× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a830c48c4d78159dd80f4dad81c0bebbf9314710026b1a2ef0ffdddcb24b83d
File name: 163-certmgr.exe
Detection ratio: 0 / 42
Analysis date: 2012-08-23 16:42:00 UTC ( 6 years, 4 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20120823
AhnLab-V3 20120823
AntiVir 20120823
Antiy-AVL 20120822
Avast 20120823
BitDefender 20120823
ByteHero 20120817
CAT-QuickHeal 20120823
ClamAV 20120823
Commtouch 20120823
Comodo 20120823
DrWeb 20120823
ESET-NOD32 20120822
Emsisoft 20120823
F-Prot 20120823
F-Secure 20120823
Fortinet 20120823
GData 20120823
Ikarus 20120818
Jiangmin 20120823
K7AntiVirus 20120823
Kaspersky 20120823
McAfee 20120823
McAfee-GW-Edition 20120823
Microsoft 20120823
Norman 20120823
PCTools 20120823
Panda 20120823
Rising 20120823
SUPERAntiSpyware 20120823
Sophos AV 20120823
Symantec 20120823
TheHacker 20120822
TotalDefense 20120823
TrendMicro 20120823
TrendMicro-HouseCall 20120823
VBA32 20120823
VIPRE 20120823
ViRobot 20120823
VirusBuster 20120823
eSafe 20120823
nProtect 20120823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 1981-1998

Product Microsoft(R) Windows NT(R) Operating System
Original name CERTMGR.EXE
Internal name CERTMGR.EXE
File version 5.131.1863.1
Description ECM Certificate Manager
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-07-28 03:14:19
Entry Point 0x000083A0
Number of sections 3
PE sections
Overlays
MD5 64bdcc35ece252ec2e3c03fb0b7e0b7f
File type ASCII text
Offset 59392
Size 272
Entropy 1.08
PE imports
CryptReleaseContext
CryptAcquireContextA
CertEnumCertificatesInStore
CryptHashPublicKeyInfo
CertFreeCertificateContext
CertCloseStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertSaveStore
CertSetCertificateContextProperty
CertDuplicateCRLContext
CryptInstallOIDFunctionAddress
CertDeleteCRLFromStore
CertAddEncodedCertificateToStore
CryptFreeOIDFunctionAddress
CertEnumCertificateContextProperties
CertDeleteCTLFromStore
CryptRegisterOIDInfo
CryptMsgOpenToDecode
CryptMsgGetParam
CryptMsgUpdate
CertDuplicateCTLContext
CertGetCTLContextProperty
CryptSIPRetrieveSubjectGuid
CertEnumCTLsInStore
CryptSIPLoad
CertGetCRLContextProperty
CertFreeCRLContext
CryptMsgGetAndVerifySigner
CertOpenStore
CertAddCRLContextToStore
CertRDNValueToStrA
CryptGetOIDFunctionAddress
CertRDNValueToStrW
CertGetPublicKeyLength
CertFindCertificateInStore
CryptEncodeObject
CertGetCRLFromStore
CryptDecodeObject
CertFreeCTLContext
CertAddEncodedCRLToStore
CreateFileU
CertGetCertificateContextProperty
CertAddEncodedCTLToStore
CertAddCTLContextToStore
CryptMsgClose
CryptFindOIDInfo
CertFindCTLInStore
CryptInitOIDFunctionSet
CryptUIDlgCertMgr
GetSystemTime
GetLastError
FileTimeToLocalFileTime
SystemTimeToFileTime
CompareFileTime
WideCharToMultiByte
MapViewOfFile
FileTimeToSystemTime
GetModuleHandleA
UnmapViewOfFile
LocalFree
WriteFile
LocalAlloc
MultiByteToWideChar
CloseHandle
CreateFileMappingA
GetVersionExA
GetFileSize
SetLastError
__wgetmainargs
malloc
__p__fmode
wprintf
swprintf
printf
towupper
_except_handler3
strtok
scanf
__p__commode
wcslen
_wtol
exit
_XcptFilter
realloc
__setusermatherr
_controlfp
_wcsicmp
vwprintf
_adjust_fdiv
free
_wasctime
wcscat
_initterm
wcscpy
__p___winitenv
_exit
__set_app_type
LoadStringW
LoadStringA
Number of PE resources by type
RT_STRING 23
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
27648

ImageVersion
5.0

ProductName
Microsoft(R) Windows NT(R) Operating System

FileVersionNumber
5.131.1863.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

CharacterSet
Unicode

LinkerVersion
5.12

FileTypeExtension
exe

OriginalFileName
CERTMGR.EXE

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.131.1863.1

TimeStamp
1998:07:28 04:14:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CERTMGR.EXE

ProductVersion
5.131.1863.1

FileDescription
ECM Certificate Manager

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) Microsoft Corp. 1981-1998

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
34816

FileSubtype
0

ProductVersionNumber
5.131.1863.1

EntryPoint
0x83a0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 5d077a0cdd077c014eedb768feb249ba
SHA1 ea2c62d69a1f6b9d643fe16319ec7632c9533b3f
SHA256 8a830c48c4d78159dd80f4dad81c0bebbf9314710026b1a2ef0ffdddcb24b83d
ssdeep
1536:/RQvLjWiALqLkHbp7m8GYT3WXs39i4zv:/Vz2Lk71m8Ge3WXs1

authentihash c3eb75102931e7a3865525f73ac96cc502a48ac936ce04f43365573d48e12648
imphash 0d1153f78c761173231a548430873dfc
File size 58.3 KB ( 59664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe nsrl installshield trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with certmgr.exe as its name.
VirusTotal metadata
First submission 2009-04-22 16:59:20 UTC ( 9 years, 9 months ago )
Last submission 2018-09-30 15:07:28 UTC ( 3 months, 2 weeks ago )
File names certmgr.exe.9024_1.114.partial
bit3af2.tmp
ac79d6.tmpscan
bit8f2f.tmp
file-7630194_
tmp43de.tmp
certmgr.exe.11844_1.19985.partial
bitefd9.tmp
vti-rescan
Binary.certmgr.exe_1
is-1rs8n.tmp
CertMgr.exe
smona_8a830c48c4d78159dd80f4dad81c0bebbf9314710026b1a2ef0ffdddcb24b83d.bin
vstl1epq.hoi
vsdl0if9.h7v
8a830c48c4d78159dd80f4dad81c0bebbf9314710026b1a2ef0ffdddcb24b83d
certmgr.exe
tmpphbo0x
vs031eq4.nps
smona131912822259917289005
certmgr[2].exe
bit43a9.tmp
is-b9dfr.tmp
certmgr.exe1
bit6ce1.tmp
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Platform SDK (Microsoft)
File names BIN__I386_CertMgr.exe, bin__i386_certmgr.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!