× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41
File name: BCFF89311D792F6428468E813AC6929A346A979F907071C302F418D128EAAF41
Detection ratio: 0 / 56
Analysis date: 2016-06-02 20:18:07 UTC ( 2 years, 9 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20160602
AVG 20160602
AVware 20160602
Ad-Aware 20160602
AegisLab 20160602
AhnLab-V3 20160602
Alibaba 20160602
Antiy-AVL 20160602
Arcabit 20160602
Avast 20160602
Avira (no cloud) 20160602
Baidu 20160602
Baidu-International 20160602
BitDefender 20160602
Bkav 20160602
CAT-QuickHeal 20160602
CMC 20160602
ClamAV 20160602
Comodo 20160602
Cyren 20160602
DrWeb 20160602
ESET-NOD32 20160602
Emsisoft 20160602
F-Prot 20160602
F-Secure 20160602
Fortinet 20160602
GData 20160602
Ikarus 20160602
Jiangmin 20160602
K7AntiVirus 20160602
K7GW 20160602
Kaspersky 20160602
Kingsoft 20160602
Malwarebytes 20160602
McAfee 20160602
McAfee-GW-Edition 20160602
eScan 20160602
Microsoft 20160602
NANO-Antivirus 20160602
Panda 20160601
Qihoo-360 20160602
Rising 20160602
SUPERAntiSpyware 20160602
Sophos AV 20160602
Symantec 20160602
Tencent 20160602
TheHacker 20160602
TrendMicro 20160602
TrendMicro-HouseCall 20160602
VBA32 20160601
VIPRE 20160602
ViRobot 20160602
Yandex 20160602
Zillya 20160601
Zoner 20160602
nProtect 20160602
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WINMINE.EXE
Internal name winmine
File version 5.1.2600.0 (xpclient.010817-1148)
Description Entertainment Pack Minesweeper Game
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-17 20:54:13
Entry Point 0x00003E21
Number of sections 3
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
InitCommonControlsEx
GetDeviceCaps
LineTo
SetROP2
DeleteDC
SelectObject
SetLayout
CreatePen
BitBlt
GetStockObject
SetPixel
SetDIBitsToDevice
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
MoveToEx
GetLayout
GetStartupInfoA
lstrcpyW
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetModuleHandleA
LoadResource
FindResourceW
LockResource
GetTickCount
OutputDebugStringA
GetPrivateProfileIntW
lstrlenW
GetPrivateProfileStringW
ShellAboutW
MapWindowPoints
UpdateWindow
EndDialog
BeginPaint
GetMessageW
DefWindowProcW
MoveWindow
KillTimer
PostQuitMessage
ShowWindow
LoadMenuW
GetDesktopWindow
GetSystemMetrics
MessageBoxW
PeekMessageW
EndPaint
SetMenu
SetCapture
ReleaseCapture
DialogBoxParamW
TranslateMessage
GetDlgItemTextW
PostMessageW
GetDlgItemInt
SetDlgItemTextW
GetDC
CreateWindowExW
ReleaseDC
CheckMenuItem
SendMessageW
GetMenuItemRect
RegisterClassW
WinHelpW
LoadStringW
GetDlgItem
SetRect
InvalidateRect
SetTimer
SetDlgItemInt
LoadCursorW
LoadIconW
DispatchMessageW
LoadAcceleratorsW
wsprintfW
TranslateAcceleratorW
PtInRect
PlaySoundW
_except_handler3
__p__fmode
_c_exit
_acmdln
_exit
_adjust_fdiv
srand
__p__commode
_cexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
rand
__setusermatherr
__set_app_type
Number of PE resources by type
RT_ICON 8
RT_BITMAP 6
RT_DIALOG 3
WAVE 3
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
105984

ImageVersion
5.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
7.0

FileTypeExtension
exe

OriginalFileName
WINMINE.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2001:08:17 21:54:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
winmine

ProductVersion
5.1.2600.0

FileDescription
Entertainment Pack Minesweeper Game

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
15360

FileSubtype
0

ProductVersionNumber
5.1.2600.0

EntryPoint
0x3e21

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 9c45d38b74634c9ded60bec640c5c3ca
SHA1 79d03b17ce9e7ff9595253a402efb856b0888ea0
SHA256 bcff89311d792f6428468e813ac6929a346a979f907071c302f418d128eaaf41
ssdeep
1536:jCISYgJe1k9Fig6Jqe+dxZ1yh/ygDEAG83MXonzq5yk0N6T4nW/X3I+s055Oa3:2YgJesFiglPZ1yxyvZcMO/6T4nIB5B3

authentihash 66b488ca4481f71de2f2cbc142a9b3350b61173356bfb89d74a530cacf2d1038
imphash de5490f8d3fb044d081bdaec5ef47bf7
File size 117.0 KB ( 119808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (49.1%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe nsrl trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with winmine.exe as its name.
VirusTotal metadata
First submission 2007-11-19 23:00:03 UTC ( 11 years, 4 months ago )
Last submission 2019-03-13 23:25:23 UTC ( 1 week ago )
File names mine.exe
vsk81dus.daa
old9a1.tmp
winmine32.exe
vs080spm.uf7
vsk0gph2.4d7
vs650i8k.535
13496-winmine.exe
vsu11emq.h8l
Winmine__XP.exe
vsrfgmo4.m06
winmine.exe.new
vs8r0lkc.sl3
mine.exe
vsuk0rl3.klv
mine.exe
vsmkh88a.ql4
winmine.exe
bcff89311d792f64_winmine.exe
vstl1orq.dlj
w1nm1ne.exe
vspq0vc0.b61
vs6ag7g1.jt1
vsrdgpk0.c1o
vse712qm.sqe
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Windows XP (Microsoft)
Platforms SDKs/DDKs (Microsoft)
Windows XP Home Edition (Microsoft)
Windows XP Professional (Microsoft)
Windows XP eMbedded Evaluation Software (Microsoft)
Windows XP Tablet PC Edition (Microsoft)
Platforms, SDK/DDK, Developer Tools (Microsoft)
Windows CE .NET Evaluation Software (Microsoft)
Platforms, SDK/DDK (Microsoft)
Windows XP Professional 2002 Service Pack 1 (Microsoft)
MSDN Disc 3264 (Microsoft)
MSDN Disc 2041 (Microsoft)
MSDN Disc 2307 (Microsoft)
MSDN Disc 2428.1 (Microsoft)
MSDN Disc 2428.2 (Microsoft)
Compaq Operating System CD (Compaq)
MSDN Disc2428.3 (Microsoft)
MSDN Disc 2428.4 (Microsoft)
Reinstallation CD Microsoft Windows XP Professional (Dell)
Virtual PC for Mac Windows XP Home Edition (Microsoft)
File names winmine.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!