× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab8e9d3d5642d845835ae71b0c937408d47e0c34c70eccc216ee0cbf0d1d6be2
File name: novabench3.exe
Detection ratio: 0 / 66
Analysis date: 2018-07-26 16:26:02 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180726
AegisLab 20180726
AhnLab-V3 20180726
Alibaba 20180713
ALYac 20180726
Antiy-AVL 20180726
Arcabit 20180726
Avast 20180726
Avast-Mobile 20180726
AVG 20180726
Avira (no cloud) 20180726
AVware 20180726
Babable 20180725
Baidu 20180726
BitDefender 20180726
Bkav 20180726
CAT-QuickHeal 20180725
ClamAV 20180726
CMC 20180726
Comodo 20180726
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180726
Cyren 20180726
DrWeb 20180726
eGambit 20180726
Emsisoft 20180726
Endgame 20180711
ESET-NOD32 20180726
F-Prot 20180726
F-Secure 20180726
Fortinet 20180726
GData 20180726
Ikarus 20180726
Sophos ML 20180717
Jiangmin 20180726
K7AntiVirus 20180726
K7GW 20180726
Kaspersky 20180726
Kingsoft 20180726
Malwarebytes 20180726
MAX 20180726
McAfee 20180726
Microsoft 20180726
eScan 20180726
NANO-Antivirus 20180726
Palo Alto Networks (Known Signatures) 20180726
Panda 20180726
Qihoo-360 20180726
Rising 20180726
SentinelOne (Static ML) 20180701
Sophos AV 20180726
SUPERAntiSpyware 20180726
Symantec 20180726
TACHYON 20180726
Tencent 20180726
TheHacker 20180726
TrendMicro 20180726
TrendMicro-HouseCall 20180726
Trustlook 20180726
VBA32 20180726
VIPRE 20180726
ViRobot 20180726
Webroot 20180726
Yandex 20180725
Zillya 20180726
ZoneAlarm by Check Point 20180726
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product NovaBench
File version
Description NovaBench Setup
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 1:34 AM 2/20/2015
Signers
[+] Novawave Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 4/22/2013
Valid to 12:59 AM 4/22/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6CE26118B827F68C7E3E25F16CF548746E14B3FD
Serial number 00 E0 5D 90 CC 59 D2 E3 50 96 4D 45 47 F3 E0 C9 40
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-17 10:22:54
Entry Point 0x00016478
Number of sections 8
PE sections
Overlays
MD5 a874313e3862e2c8a31e74a04152fa12
File type data
Offset 140800
Size 12120272
Entropy 8.00
PE imports
RegCloseKey
OpenProcessToken
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
VirtualProtect
GetFileAttributesW
RtlUnwind
lstrlenW
GetLocalTime
CreateProcessW
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetWindowsDirectoryW
LocalAlloc
LockResource
GetDiskFreeSpaceW
GetCommandLineW
SetErrorMode
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
GetFullPathNameW
ReadFile
GetEnvironmentVariableW
InterlockedExchange
CreateDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
FindFirstFileW
GetACP
GetModuleHandleW
SignalObjectAndWait
SetEvent
FormatMessageW
LoadLibraryW
CreateEventW
GetExitCodeProcess
GetVersion
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetFileSize
SetLastError
ResetEvent
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
LoadStringW
MessageBoxA
CreateWindowExW
MsgWaitForMultipleObjects
TranslateMessage
CharUpperBuffW
CallWindowProcW
CharNextW
GetKeyboardType
ExitWindowsEx
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 4
DUTCH 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
53760

ImageVersion
6.0

ProductName
NovaBench

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2011:03:17 11:22:54+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
NovaBench Setup

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Novawave Inc.

CodeSize
86016

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x16478

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 de66ad3b6b992d5d201d994a294ba04c
SHA1 89692ce1559624755de4715e0af83d48682becb4
SHA256 ab8e9d3d5642d845835ae71b0c937408d47e0c34c70eccc216ee0cbf0d1d6be2
ssdeep
196608:68j43ZYhafPr60E9PD+tq+fH9pGSGmsw5/zMLNAcdamLzyqcAhT0jqTntA/MXuDq:O6YPc9KtqqHa9OZAZAEvF/hTTntohVg

authentihash 3d9f09d599b21e439206b764d093aaa63af07f016553f799e911ad1d82f47f39
imphash 483f0c4259a9148c34961abbda6146c1
File size 11.7 MB ( 12261072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (76.6%)
Win32 Executable Delphi generic (9.9%)
Win32 Dynamic Link Library (generic) (4.5%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-02-20 05:39:24 UTC ( 3 years, 11 months ago )
Last submission 2018-07-26 16:26:02 UTC ( 5 months, 3 weeks ago )
File names novabench3.exe
novabench.exe
Novabench 3.0.4( ).exe
novabench3.exe
novabench3.exe
novabench.exe
novabench3.exe
DanhGiaCPU_novabench.exe
novabench3.exe
filename
não confirmado 374548.crdownload
novabench (1).exe
AB8E9D3D5642D845835AE71B0C937408D47E0C34C70ECCC216EE0CBF0D1D6BE2
novabench3.exe
sample.exe
novabench3.exe
637581
novabench304.exe
novabench3.exe
novabench3 (1).exe
novabench3.exe
novabench3.exe
novabench3.exe
novabench_DanhGiaHieuNang.exe
Novabench_PC_BenchmarkUtility.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications