× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9337c710337ad17cf622ef24a37c3df8f6c74661f4d8046df12460a55a134e90
File name: CopernicAgent-Build763-PERSO-ENG.exe
Detection ratio: 0 / 66
Analysis date: 2019-03-04 00:15:05 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190304
AegisLab 20190303
AhnLab-V3 20190303
Alibaba 20180921
ALYac 20190304
Antiy-AVL 20190303
Arcabit 20190303
Avast 20190303
Avast-Mobile 20190303
AVG 20190303
Avira (no cloud) 20190303
Babable 20180918
Baidu 20190215
BitDefender 20190304
Bkav 20190301
CAT-QuickHeal 20190303
ClamAV 20190303
CMC 20190303
Comodo 20190303
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190304
DrWeb 20190303
eGambit 20190304
Emsisoft 20190304
Endgame 20190215
ESET-NOD32 20190303
F-Prot 20190304
F-Secure 20190303
Fortinet 20190303
GData 20190304
Sophos ML 20181128
Jiangmin 20190303
K7AntiVirus 20190303
K7GW 20190303
Kaspersky 20190304
Kingsoft 20190304
Malwarebytes 20190303
MAX 20190304
McAfee 20190304
McAfee-GW-Edition 20190303
Microsoft 20190303
eScan 20190303
NANO-Antivirus 20190303
Palo Alto Networks (Known Signatures) 20190304
Panda 20190303
Qihoo-360 20190304
SentinelOne (Static ML) 20190203
Sophos AV 20190304
SUPERAntiSpyware 20190227
Symantec 20190303
Symantec Mobile Insight 20190220
TACHYON 20190303
Tencent 20190304
TheHacker 20190225
TotalDefense 20190303
Trapmine 20190301
Trustlook 20190304
VBA32 20190306
VIPRE 20190303
ViRobot 20190303
Webroot 20190304
Yandex 20190301
Zillya 20190304
ZoneAlarm by Check Point 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copernic

File version 6.2.0.763
Description Copernic Agent Installation
Signature verification Signed file, verified signature
Signing date 2:04 PM 5/3/2011
Signers
[+] Copernic Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer Thawte Code Signing CA
Valid from 11:00 PM 07/11/2010
Valid to 10:59 PM 07/11/2012
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint BF184610223EDB641CCA8B9700E67A654DB76E40
Serial number 60 C9 79 EC 58 89 06 4C 3F C9 49 75 81 C7 6F AA
[+] Thawte Code Signing CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Premium Server CA
Valid from 11:00 PM 08/05/2003
Valid to 10:59 PM 08/05/2013
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] thawte
Status Valid
Issuer Thawte Premium Server CA
Valid from 11:00 PM 07/31/1996
Valid to 11:59 PM 12/31/2020
Valid usage Server Auth, Code Signing
Algorithm md5RSA
Thumbprint 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Serial number 01
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 11:00 PM 06/14/2007
Valid to 10:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT embedded
PEiD Wise Installer Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-04-08 20:24:47
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 257ee1c63499440908b19e3ccc46b260
File type data
Offset 4759552
Size 5576
Entropy 7.25
PE imports
GetTempPathA
CreateProcessA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
DeleteFileA
WriteFile
CloseHandle
GetTempFileNameA
CreateFileMappingA
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
6.2.0.763

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Copernic Agent Installation

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
4758528

EntryPoint
0x1000

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.2.0.763

TimeStamp
1999:04:08 22:24:47+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Copernic

MachineType
Intel 386 or later, and compatibles

CompanyName
Copernic

CodeSize
512

FileSubtype
0

ProductVersionNumber
6.2.0.763

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
File identification
MD5 eacdfdb77a3e6ea19d4ef85274175460
SHA1 d85a4d4cedf879d88c49de72c7b9c67bfddbc980
SHA256 9337c710337ad17cf622ef24a37c3df8f6c74661f4d8046df12460a55a134e90
ssdeep
98304:ygq+HPbc7JDKb75mUPI1+2l6rT3EoHM7DmlvSPLBzIZe60/kwGsS:0sjc75Kb7QUg1z6Lsv0quZex4

authentihash d8a8c7c29dc2410183bb104ae6ab729a7c14f8d0e4bd5848b27f612981eb5ddb
imphash 81638d02019c0bfcaaf23a9c69f2f12c
File size 4.5 MB ( 4765128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe via-tor wise signed overlay

VirusTotal metadata
First submission 2011-05-05 17:06:13 UTC ( 8 years ago )
Last submission 2018-01-22 14:34:44 UTC ( 1 year, 3 months ago )
File names file
105246
index.html
file-4232230_exe
CopernicAgent-Build763-PERSO-ENG.exe
test.exe
Copernic-Agent.exe
CopernicAgent-Build763-PERSO-ENG.exe
10357527
CopernicAgent-Build763-PERSO-ENG (1).exe
copernicagent-build763-perso-eng.exe
1340448664-CopernicAgent-Build763-PERSO-ENG.exe
copernicagent-build763-perso-eng.exe
CopernicAgent-Build763-PERSO-ENG.exe
output.10357527.txt
CopernicAgent-Build763-PERSO-ENG.exe
CopernicAgent-Build763-PERSO-ENG.exe
eacdfdb77a3e6ea19d4ef85274175460
CopernicAgent-Build763-PERSO-ENG.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!