imphash 8491001f9645ae6140a24d52bc07f973
File size 152.7 KB ( 156336 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe assembly overlay signed via-tor 64bits

VirusTotal metadata
First submission 2016-06-30 18:04:29 UTC ( 2 years, 8 months ago )
Last submission 2019-02-19 19:15:23 UTC ( 1 month ago )
File names pendmoves64.exe
pendmoves64.exe
pendmoves64.exe
pendmoves641.exe
pendmoves64.exe
tmp7f_q22
pendmoves64.exe
pendmoves64.exe
pendmoves64.exe
pendmoves.exe
PendMoves
pendmoves64.exe
82DD6554EFE91735476C04AE9C3B28192999246AE13D6F1769611732EA424D79
pendmoves64.exe
pendmoves64.exe
pendmoves.exe
pendmoves64.exe
D__C1_SysinternalsSuite_pendmoves64.exe
pendmoves64.exe
pendmoves64.exe
tmpc903.tmp
pendmoves64.exe
36533a5b81d3d52f!155-36533a5b81d3d52f!9309-36533a5b81d3d52f!30838-bfb3d979494c4651b46ef4a159dbd5f3.temp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!