× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0d29465c4ef4b6c7e146545b50228e5c08ab8888980577f907058757bdae6de
File name: ntfsinfo.exe
Detection ratio: 0 / 70
Analysis date: 2019-01-29 02:21:47 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis 20190128
Ad-Aware 20190129
AegisLab 20190129
AhnLab-V3 20190129
Alibaba 20180921
ALYac 20190129
Antiy-AVL 20190129
Arcabit 20190128
Avast 20190128
Avast-Mobile 20190128
AVG 20190128
Avira (no cloud) 20190129
Babable 20180918
Baidu 20190128
BitDefender 20190128
Bkav 20190125
CAT-QuickHeal 20190128
ClamAV 20190128
CMC 20190128
Comodo 20190129
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190128
DrWeb 20190128
eGambit 20190129
Emsisoft 20190129
Endgame 20181108
ESET-NOD32 20190128
F-Prot 20190129
F-Secure 20190129
Fortinet 20190128
GData 20190129
Ikarus 20190128
Sophos ML 20181128
Jiangmin 20190129
K7AntiVirus 20190128
K7GW 20190128
Kaspersky 20190128
Kingsoft 20190129
Malwarebytes 20190129
MAX 20190129
McAfee 20190129
McAfee-GW-Edition 20190129
Microsoft 20190128
eScan 20190129
NANO-Antivirus 20190129
Palo Alto Networks (Known Signatures) 20190129
Panda 20190128
Qihoo-360 20190129
Rising 20190128
SentinelOne (Static ML) 20190124
Sophos AV 20190128
SUPERAntiSpyware 20190123
Symantec 20190129
TACHYON 20190129
Tencent 20190129
TheHacker 20190125
TotalDefense 20190128
Trapmine 20190123
TrendMicro 20190129
TrendMicro-HouseCall 20190129
Trustlook 20190129
VBA32 20190128
VIPRE None
ViRobot 20190128
Webroot 20190129
Yandex 20190125
Zillya 20190128
ZoneAlarm by Check Point 20190128
Zoner 20190128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2005-2016 Mark Russinovich

Product Sysinternals NtfsInfo
Original name NtfsInfo.exe
Internal name NtfsInfo
File version 1.2
Description NTFS Information Dump
Signature verification Signed file, verified signature
Signing date 6:28 PM 6/12/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 05:42 PM 06/04/2015
Valid to 05:42 PM 09/04/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 07:21 PM 03/30/2016
Valid to 07:21 PM 06/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint A1F3FE643CAC735D7976F27DE33004BE9A309A87
Serial number 33 00 00 00 99 AA C5 81 9F 8C A2 7D 8A 00 00 00 00 00 99
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-12 17:28:07
Entry Point 0x000046AF
Number of sections 4
PE sections
Overlays
MD5 b11427e94235d789aab66f0e5e03b1cb
File type data
Offset 123392
Size 16040
Entropy 7.43
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExW
PrintDlgA
GetDeviceCaps
SetMapMode
StartDocA
EndDoc
StartPage
EndPage
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReadFile
SetConsoleMode
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
LocalAlloc
UnhandledExceptionFilter
GetCommandLineW
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
FormatMessageA
SetStdHandle
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
FindClose
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
SendMessageA
LoadCursorA
InflateRect
EndDialog
GetSysColorBrush
GetDlgItem
SetWindowTextA
DialogBoxIndirectParamA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NTFS Information Dump

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
62464

EntryPoint
0x46af

OriginalFileName
NtfsInfo.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2016 Mark Russinovich

FileVersion
1.2

TimeStamp
2016:06:12 18:28:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NtfsInfo

ProductVersion
1.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
67584

ProductName
Sysinternals NtfsInfo

ProductVersionNumber
1.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 8f5c0a6e54d4590b803eff01be0394c1
SHA1 d6ed4287b278c9325924054e4c83ebaa884587ca
SHA256 a0d29465c4ef4b6c7e146545b50228e5c08ab8888980577f907058757bdae6de
ssdeep
3072:LTA1oiyclh4NWZUFy13JwjhwDmBc6hZ/Eg:OyuKbycWa

authentihash 9da4631c3aaaa12bcb69b67d23a5f3bcea1a18d1389a632814c29d5435c47bed
imphash 2115f05a06b763dcdd0a46576982562e
File size 136.2 KB ( 139432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2016-06-30 18:04:21 UTC ( 2 years, 8 months ago )
Last submission 2019-01-29 02:21:47 UTC ( 1 month, 2 weeks ago )
File names navce90.tmp
ntfsinfo.exe
nav690c.tmp
36533a5b81d3d52f!155-36533a5b81d3d52f!9309-36533a5b81d3d52f!30844-d6ed4287b278c9325924054e4c83ebaa.temp
ntfsinfo1.exe
tmpc31a.tmp
NtfsInfo.exe
ntfsinfo.exe.DETECTED
ntfsinfo.exe
D__C1_SysinternalsSuite_ntfsinfo.exe
ntfsinfo.exe
nav65fb.tmp
myfile.exe
ntfsinfo.exe
ntfsinfo.exe
ntfsinfo.exe
ntfsinfo.exe
ntfsinfo.exe
tmpnifh9x
A0D29465C4EF4B6C7E146545B50228E5C08AB8888980577F907058757BDAE6DE
ntfsinfo.exe
ntfsinfo.exe
ntfsinfo.exe
ntfsinfo.exe
NtfsInfo
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
DNS requests
UDP communications