× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87d0cb6d8e0649653f80932916c2d3db778ebc97c089f0402f442d25b5b19da2
File name: mp3cutterjoiner.exe
Detection ratio: 1 / 68
Analysis date: 2018-02-19 03:51:02 UTC ( 6 months ago ) View latest
Antivirus Result Update
CMC Server-Proxy.Win32.MarketScore!O 20180219
Ad-Aware 20180219
AegisLab 20180219
AhnLab-V3 20180218
Alibaba 20180216
ALYac 20180219
Antiy-AVL 20180219
Arcabit 20180219
Avast 20180219
Avast-Mobile 20180218
AVG 20180219
Avira (no cloud) 20180218
AVware 20180219
Baidu 20180208
BitDefender 20180219
Bkav 20180212
CAT-QuickHeal 20180218
ClamAV 20180219
Comodo 20180219
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180219
Cyren 20180219
DrWeb 20180219
eGambit 20180219
Emsisoft 20180219
Endgame 20180216
ESET-NOD32 20180219
F-Prot 20180219
F-Secure 20180219
Fortinet 20180219
GData 20180219
Ikarus 20180218
Sophos ML 20180121
Jiangmin 20180219
K7AntiVirus 20180219
K7GW 20180218
Kaspersky 20180219
Kingsoft 20180219
Malwarebytes 20180218
MAX 20180219
McAfee 20180219
McAfee-GW-Edition 20180219
Microsoft 20180219
eScan 20180219
NANO-Antivirus 20180218
nProtect 20180219
Palo Alto Networks (Known Signatures) 20180219
Panda 20180218
Qihoo-360 20180219
Rising 20180219
SentinelOne (Static ML) 20180115
Sophos AV 20180219
SUPERAntiSpyware 20180218
Symantec 20180218
Symantec Mobile Insight 20180218
Tencent 20180219
TheHacker 20180216
TotalDefense 20180218
TrendMicro 20180219
TrendMicro-HouseCall 20180219
Trustlook 20180219
VBA32 20180216
VIPRE 20180219
ViRobot 20180219
Webroot 20180219
WhiteArmor 20180205
Yandex 20180216
Zillya 20180216
ZoneAlarm by Check Point 20180219
Zoner 20180219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version
Description Power MP3 Cutter Joiner Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000C650
Number of sections 8
PE sections
Overlays
MD5 b9538548075372947d2382f30f49476a
File type data
Offset 69120
Size 2794436
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
22016

EntryPoint
0xc650

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Power MP3 Cutter Joiner Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
48640

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 7d476b8d8522a20a9808d1ddfa0c6382
SHA1 35d6d362350a1967c5b086ea2b7e8b9bb7b43968
SHA256 87d0cb6d8e0649653f80932916c2d3db778ebc97c089f0402f442d25b5b19da2
ssdeep
49152:wUvEn7Knem2bK+CkzN9cP3YD9IzD+BIaF5WznKYzy/lx91zgCGbTig+f:zEOnUbtl6PIhIeB9WjzSlL1dGbTK

authentihash ab494dd47317ed2120a8afb373fc42ba7f4ec9ce019cfa33e968779f9ad57fae
imphash 03a57449e5cad93724ec1ab534741a15
File size 2.7 MB ( 2863556 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2008-03-26 07:59:48 UTC ( 10 years, 4 months ago )
Last submission 2018-05-23 21:30:04 UTC ( 2 months, 3 weeks ago )
File names 87D0CB6D8E0649653F80932916C2D3DB778EBC97C089F0402F442D25B5B19DA2
output.25068233.txt
aa
file-11403_exe
_SM8ETNi.dwg
mp3cutterjoiner2.exe
filename
smona132363782246747095687
25068233
mp3 cutter-joiner.exe
smona132363811821726868665
mp3cutterjoiner.exe
smona_87d0cb6d8e0649653f80932916c2d3db778ebc97c089f0402f442d25b5b19da2.bin
get-mp3cutterjoiner.exe
mp3_cutterjoiner.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!