× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf6c8211e772e3ab7e7fc87ca3faae4819bbb27a19fbd1f33fd7a46b04e5f25e
File name: MemProfilerInstaller5_5_64.exe
Detection ratio: 1 / 64
Analysis date: 2017-09-28 14:03:56 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Jiangmin TrojanDropper.Agent.chbq 20170928
Ad-Aware 20170928
AegisLab 20170928
AhnLab-V3 20170928
Alibaba 20170911
ALYac 20170928
Antiy-AVL 20170928
Arcabit 20170928
Avast 20170928
Avast-Mobile 20170928
AVG 20170928
Avira (no cloud) 20170928
AVware 20170928
Baidu 20170928
BitDefender 20170928
CAT-QuickHeal 20170928
ClamAV 20170928
CMC 20170928
Comodo 20170928
CrowdStrike Falcon (ML) 20170804
Cylance 20170928
Cyren 20170928
DrWeb 20170928
Emsisoft 20170928
Endgame 20170821
ESET-NOD32 20170928
F-Prot 20170928
F-Secure 20170928
Fortinet 20170928
GData 20170928
Ikarus 20170928
Sophos ML 20170914
K7AntiVirus 20170928
K7GW 20170928
Kaspersky 20170928
Kingsoft 20170928
Malwarebytes 20170928
MAX 20170928
McAfee 20170928
McAfee-GW-Edition 20170928
Microsoft 20170928
eScan 20170928
NANO-Antivirus 20170928
nProtect 20170928
Palo Alto Networks (Known Signatures) 20170928
Panda 20170928
Qihoo-360 20170928
Rising 20170928
SentinelOne (Static ML) 20170806
Sophos AV 20170928
SUPERAntiSpyware 20170928
Symantec 20170928
Symantec Mobile Insight 20170928
Tencent 20170928
TheHacker 20170925
TrendMicro 20170928
TrendMicro-HouseCall 20170928
Trustlook 20170928
VBA32 20170928
VIPRE 20170928
ViRobot 20170928
Webroot 20170928
WhiteArmor 20170927
Yandex 20170908
Zillya 20170928
ZoneAlarm by Check Point 20170928
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) SciTech Software AB. All rights reserved.

Product .NET Memory Profiler 5.5
Original name MemProfilerInstaller5_5_64.exe
Internal name setup
File version 5.5.64
Description .NET Memory Profiler 5.5
Signature verification Signed file, verified signature
Signing date 3:12 PM 9/26/2017
Signers
[+] SciTech Software AB
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 3/23/2017
Valid to 12:59 AM 3/24/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5C71560ABB3D9F12CEC0C2F24810861F1F0FF775
Serial number 02 2A 9E DA 2D F9 5A E2 24 55 0E B2 99 2C 95 A3
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-01 14:33:52
Entry Point 0x0002E1FD
Number of sections 7
PE sections
Overlays
MD5 12d1f7c63ba9d9998d816476c4f2c14f
File type data
Offset 464384
Size 46854592
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegEnumValueW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
CloseEventLog
RegOpenKeyExW
OpenEventLogW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
SetFileTime
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetSystemInfo
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
CreateFileMappingW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
DosDateTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
VirtualQuery
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
MessageBoxW
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_VERSION 1
RT_ICON 1
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.5.64.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
161280

EntryPoint
0x2e1fd

OriginalFileName
MemProfilerInstaller5_5_64.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) SciTech Software AB. All rights reserved.

FileVersion
5.5.64

TimeStamp
2017:05:01 15:33:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
5.5.64

FileDescription
.NET Memory Profiler 5.5

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SciTech Software AB

CodeSize
302080

ProductName
.NET Memory Profiler 5.5

ProductVersionNumber
5.5.64.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e55179e71259a9f9ef204336a5f2b0a9
SHA1 3337c03cdd7393a327a97c08ebc7a767e75cb852
SHA256 bf6c8211e772e3ab7e7fc87ca3faae4819bbb27a19fbd1f33fd7a46b04e5f25e
ssdeep
786432:+29IKa7PILdilsBeXyMI4AfWaWg0mvoiNLn7tS1E7GKJprAomgWTIK81YF7TOPVp:r9IKISdKydOPmjld0xgWB81YxOPVu2

authentihash 2fcaf471d99814a42ddb33bf3d5d25407523c0d457b87a25532fc762c0e871ae
imphash 945b38293d63de197023e59f28a06bb8
File size 45.1 MB ( 47318976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-28 04:36:59 UTC ( 1 year, 2 months ago )
Last submission 2017-10-02 21:09:06 UTC ( 1 year, 2 months ago )
File names MemProfilerInstaller5_5_64 (3).exe
setup
MemProfilerInstaller5_5_64.exe
MemProfilerInstaller5_5_64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!