× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abf507f8240ed41aac74c9df6de558c88c2f11d7770f0298135f1cc544b9c08b
File name: wget.exe
Detection ratio: 0 / 57
Analysis date: 2017-02-09 00:34:14 UTC ( 1 month, 2 weeks ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Ad-Aware 20170209
AegisLab 20170208
AhnLab-V3 20170208
Alibaba 20170122
ALYac 20170208
Antiy-AVL 20170209
Arcabit 20170209
Avast 20170209
AVG 20170209
Avira (no cloud) 20170208
AVware 20170209
Baidu 20170208
BitDefender 20170209
Bkav 20170208
CAT-QuickHeal 20170208
ClamAV 20170208
CMC 20170208
Comodo 20170208
CrowdStrike Falcon (ML) 20170130
Cyren 20170209
DrWeb 20170209
Emsisoft 20170209
ESET-NOD32 20170209
F-Prot 20170209
F-Secure 20170209
Fortinet 20170209
GData 20170209
Ikarus 20170208
Invincea 20170203
Jiangmin 20170208
K7AntiVirus 20170208
K7GW 20170208
Kaspersky 20170208
Kingsoft 20170209
Malwarebytes 20170208
McAfee 20170209
McAfee-GW-Edition 20170208
Microsoft 20170208
eScan 20170208
NANO-Antivirus 20170208
nProtect 20170208
Panda 20170208
Qihoo-360 20170209
Rising 20170208
Sophos 20170208
SUPERAntiSpyware 20170208
Symantec 20170208
Tencent 20170209
TheHacker 20170205
TotalDefense 20170208
TrendMicro 20170209
TrendMicro-HouseCall 20170208
Trustlook 20170209
VBA32 20170208
VIPRE 20170209
ViRobot 20170208
WhiteArmor 20170202
Yandex 20170208
Zillya 20170208
Zoner 20170208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 8:18 PM 3/19/2015
Signers
[+] Jernej Simoncic
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 9:24 AM 7/3/2012
Valid to 9:24 AM 8/3/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 1D93780CC466FD8C18B306BCA674069A6E507127
Serial number 11 21 C7 60 AE 45 7C 81 A5 F3 0C 27 46 F1 8F 09 81 E6
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine x64
Entry Point 0x000014D0
Number of sections 10
PE sections
Overlays
MD5 71ff1d2af7fe25d437bccd31afc6fbf7
File type data
Offset 3409920
Size 17352
Entropy 5.88
PE imports
CryptDestroyKey
CryptGetUserKey
CryptReleaseContext
RegisterEventSourceW
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptSetHashParam
ReportEventW
CryptAcquireContextW
DeregisterEventSource
CryptDecrypt
CryptGetProvParam
CryptDestroyHash
CryptCreateHash
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
GetDeviceCaps
GetDIBits
DeleteObject
CreateCompatibleBitmap
GetObjectW
GetSystemTime
GetLastError
IsValidCodePage
GetStdHandle
EnterCriticalSection
PeekNamedPipe
TerminateThread
LoadLibraryW
FindVolumeClose
FreeLibrary
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetTickCount
UnhandledExceptionFilter
VirtualProtect
GetModuleFileNameA
VirtualQuery
FindNextVolumeW
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SystemTimeToFileTime
OpenFileMappingA
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
GetDiskFreeSpaceExW
SetFilePointer
RtlVirtualUnwind
GetCPInfo
GetVolumeInformationW
WriteFile
MultiByteToWideChar
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
QueryPerformanceCounter
GetFileType
RtlAddFunctionTable
IsDBCSLeadByteEx
GetTempPathA
QueryPerformanceFrequency
GetFileSizeEx
CreateThread
MapViewOfFile
GetModuleHandleA
FindNextFileW
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
FindFirstFileW
TerminateProcess
GetACP
WaitForMultipleObjects
GetModuleHandleW
SetEvent
GlobalMemoryStatus
ResumeThread
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
GetVersion
InitializeCriticalSection
UnmapViewOfFile
SetLastError
WaitForSingleObject
GetConsoleWindow
CreateEventA
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
SetConsoleTitleA
GetCurrentThreadId
SleepEx
FindFirstVolumeW
LeaveCriticalSection
ReleaseDC
MessageBoxW
DispatchMessageA
GetDesktopWindow
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
GetUserObjectInformationW
GetProcessWindowStation
GetDC
getaddrinfo
WSASocketA
shutdown
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
WSAAddressToStringA
htons
getpeername
WSAGetLastError
closesocket
send
ntohs
select
listen
__WSAFDIsSet
WSAEventSelect
WSASetLastError
WSACleanup
recv
setsockopt
bind
WSAEnumNetworkEvents
__lconv_init
___lc_codepage_func
fclose
_time64
strtoul
fflush
_getpid
_fmode
strtol
__initenv
strtok
fwrite
fputs
_fstat64
fsetpos
_close
iswctype
_exit
rewind
_isatty
__dllonexit
_wfopen
strstr
_write
memcpy
perror
memmove
signal
_mkdir
strcmp
memchr
strncmp
fgetc
memset
strcat
_stricmp
_setmode
fgets
__pioinfo
strchr
clock
fgetpos
isxdigit
ftell
exit
sprintf
strrchr
_acmdln
strcspn
fputc
ferror
gmtime
free
ungetc
__getmainargs
_gmtime64
_lseeki64
_vsnprintf
puts
_read
_wopen
fseek
strcpy
__mb_cur_max
islower
_getch
isupper
strftime
rand
raise
setlocale
realloc
__doserrno
_open_osfhandle
isprint
strncat
_dup
toupper
printf
fopen
_vsnwprintf
strncpy
_cexit
__C_specific_handler
isalnum
_unlink
qsort
_open
_onexit
wcslen
isalpha
memcmp
__setusermatherr
srand
_isctype
_utime
getenv
wcscat
atoi
vfprintf
localeconv
strerror
isspace
strspn
_localtime64
_strnicmp
localtime
rename
malloc
sscanf
fread
_chmod
abort
fprintf
towupper
ispunct
feof
_amsg_exit
clearerr
_fdopen
_errno
strlen
_lock
_get_osfhandle
_strdup
towlower
_fileno
_telli64
tolower
_unlock
strpbrk
isgraph
calloc
_initterm
wcstombs
__iob_func
iscntrl
_filelengthi64
wcsstr
_stat64
getc
setvbuf
__set_app_type
CoUninitialize
CoInitializeEx
CoCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
2296320

LinkerVersion
2.25

EntryPoint
0x14d0

InitializedDataSize
3408384

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
50176

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 1750c130c5daca8b347d3f7e34824c9b
SHA1 e2956e55a7306c0edea3a515107689feade28443
SHA256 abf507f8240ed41aac74c9df6de558c88c2f11d7770f0298135f1cc544b9c08b
ssdeep
49152:uvbVrLbXillNx1Jq58ubGtlqQSEevngkUojMVwAsOwsFX78o7aouGbfpPIU6iUfV:zJqlblgFXWoPm+dosFoCVPBYdqRS

authentihash 30352aeb6e228d47167e9fe54c47ac86a8646fac41140b89ba2142c9161f6db5
imphash 507a578723f7c9b4a012d0be26173b49
File size 3.3 MB ( 3427272 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
peexe assembly overlay signed via-tor 64bits

VirusTotal metadata
First submission 2015-03-20 19:59:34 UTC ( 2 years ago )
Last submission 2016-10-17 16:03:44 UTC ( 5 months, 2 weeks ago )
File names wget64.exe
wget64.exe
wget.exe
wget.exe
wget1.16.3Win64.exe
wget64.exe
wget64.exe
filename
wget.exe
wget64.exe
wget.exe
wget64.exe
file
wget64(2).exe
wget64.exe
wget.exe
wget.exe
wget64.exe
wget64.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!