× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a52cbd341a0e0e6cd730cb8d5bb79044937d34f0963cfbdeb00d3c1e5901bf7d
File name: openfire_4_0_2.exe
Detection ratio: 0 / 54
Analysis date: 2016-08-10 11:42:32 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20160810
AegisLab 20160810
AhnLab-V3 20160810
Alibaba 20160810
ALYac 20160810
Arcabit 20160810
Avast 20160810
AVG 20160810
Avira (no cloud) 20160810
AVware 20160810
Baidu 20160810
BitDefender 20160810
Bkav 20160809
CAT-QuickHeal 20160810
ClamAV 20160810
CMC 20160804
Comodo 20160810
Cyren 20160810
DrWeb 20160810
Emsisoft 20160810
ESET-NOD32 20160810
F-Prot 20160810
F-Secure 20160810
Fortinet 20160810
GData 20160810
Ikarus 20160810
Jiangmin 20160810
K7AntiVirus 20160810
K7GW 20160810
Kaspersky 20160810
Kingsoft 20160810
Malwarebytes 20160810
McAfee 20160810
McAfee-GW-Edition 20160810
Microsoft 20160810
eScan 20160810
NANO-Antivirus 20160810
nProtect 20160810
Panda 20160809
Qihoo-360 20160810
Sophos AV 20160810
SUPERAntiSpyware 20160810
Symantec 20160810
Tencent 20160810
TheHacker 20160809
TotalDefense 20160810
TrendMicro 20160810
TrendMicro-HouseCall 20160810
VBA32 20160810
VIPRE 20160810
ViRobot 20160810
Yandex 20160809
Zillya 20160809
Zoner 20160810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ignite Realtime RTC Community

Product Openfire
Original name openfire_4_0_2.exe
Internal name openfire
File version 4.0.2
Description Openfire
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-19 11:48:28
Entry Point 0x0001B144
Number of sections 5
PE sections
Overlays
MD5 39c63339e6619921baf395530065ceba
File type data
Offset 284672
Size 57354752
Entropy 8.00
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
GetOpenFileNameW
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
InitializeCriticalSection
LoadResource
AllocConsole
TlsGetValue
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetEnvironmentVariableA
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
FindClose
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CloseHandle
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CompareStringW
RemoveDirectoryW
FindNextFileW
CompareStringA
GetTempFileNameA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GetLongPathNameW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetShortPathNameA
GetCPInfo
VirtualFree
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
SetConsoleTitleA
FindFirstFileA
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
GetLongPathNameA
Sleep
FindResourceA
VirtualAlloc
GetParent
EndDialog
EnumWindows
ShowWindow
FindWindowA
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
MessageBoxW
GetWindowRect
SetDlgItemTextA
MessageBoxA
DialogBoxParamA
SetWindowTextA
GetLastActivePopup
IsWindowVisible
OffsetRect
GetDlgItem
IsIconic
RegisterClassA
LoadCursorA
LoadIconA
DefDlgProcA
CopyRect
GetDesktopWindow
SetForegroundWindow
ExitWindowsEx
Number of PE resources by type
RT_ICON 10
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
191488

ImageVersion
0.0

ProductName
Openfire

FileVersionNumber
4.0.2.0

LanguageCode
Neutral

FileFlagsMask
0x0017

FileDescription
Openfire

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
openfire_4_0_2.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0.2

TimeStamp
2014:03:19 12:48:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
openfire

ProductVersion
4.0.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Ignite Realtime RTC Community

MachineType
Intel 386 or later, and compatibles

CompanyName
Ignite Realtime RTC Community

CodeSize
183808

FileSubtype
0

ProductVersionNumber
4.0.2.0

EntryPoint
0x1b144

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 9c10249845d3abdeda6a1df0102c4d90
SHA1 7c910a8136347f2b35576886dc883b4173ea598c
SHA256 a52cbd341a0e0e6cd730cb8d5bb79044937d34f0963cfbdeb00d3c1e5901bf7d
ssdeep
1572864:TnIVf7d/EN8ZtziCBfl2oYgYw6aM6iF+1Fj4+s:jEJO8Z7OFgYw6D6GIjU

authentihash 39ca4b714501816bd662b7127925d28b4088b357def3bfc2c2cc12543da745c8
imphash a701c3eb70c6acc8ebde17700af52c8b
File size 55.0 MB ( 57639424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-22 07:50:29 UTC ( 3 years ago )
Last submission 2016-08-04 07:45:28 UTC ( 2 years, 8 months ago )
File names openfire_4_0_2.exe
openfire_4_0_2.exe
openfire_4_0_2.exe
openfire_4_0_2.exe
openfire_4_0_2.exe
openfire_4_0_2.exe
openfire
openfire_4_0_2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!