× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8ff91c1d37284ef4ec8380045a48e915cfe75536c700d5a8bbe229f1f1fafa1
File name: visioviewer_4339-1001_x64_en-us.exe
Detection ratio: 0 / 67
Analysis date: 2019-05-13 00:46:07 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Acronis 20190504
Ad-Aware 20190512
AegisLab 20190512
AhnLab-V3 20190512
Alibaba 20190426
ALYac 20190512
Antiy-AVL 20190513
Arcabit 20190512
Avast 20190512
Avast-Mobile 20190512
AVG 20190512
Avira (no cloud) 20190513
Baidu 20190318
BitDefender 20190512
Bkav 20190511
CAT-QuickHeal 20190512
ClamAV 20190512
CMC 20190321
Comodo 20190513
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190513
Cyren 20190512
DrWeb 20190512
Emsisoft 20190512
Endgame 20190403
ESET-NOD32 20190512
F-Prot 20190512
F-Secure 20190513
FireEye 20190512
Fortinet 20190512
GData 20190512
Sophos ML 20190313
Jiangmin 20190513
K7AntiVirus 20190512
K7GW 20190512
Kaspersky 20190513
Kingsoft 20190513
Malwarebytes 20190513
MAX 20190513
McAfee 20190512
McAfee-GW-Edition 20190512
Microsoft 20190513
eScan 20190512
NANO-Antivirus 20190512
Palo Alto Networks (Known Signatures) 20190513
Panda 20190512
Qihoo-360 20190513
Rising 20190512
SentinelOne (Static ML) 20190511
Sophos AV 20190512
SUPERAntiSpyware 20190507
Symantec 20190512
Symantec Mobile Insight 20190510
TACHYON 20190513
Tencent 20190513
TheHacker 20190510
TotalDefense 20190512
Trapmine 20190325
TrendMicro 20190512
TrendMicro-HouseCall 20190512
Trustlook 20190513
VBA32 20190511
ViRobot 20190512
Yandex 20190501
Zillya 20190512
ZoneAlarm by Check Point 20190512
Zoner 20190513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
File version 16.0.4339.1001
Signature verification Signed file, verified signature
Signing date 6:10 PM 1/29/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 05:42 PM 06/04/2015
Valid to 05:42 PM 09/04/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 08/31/2010
Valid to 10:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 06:14 PM 10/07/2015
Valid to 07:14 PM 01/07/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8F058D3E6B12A46CD348CF61D1FB4B0857AA89D3
Serial number 33 00 00 00 8A 57 EA 89 A3 49 EB 8B E8 00 00 00 00 00 8A
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-15 14:48:37
Entry Point 0x00023885
Number of sections 5
PE sections
Overlays
MD5 fd7f8d3221a115b6b57e85fbc53e2f1e
File type data
Offset 375808
Size 23679256
Entropy 8.00
PE imports
CreateFontIndirectA
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
FreeLibraryAndExitThread
LoadResource
FindClose
TlsGetValue
SetLastError
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetModuleHandleExW
VirtualQuery
GetCurrentThreadId
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
InitializeCriticalSectionEx
RtlUnwind
ExitThread
Process32Next
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetCPInfo
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetDiskFreeSpaceExA
ExpandEnvironmentStringsA
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalAlloc
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
CreateProcessW
Sleep
FindResourceA
GetOEMCP
VariantChangeType
SysFreeString
VariantInit
VariantClear
SysAllocString
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CoInitialize
Number of PE resources by type
RT_DIALOG 6
RT_ICON 2
RT_VERSION 2
RT_MANIFEST 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
16.0.4339.1001

LanguageCode
Neutral

FileFlagsMask
0x003f

OSVersion
6.1

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
138752

FileTypeExtension
exe

MIMEType
application/octet-stream

PEType
PE32

FileVersion
16.0.4339.1001

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2015:09:15 16:48:37+02:00

FileType
Win32 EXE

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

ProductVersion
16.0.4339.1001

SubsystemVersion
6.1

MOSEVersion
BETA

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
236032

FileSubtype
0

ProductVersionNumber
16.0.4339.1001

Warning
Possibly corrupt Version resource

EntryPoint
0x23885

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 d1d9f507eef694c31d77afee783b1f8c
SHA1 a87c34189bbbfc6ed64a31202bf6d9316a2feb04
SHA256 b8ff91c1d37284ef4ec8380045a48e915cfe75536c700d5a8bbe229f1f1fafa1
ssdeep
393216:rffo1JvZ4Xwf5wQo+J/nETXaIM9uIj0XrhbvvJ6H5E9dXMtSQkaXx4H9jvs:zQDGAf57ocnETjxIoXdAHn4QkaXgvs

authentihash e273cecaeb18ba08dc9000dd6999e2fd018aa30efb64b2ea507c53cb209b15fc
imphash 27df6cc99f149de8c4fafc78a2e969ad
File size 22.9 MB ( 24055064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-03-18 14:42:43 UTC ( 3 years, 2 months ago )
Last submission 2018-05-21 15:49:00 UTC ( 1 year ago )
File names bite9dd.tmp
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
1028183
visioviewer_4339-1001_x64_en-us.exe
visioviewer_2016_x64_en-us.exe
visioviewer64bit.exe
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
unconfirmed 362637.crdownload
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
visioviewer_4339-1001_x64_en-us.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!