× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96c16facc850f3ec21f42360d94feaea05c4b39d04abe151792d109770c926d3
File name: jqs
Detection ratio: 0 / 65
Analysis date: 2018-02-01 06:32:11 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180201
AegisLab 20180201
AhnLab-V3 20180131
Alibaba 20180131
ALYac 20180201
Antiy-AVL 20180201
Arcabit 20180201
Avast 20180201
Avast-Mobile 20180131
AVG 20180201
Avira (no cloud) 20180201
AVware 20180201
Baidu 20180201
BitDefender 20180201
Bkav 20180131
CAT-QuickHeal 20180201
ClamAV 20180201
CMC 20180201
Comodo 20180201
CrowdStrike Falcon (ML) 20170201
Cybereason 20171103
Cylance 20180201
Cyren 20180201
DrWeb 20180201
eGambit 20180201
Emsisoft 20180201
Endgame 20171130
ESET-NOD32 20180201
F-Prot 20180201
Fortinet 20180201
GData 20180201
Sophos ML 20180121
Jiangmin 20180201
K7AntiVirus 20180201
K7GW 20180131
Kaspersky 20180201
Kingsoft 20180201
Malwarebytes 20180201
MAX 20180201
McAfee 20180201
McAfee-GW-Edition 20180201
Microsoft 20180201
eScan 20180201
NANO-Antivirus 20180201
nProtect 20180201
Palo Alto Networks (Known Signatures) 20180201
Panda 20180131
Qihoo-360 20180201
Rising 20180201
SentinelOne (Static ML) 20180115
Sophos AV 20180201
SUPERAntiSpyware 20180201
Symantec 20180201
Symantec Mobile Insight 20180201
Tencent 20180201
TheHacker 20180130
TotalDefense 20180201
TrendMicro 20180201
TrendMicro-HouseCall 20180201
Trustlook 20180201
VBA32 20180131
VIPRE 20180201
ViRobot 20180201
Webroot 20180201
Yandex 20180130
Zillya 20180131
ZoneAlarm by Check Point 20180201
Zoner 20180201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2013

Product Java(TM) Platform SE 6 U43
Original name jqs.exe
Internal name jqs
File version 6.0.430.1
Description Java(TM) Quick Starter Service
Signature verification Signed file, verified signature
Signing date 2:45 PM 3/1/2013
Signers
[+] Sun Microsystems, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 7/6/2012
Valid to 12:59 AM 7/19/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 24810A4F39C929C055E8ECEB5F2D6102E54A05A3
Serial number 4B BB E0 D8 25 7C D9 71 1A 1B 57 E6 BB 9C 66 0F
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-01 12:04:58
Entry Point 0x00014338
Number of sections 4
PE sections
Overlays
MD5 54ef85ac5190a5cdafc0de4a2352fcb9
File type data
Offset 147456
Size 6576
Entropy 7.30
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
ControlService
RegCreateKeyExA
DeleteService
CloseServiceHandle
OpenProcessToken
RegSetValueExA
CreateServiceA
QueryServiceStatus
RegisterEventSourceA
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
SetServiceStatus
OpenThreadToken
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
ChangeServiceConfigA
AllocateAndInitializeSid
DeregisterEventSource
StartServiceA
EqualSid
OpenSCManagerA
ReportEventA
DeviceIoControl
EnterCriticalSection
GetSystemInfo
GetLastError
WaitForSingleObject
SetEvent
QueryPerformanceCounter
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
SetConsoleCtrlHandler
GetCurrentProcessId
OpenProcess
SetErrorMode
GetLongPathNameA
GetLogicalDrives
VirtualLock
WaitForMultipleObjects
GetCurrentThread
GetFullPathNameA
GetModuleHandleA
QueryPerformanceFrequency
CloseHandle
WideCharToMultiByte
MapViewOfFile
SetFilePointer
VirtualUnlock
ReadFile
FindFirstFileA
GetSystemTimeAsFileTime
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetProcAddress
SetPriorityClass
FreeLibrary
QueryDosDeviceA
GlobalMemoryStatus
InitializeCriticalSection
UnmapViewOfFile
CreateEventA
FindClose
InterlockedDecrement
Sleep
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
InterlockedIncrement
__p__fmode
___lc_codepage_func
??1type_info@@UAE@XZ
fclose
strtoul
fflush
strtol
strtod
_XcptFilter
isspace
localtime
__CxxFrameHandler
_CxxThrowException
iswctype
??3@YAXPAX@Z
??0bad_cast@@QAE@ABV0@@Z
__security_error_handler
memcpy
??_V@YAXPAX@Z
memmove
memchr
_purecall
??0exception@@QAE@ABV0@@Z
__uncaught_exception
??_U@YAPAXI@Z
___lc_handle_func
fgets
??2@YAPAXI@Z
isxdigit
exit
sprintf
_except_handler3
strcspn
free
_strtoi64
_stat
__crtLCMapStringA
islower
_initterm
isupper
strftime
_iob
_strtoui64
??1bad_cast@@UAE@XZ
setlocale
__getmainargs
__dllonexit
printf
fopen
_cexit
___setlc_active_func
_onexit
_snprintf
__setusermatherr
__p__commode
getenv
_vsnprintf
localeconv
strerror
_beginthreadex
_strnicmp
_controlfp
malloc
sscanf
fread
abort
fprintf
isdigit
_endthreadex
_amsg_exit
?terminate@@YAXXZ
_c_exit
_errno
_lock
__pctype_func
tolower
_unlock
??1exception@@UAE@XZ
_adjust_fdiv
__p___initenv
___unguarded_readlc_active_add_func
_exit
??0exception@@QAE@XZ
time
??0bad_cast@@QAE@PBD@Z
__set_app_type
WSAWaitForMultipleEvents
htonl
getsockname
WSACreateEvent
bind
WSACloseEvent
send
accept
WSACleanup
WSAStartup
WSAGetLastError
socket
connect
WSAEventSelect
WSAResetEvent
closesocket
WSASetEvent
htons
recv
select
listen
OleUninitialize
OleInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

FileDescription
Java(TM) Quick Starter Service

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.430.1

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.6.0_43-b01

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x14338

OriginalFileName
jqs.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013

FileVersion
6.0.430.1

TimeStamp
2013:03:01 13:04:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jqs

ProductVersion
6.0.430.1

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Sun Microsystems, Inc.

CodeSize
90112

ProductName
Java(TM) Platform SE 6 U43

ProductVersionNumber
6.0.430.1

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 9fd53182523876b704f5821cb656027b
SHA1 f6158351d80daca4d7cbc1bf87baf75680ab40fb
SHA256 96c16facc850f3ec21f42360d94feaea05c4b39d04abe151792d109770c926d3
ssdeep
3072:c/HvhQTNyClK/g0k6/WUZZAsW5biqHOvkA1j:0HGTNyClKDSnN+kA1

authentihash aaafd1577debfed5389741a4348548ed614450acd3edac42c51a0e6b3ab496cf
imphash 5a0e7e185e3c9be88a57613880bff3f7
File size 150.4 KB ( 154032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-03-16 17:31:19 UTC ( 5 years, 6 months ago )
Last submission 2016-08-06 23:06:35 UTC ( 2 years, 1 month ago )
File names i4j8501107265586225129.tmp
6ykyguoybwwkjv6lyg7ypoxxk2akwqh3.exe
i4j2856763026078017096.tmp
jqs.exe
i4j4540545409705964808.tmp
i4j8100675987739090866.tmp
i4j1003434513715623205.tmp
jqs.exe
i4j1813947538896571984.tmp
vt-upload-ZlhCjq
i4j3056080289183577897.tmp
imm-flt-39425
i4j1532800568095052682.tmp
i4j2912625321824076728.tmp
i4j5284590457208619131.tmp
96c16facc850f3ec_jqs.exe
i4j1863991888507629169.tmp
sbs_ve_ambr_20160420231137.218_ 195104
i4j4008367099801236867.tmp
jqs.exe
jqs.exe
i4j7262276807927420452.tmp
filB4591DEC6607BC0F3FE837BE18D44BC5.7B8DFDAC_8CA0_4A15_AD97_C4C065084F17
i4j6600996083550038604.tmp
i4j591175410036859302.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!