× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486
File name: Zip.SFX
Detection ratio: 0 / 68
Analysis date: 2018-07-18 04:04:09 UTC ( 4 days, 13 hours ago )
Antivirus Result Update
Ad-Aware 20180718
AegisLab 20180718
AhnLab-V3 20180717
Alibaba 20180713
ALYac 20180718
Antiy-AVL 20180718
Arcabit 20180718
Avast 20180718
Avast-Mobile 20180717
AVG 20180718
Avira (no cloud) 20180717
AVware 20180718
Babable 20180406
Baidu 20180717
BitDefender 20180718
Bkav 20180717
CAT-QuickHeal 20180717
ClamAV 20180717
CMC 20180717
Comodo 20180718
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180718
Cyren 20180718
DrWeb 20180718
eGambit 20180718
Emsisoft 20180718
Endgame 20180711
ESET-NOD32 20180718
F-Prot 20180718
F-Secure 20180718
Fortinet 20180718
GData 20180718
Ikarus 20180717
Sophos ML 20180717
Jiangmin 20180718
K7AntiVirus 20180718
K7GW 20180718
Kaspersky 20180718
Kingsoft 20180718
Malwarebytes 20180718
MAX 20180718
McAfee 20180718
McAfee-GW-Edition 20180718
Microsoft 20180718
eScan 20180718
NANO-Antivirus 20180717
Palo Alto Networks (Known Signatures) 20180718
Panda 20180717
Qihoo-360 20180718
Rising 20180718
SentinelOne (Static ML) 20180701
Sophos AV 20180718
SUPERAntiSpyware 20180717
Symantec 20180718
TACHYON 20180718
Tencent 20180718
TheHacker 20180716
TotalDefense 20180717
TrendMicro 20180718
TrendMicro-HouseCall 20180718
Trustlook 20180718
VBA32 20180717
VIPRE 20180718
ViRobot 20180718
Webroot 20180718
Yandex 20180717
ZoneAlarm by Check Point 20180718
Zoner 20180717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-17 14:55:26
Entry Point 0x00009F40
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
CreateFileMappingW
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
CompareStringW
GetTickCount
SetFileTime
GetFileAttributesW
GetCommandLineW
IsDBCSLeadByte
FileTimeToLocalFileTime
OpenFileMappingW
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetFullPathNameA
GetTimeFormatW
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
GetFileAttributesA
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
WriteFile
FindFirstFileA
FindNextFileA
SetEnvironmentVariableW
HeapReAlloc
GetModuleHandleW
SetFileAttributesA
FreeLibrary
GetFileType
GetTempPathW
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
MoveFileW
GetFullPathNameW
CreateFileA
HeapAlloc
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
MessageBoxW
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
OemToCharBuffA
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
CreateWindowExW
ReleaseDC
DestroyIcon
ShowWindow
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
IsWindow
OemToCharA
PeekMessageW
CharUpperA
GetClassNameW
EnableWindow
SetWindowTextW
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:17 15:55:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
9.0

EntryPoint
0x9f40

InitializedDataSize
160256

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 d7a6f6809b50d380f00e820096694562
SHA1 fddb920e213a363dcc517764de193c75f75256b5
SHA256 9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486
ssdeep
1536:Kwh1oDCl94obAAHYS7+MAwep6m0AiiipzG0ZJyHi1U3/e:OCl94YVFleTiiipzG0ZEH48/e

authentihash bde8d71f351b5a4d76b4b17275be47853ef533b4c3b95770d2acb53b28aea09b
imphash fe665f2b5496671c416fff0c4aa96adf
File size 78.0 KB ( 79872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe

VirusTotal metadata
First submission 2012-02-20 16:52:25 UTC ( 6 years, 5 months ago )
Last submission 2017-10-09 12:16:12 UTC ( 9 months, 2 weeks ago )
File names sbs_ve_ambr_20160619145836.500_ 517
sbs_ve_ambr_20160127201052.468_ 421
ZipEn.SFX
sbs_ve_ambr_20160303200820.324_ 613
Zip_ENG.SFX
sbs_ve_ambr_20160619145834.687_ 399
sbs_ve_ambr_20160011170629.078_ 399
zip.sfx
d7a6f6809b50d380f00e820096694562
057544d847405065ab42513deabe7b83_ZipEn.SFX.safe
sbs_ve_ambr_20160127201054.250_ 539
sbs_ve_ambr_20160003202801.525_ 704
sbs_ve_ambr_20151126200804.648_ 607
exe_d7a6f6809b50d380f00e820096694562
ZIP.SFX
sbs_ve_ambr_20150903203802.142_ 660
BFAFAA2400A971E738B901C6F85516006B973322.sfx
sbs_ve_ambr_20160011170631.703_ 517
{c82dd554-7551-4445-ae4c-741ea9d65d9e}
Zip.SFX
sbs_ve_ambr_20150911203954.180_ 660
sbs_ve_ambr_20160307200123.031_ 517
sbs_ve_ambr_20160210200242.569_ 399
sbs_ve_ambr_20160103200133.909_ 399
smona_9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!