× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00
File name: ABIbaouFyYe.exe
Detection ratio: 0 / 64
Analysis date: 2018-10-29 07:02:25 UTC ( 2 months, 2 weeks ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20181029
AVG 20181029
Ad-Aware 20181029
AegisLab 20181029
AhnLab-V3 20181029
Alibaba 20180921
Antiy-AVL 20181028
Arcabit 20181029
Avast 20181029
Avira (no cloud) 20181028
Babable 20180918
Baidu 20181029
BitDefender 20181029
Bkav 20181025
CAT-QuickHeal 20181028
ClamAV 20181029
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181029
Cyren 20181029
DrWeb 20181029
ESET-NOD32 20181029
Emsisoft 20181029
Endgame 20180730
F-Prot 20181029
F-Secure 20181029
Fortinet 20181029
GData 20181029
Ikarus 20181028
Sophos ML 20180717
Jiangmin 20181029
K7AntiVirus 20181029
K7GW 20181029
Kaspersky 20181029
Kingsoft 20181029
MAX 20181029
Malwarebytes 20181029
McAfee 20181029
McAfee-GW-Edition 20181029
eScan 20181029
Microsoft 20181029
NANO-Antivirus 20181029
Palo Alto Networks (Known Signatures) 20181029
Panda 20181028
Qihoo-360 20181029
Rising 20181029
SUPERAntiSpyware 20181022
SentinelOne (Static ML) 20181011
Sophos AV 20181029
Symantec 20181028
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TrendMicro 20181029
TrendMicro-HouseCall 20181029
Trustlook 20181029
VBA32 20181026
ViRobot 20181029
Webroot 20181029
Yandex 20181026
Zillya 20181028
ZoneAlarm by Check Point 20181029
Zoner 20181029
eGambit 20181029
Symantec Mobile Insight 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name bitsadmin.exe
Internal name bitsadmin.exe
File version 7.5.7601.17514 (win7sp1_rtm.101119-1850)
Description BITS administration utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-20 09:16:25
Entry Point 0x00027C81
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
CopySid
RegQueryValueExA
OpenServiceW
QueryServiceConfigW
ControlService
RegCreateKeyExA
DeleteService
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueA
ImpersonateSelf
CreateServiceW
GetTokenInformation
CloseServiceHandle
RegQueryInfoKeyW
OpenThreadToken
ChangeServiceConfig2W
GetLengthSid
StartServiceW
RevertToSelf
LogonUserW
RegSetValueExW
OpenSCManagerW
AllocateAndInitializeSid
QueryServiceStatusEx
RegSetValueExA
ImpersonateLoggedOnUser
ChangeServiceConfigW
OpenMutexA
GetLastError
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
LoadLibraryW
WaitForSingleObject
LoadLibraryA
FreeLibrary
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
GetTickCount
GetThreadLocale
SetConsoleCursorPosition
QueueUserAPC
FillConsoleOutputCharacterW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
FileTimeToLocalFileTime
GetConsoleMode
SetConsoleCtrlHandler
LocalAlloc
UnhandledExceptionFilter
lstrlenW
WriteConsoleW
GetDateFormatW
LoadLibraryExW
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
GetConsoleScreenBufferInfo
InterlockedCompareExchange
FillConsoleOutputAttribute
GetCurrentThread
ReadConsoleInputW
InterlockedExchange
GetTimeFormatW
CompareStringA
WideCharToMultiByte
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
SetConsoleTextAttribute
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetVersionExW
GetModuleHandleW
CompareStringW
LocalFree
FormatMessageW
TerminateProcess
InitializeCriticalSection
SetConsoleMode
GlobalAlloc
GetFileAttributesW
InterlockedDecrement
Sleep
GetFileType
GetCurrentThreadId
InterlockedIncrement
SleepEx
SetLastError
LeaveCriticalSection
SHGetFolderPathW
SetTimer
PeekMessageW
PostThreadMessageW
LoadStringW
KillTimer
TranslateMessage
MsgWaitForMultipleObjectsEx
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
__wgetmainargs
malloc
getc
__p__fmode
??1type_info@@UAE@XZ
wcstoul
memset
wcschr
_finite
__dllonexit
_stricmp
_ftol2
_CxxThrowException
wcstol
swscanf
feof
_vsnwprintf
_cexit
?terminate@@YAXXZ
floor
_lock
_onexit
exit
_XcptFilter
__setusermatherr
_amsg_exit
_wcsicmp
_unlock
__p__commode
free
ungetc
_except_handler4_common
__doserrno
_wfopen
_controlfp
_wsetlocale
iswxdigit
__CxxFrameHandler3
memcpy
swprintf_s
wcsstr
_initterm
_exit
wcstok
__set_app_type
Ord(1)
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
7.5.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
BITS administration utility

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
95744

EntryPoint
0x27c81

OriginalFileName
bitsadmin.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
7.5.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 01:16:25-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
bitsadmin.exe

ProductVersion
7.5.7601.17514

SubsystemVersion
6.1

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
173568

ProductName
Microsoft Windows Operating System

ProductVersionNumber
7.5.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 0920b14aa67a8b04acf48ffe7c6f0927
SHA1 3421124253058dc21453ebac531b67aeb999f627
SHA256 838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00
ssdeep
3072:Ikf+YLTNord251s1ngwUQpHXEFhJm0QxfpqmnJFP:NlwFpHXEFhJm0afw6

authentihash dec49b43412dc4300c5f372da33ac3ce4e6e996d7a71c103936a0ce4ad287f1e
imphash 4982bea8678f9d4938a6c5350cf67cdc
File size 182.0 KB ( 186368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with bitsadmin.exe as its name.
VirusTotal metadata
First submission 2011-03-20 14:38:39 UTC ( 7 years, 10 months ago )
Last submission 2019-01-16 23:46:26 UTC ( 22 hours ago )
File names VExA.exe
3754677.exe
osiAA.exe
otrY.exe
AaqIfRjosAgrK.exe
dtOwU.exe
3265387.exe
WCHuihAVrAYFI.exe
sAeNoO.exe
hMNUYaYhELS.exe
bitsadmin (2).exe
uUnMOc.exe
etGbII.exe
RUbEhvyw.exe
eoRSQEae.exe
RULvJfdriozEU.exe
uucQ.exe
AfvAI.exe
upvYh.exe
IIueELTy.exe
FKEVYA.exe
wWOA.exe
IOFFe.exe
bitsadmin (2).exe
kyAZd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!