× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a09787812790b59ec3d36120788ae9f80b7bdda1e2d7a17a46d8112324632737
File name: Eraser 6.0.10.2620.exe
Detection ratio: 0 / 50
Analysis date: 2014-04-20 09:56:52 UTC ( 1 hour, 32 minutes ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20140420
Ad-Aware 20140420
AegisLab 20140420
Agnitum 20140419
AhnLab-V3 20140419
AntiVir 20140420
Antiy-AVL 20140420
Avast 20140420
Baidu-International 20140419
BitDefender 20140420
Bkav 20140418
ByteHero 20140420
CAT-QuickHeal 20140418
CMC 20140417
ClamAV 20140420
Commtouch 20140420
Comodo 20140420
DrWeb 20140420
ESET-NOD32 20140420
Emsisoft 20140420
F-Prot 20140420
F-Secure 20140420
Fortinet 20140419
GData 20140420
Ikarus 20140420
Jiangmin 20140420
K7AntiVirus 20140418
K7GW 20140418
Kaspersky 20140420
Kingsoft 20140420
Malwarebytes 20140420
McAfee 20140420
McAfee-GW-Edition 20140420
MicroWorld-eScan 20140420
Microsoft 20140420
NANO-Antivirus 20140420
Norman 20140420
Panda 20140419
Qihoo-360 20140420
Rising 20140419
SUPERAntiSpyware 20140419
Sophos 20140420
Symantec 20140420
TheHacker 20140419
TotalDefense 20140419
TrendMicro 20140420
TrendMicro-HouseCall 20140420
VBA32 20140418
VIPRE 20140420
ViRobot 20140420
nProtect 20140420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2008-2010 The Eraser Project

Publisher Joel Low - Open Source Developer
Original name Eraser Setup Bootstrapper
Internal name Eraser Setup Bootstrapper
File version 6.0.10.2620
Description Eraser Setup Bootstrapper
Comments Eraser Setup Bootstrapper
Signature verification Signed file, verified signature
Signing date 1:15 AM 5/22/2012
Signers
[+] Joel Low - Open Source Developer
Status Certificate out of its validity period
Valid from 1:01 PM 5/30/2011
Valid to 1:01 PM 5/29/2012
Valid usage Code Signing
Algorithm SHA1
Thumbrint 799A50726E864D3A7C4090F764A34052417726A0
Serial number 69 71 9A 06 13 22 37 34 74 44 BE 9A C8 53 60 D2
[+] Certum Level III CA
Status Valid
Valid from 1:53 PM 3/3/2009
Valid to 1:53 PM 3/3/2024
Valid usage All
Algorithm SHA1
Thumbrint 827E72353D6910A9DEC7F3D1061676E80356FD53
Serial number 04 7A 53
[+] Certum
Status Valid
Valid from 11:46 AM 6/11/2002
Valid to 11:46 AM 6/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm SHA1
Thumbrint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB, CAB, CAB, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, Unicode, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB, CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-22 00:13:25
Entry Point 0x0000F32C
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateFontIndirectW
GetStdHandle
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
BeginUpdateResourceW
UpdateResourceW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
EndUpdateResourceW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetModuleFileNameW
FindNextFileW
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
FindResourceW
LCMapStringA
GetEnvironmentStringsW
CreateProcessW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CommandLineToArgvW
UpdateWindow
GetMessageW
DefWindowProcW
PostQuitMessage
ShowWindow
SetWindowLongW
MessageBoxW
PeekMessageW
RegisterClassExW
TranslateMessage
DispatchMessageW
SendMessageW
GetWindowLongW
SetWindowTextW
SystemParametersInfoW
InvalidateRect
CallWindowProcW
LoadCursorW
LoadIconW
CreateWindowExW
EnableWindow
DestroyWindow
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL DEFAULT 1
ExifTool file metadata
SubsystemVersion
5.0

Comments
Eraser Setup Bootstrapper

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
6.0.10.2620

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
8983552

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2010 The Eraser Project

FileVersion
6.0.10.2620

TimeStamp
2012:05:22 01:13:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Eraser Setup Bootstrapper

FileAccessDate
2014:04:20 10:57:18+01:00

ProductVersion
6.0.10.2620

FileDescription
Eraser Setup Bootstrapper

OSVersion
5.0

FileCreateDate
2014:04:20 10:57:18+01:00

OriginalFilename
Eraser Setup Bootstrapper

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Eraser Project

CodeSize
120320

FileSubtype
0

ProductVersionNumber
6.0.10.2620

EntryPoint
0xf32c

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 3880c0fd3083474cb7fae16dc62c747f
SHA1 f6c4003ef93bd226a37ef9a86dae4aa21cdbc8d7
SHA256 a09787812790b59ec3d36120788ae9f80b7bdda1e2d7a17a46d8112324632737
ssdeep
196608:N4kVBD0NXBaNHWW2jRwbCSri693//PgZq5AEix+dvwAqUW3e:mkV5IjFa/g03w+dvwyWu

imphash 52eb8318dd4c9811ca006137d912ab20
File size 8.7 MB ( 9110456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe mz signed software-collection

VirusTotal metadata
First submission 2012-05-22 04:20:37 UTC ( 1 year, 11 months ago )
Last submission 2014-04-20 09:56:52 UTC ( 1 hour, 32 minutes ago )
File names Eraser 6.0.10.2620 (1).exe
Eraser 6.0.10.2620.exe
Eraser 6.0.10 Stable (kaldata.com).exe
eraser(1).exe
Eraser_Setup [1].exe
Eraser-Installer-6.0.10.2620.exe
Eraser 6.0.10.2620(cancellazione file).exe
Eraser 2014 oficial - 6.0.10.2620.exe
Eraser v6.0.10.2620.exe
Eraser_6.0.10.2620.exe
Eraser 6.0.10.2620.exe
Eraser-6.0.10.2620.exe
Eraser 6.0.10.2620 Безвозвратное удаление данных.exe
Eraser 6.0.10.2620.exe
Eraser 6.0.10.2620.exe
tt.exe
Eraser 6.0.10.2620(1).exe
Eraser.exe
a09787812790b59ec3d36120788ae9f80b7bdda1e2d7a17a46d8112324632737.exe
eraser 6.0.10.2620.exe.moehedm.partial
eraser 6.0.10.2620.exe.rss1xyp.partial
octet-stream
eraser 6.0.10.2620.exe
Eraser Setup Bootstrapper
Eraser%206.0.10.2620.exe
Software collections
website http://oldapps.com/eraser.php?old_eraser=7707
oldapps http://oldapps.com/eraser.php?old_eraser=7707?download
product Eraser 6.0.10
developer Heidi Computers Ltd.
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!