× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1c80d8775575964ab2809b473e31a0e9ade60181c24676dd61c443267db4f62
File name: arsm
Detection ratio: 0 / 67
Analysis date: 2017-11-29 14:53:34 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware 20171129
AegisLab 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast 20171129
Avast-Mobile 20171129
AVG 20171129
Avira (no cloud) 20171129
AVware 20171129
Baidu 20171129
BitDefender 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171129
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
Endgame 20171024
ESET-NOD32 20171129
F-Prot 20171129
F-Secure 20171129
Fortinet 20171129
GData 20171129
Ikarus 20171129
Sophos ML 20170914
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kaspersky 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
McAfee-GW-Edition 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Panda 20171129
Qihoo-360 20171129
Rising 20171129
SentinelOne (Static ML) 20171113
Sophos AV 20171129
SUPERAntiSpyware 20171129
Symantec 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TotalDefense 20171129
TrendMicro 20171129
TrendMicro-HouseCall 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
Webroot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
ZoneAlarm by Check Point 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2000-2012 Acronis

Product Acronis Removable Storage Management Service
Original name arsm.exe
Internal name arsm
File version 11,5,0,32308
Description ARSM
Comments Acronis Removable Storage Management Service
Signature verification Signed file, verified signature
Signing date 11:28 PM 10/22/2012
Signers
[+] Acronis International GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 8/28/2012
Valid to 12:59 AM 8/29/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 35BE8196A869B78ECC7AED23007FF85CCECEA532
Serial number 16 43 7A AA 13 F5 54 3F 67 E1 0E 03 89 3E A3 15
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-22 18:41:07
Entry Point 0x00200B5E
Number of sections 6
PE sections
Overlays
MD5 01b2467709b5601e85b0324b83b685b2
File type application/zip
Offset 5251072
Size 49520
Entropy 7.97
PE imports
RegCreateKeyExW
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteKeyW
OpenServiceA
StartServiceW
SetSecurityDescriptorOwner
GetExplicitEntriesFromAclW
RegQueryValueExA
SetEntriesInAclW
SetSecurityInfo
OpenServiceW
AdjustTokenPrivileges
RegSetKeySecurity
RegCreateKeyExA
CheckTokenMembership
RegQueryValueExW
LookupAccountSidW
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetFileSecurityW
SetServiceStatus
QueryServiceConfigW
OpenProcessToken
QueryServiceStatus
GetKernelObjectSecurity
DuplicateToken
RegOpenKeyExW
SetFileSecurityW
ImpersonateAnonymousToken
GetSecurityDescriptorOwner
LookupAccountNameW
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
GetUserNameW
IsValidSid
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetSidSubAuthority
CloseServiceHandle
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegEnumValueW
RevertToSelf
LogonUserW
CreateProcessWithLogonW
RegSetValueExW
FreeSid
OpenSCManagerW
ImpersonateLoggedOnUser
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegEnumValueA
SetThreadToken
OpenSCManagerA
SetKernelObjectSecurity
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
PFXImportCertStore
PFXIsPFXBlob
CertDuplicateStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertDeleteCertificateFromStore
CertNameToStrW
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateChain
CryptDecodeObject
CertGetCertificateChain
CertCreateCertificateContext
PFXExportCertStoreEx
CertFindCertificateInStore
CertGetStoreProperty
CertGetNameStringW
GetTextMetricsW
CreateFontIndirectW
EnumFontFamiliesExW
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExA
GetTempFileNameA
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetComputerNameA
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
DebugBreak
SetTapePosition
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
GetTapeParameters
DisconnectNamedPipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetTapePosition
GetLocaleInfoW
SetFileAttributesA
GetFileTime
GetTempPathA
WideCharToMultiByte
GetOverlappedResult
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
SetComputerNameA
ConnectNamedPipe
GetFullPathNameA
SetEvent
QueryDosDeviceA
MoveFileA
GetThreadPriority
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
FindNextChangeNotification
GetFullPathNameW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
TlsAlloc
OutputDebugStringW
RemoveDirectoryW
TryEnterCriticalSection
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
SetProcessWorkingSetSize
GetVolumeInformationA
LoadLibraryExA
EnumResourceLanguagesW
SetThreadPriority
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
SetFileAttributesW
LockFileEx
CreateSemaphoreA
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
SetUnhandledExceptionFilter
LocalFree
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
GetNumberFormatA
LocalFileTimeToFileTime
CreateEventW
SetEndOfFile
BackupSeek
GetVersion
SetCurrentDirectoryA
WriteConsoleW
MoveFileW
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
SetTapeParameters
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
SetFileApisToANSI
FlushFileBuffers
LoadLibraryA
GetSystemDirectoryA
CopyFileW
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
BackupWrite
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
GetDiskFreeSpaceA
GetTimeFormatA
GetComputerNameExW
GetProcessWorkingSetSize
FindFirstFileW
DuplicateHandle
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SetCurrentDirectoryW
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
FindFirstChangeNotificationA
GetSystemInfo
GetTapeStatus
LCMapStringA
GetTimeFormatW
GetThreadLocale
CreateNamedPipeA
RemoveDirectoryA
GetShortPathNameA
FindFirstChangeNotificationW
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCompressedFileSizeW
GetCurrentDirectoryA
BackupRead
InterlockedCompareExchange
CancelIo
GetCurrentThread
GetSystemDefaultLangID
RaiseException
CompareStringA
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
SetComputerNameW
FindFirstFileA
CloseHandle
UnlockFileEx
GetACP
GetCurrentThreadId
CreateProcessA
WaitNamedPipeA
GetCurrentDirectoryW
UnmapViewOfFile
FindResourceExW
GetNumberFormatW
CreateProcessW
CreateFileMappingA
Sleep
SetConsoleCtrlHandler
ResetEvent
WNetOpenEnumW
WNetGetUniversalNameW
WNetAddConnection3W
WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection3A
WNetGetUniversalNameA
WNetCloseEnum
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Incref@facet@locale@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_WI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
?_Lock@_Mutex@std@@QAEXXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Unlock@_Mutex@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_WI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??1locale@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WII@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?rend@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?_Id_cnt@id@locale@std@@0HA
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II_W@Z
_purecall
__p__fmode
??0bad_cast@std@@QAE@ABV01@@Z
_crt_debugger_hook
sscanf
_strtoui64
?what@exception@std@@UBEPBDXZ
__lconv_init
_wfopen
memset
wcschr
_time64
__getmainargs
_cexit
__RTDynamicCast
_controlfp_s
_wcsicmp
swscanf
toupper
_invoke_watson
_wcstoui64
fflush
_ultoa
strncpy
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
strchr
??1bad_cast@std@@UAE@XZ
_wputenv
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wremove
_wgetenv
??2@YAPAXI@Z
strtoul
_lock
__p__commode
_onexit
__initenv
_beginthreadex
exit
??_V@YAXPAX@Z
_initterm
_encode_pointer
__setusermatherr
_initterm_e
wcsrchr
_wtoi
sprintf
_adjust_fdiv
_amsg_exit
_CxxThrowException
memmove_s
_unlock
fclose
_set_invalid_parameter_handler
??3@YAXPAX@Z
__CxxFrameHandler3
_except_handler4_common
wcsncmp
__dllonexit
srand
_strtoi64
memcpy
??0exception@std@@QAE@ABV01@@Z
_XcptFilter
??0bad_cast@std@@QAE@PBD@Z
??8type_info@@QBE_NABV0@@Z
rand
??1exception@std@@UAE@XZ
memmove
_decode_pointer
??0exception@std@@QAE@ABQBD@Z
_exit
abort
_get_invalid_parameter_handler
?terminate@@YAXXZ
_configthreadlocale
??0exception@std@@QAE@XZ
_set_purecall_handler
_strnicmp
memchr
__set_app_type
VariantChangeType
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantClear
UuidFromStringW
UuidCreate
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SHGetFileInfoA
ShellExecuteExA
ShellExecuteW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
VkKeyScanExW
PeekMessageA
CreateDialogIndirectParamW
SendNotifyMessageA
PostMessageA
SystemParametersInfoW
CreateWindowExA
DefWindowProcW
CreateDialogIndirectParamA
DefWindowProcA
KillTimer
SendNotifyMessageW
PostQuitMessage
VkKeyScanExA
IsCharAlphaW
GetClipboardFormatNameA
PeekMessageW
DispatchMessageA
RegisterClassExW
RegisterClipboardFormatA
VkKeyScanA
CharUpperBuffA
GetClipboardFormatNameW
AppendMenuW
SetWindowLongA
TranslateMessage
CharUpperBuffW
VkKeyScanW
RegisterClipboardFormatW
DispatchMessageW
RegisterClassExA
SystemParametersInfoA
SetWindowTextA
SendMessageW
UnregisterClassA
wsprintfW
WinHelpW
SendMessageA
SetWindowTextW
SetWindowLongW
IsCharAlphaNumericW
WinHelpA
RegisterClassA
PostMessageW
AppendMenuA
GetWindowLongA
SetTimer
ModifyMenuW
GetWindowLongW
GetMessageA
ModifyMenuA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
getsockname
WSARecv
ioctlsocket
WSAStartup
WSACleanup
connect
shutdown
WSAResetEvent
htons
inet_ntoa
select
WSAWaitForMultipleEvents
WSACloseEvent
ntohl
inet_addr
WSASend
ntohs
WSAGetLastError
gethostbyaddr
__WSAFDIsSet
WSAEventSelect
WSAGetOverlappedResult
gethostbyname
getpeername
WSACreateEvent
closesocket
WSAIoctl
setsockopt
WSASetEvent
socket
bind
recvfrom
WSAEnumNetworkEvents
sendto
GetOpenFileNameA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
CodeSize
3567616

SubsystemVersion
4.0

Comments
Acronis Removable Storage Management Service

InitializedDataSize
1679360

ImageVersion
0.0

ProductName
Acronis Removable Storage Management Service

FileVersionNumber
11.5.0.32308

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
arsm.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11,5,0,32308

TimeStamp
2012:10:22 19:41:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
arsm

ProductVersion
11,5,0,32308

FileDescription
ARSM

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2000-2012 Acronis

MachineType
Intel 386 or later, and compatibles

CompanyName
Acronis

LegalTrademarks
Acronis

FileSubtype
0

ProductVersionNumber
11.5.0.32308

EntryPoint
0x200b5e

ObjectFileType
Dynamic link library

File identification
MD5 8bc7b996310e123d43dc0438757d0373
SHA1 e6abaee6481e50080768bb5cc25d5494766226b4
SHA256 b1c80d8775575964ab2809b473e31a0e9ade60181c24676dd61c443267db4f62
ssdeep
49152:Clro+zsDoRbSWVOewC4efJ38icNpq7bj2tDxBoJ2k8K8uqLQtoQB9fkd5ege87Nz:orzAGOWeCjhOqy1vrQVm

authentihash 11abadc8bed768dfe356351dcad8b97ae3f29abdb9286db1a27d8eeb91220620
imphash 98ed02cdf486db3262f879484ab2db07
File size 5.1 MB ( 5300592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-14 22:02:17 UTC ( 4 years, 5 months ago )
Last submission 2014-12-14 22:02:17 UTC ( 4 years, 5 months ago )
File names arsm
arsm.exe
arsm.exe
arsm.exe
arsm.exe
arsm.exe
vt-upload-X7pEYs
arsm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.