× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2b74111399f06ebe8de5ec0659ab6e78d2fe5315d8fedf473f5ab9947ad5d81
File name: MSI EXE
Detection ratio: 0 / 64
Analysis date: 2018-07-04 00:18:28 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180703
AegisLab 20180704
AhnLab-V3 20180703
ALYac 20180704
Antiy-AVL 20180704
Arcabit 20180704
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
Baidu 20180703
BitDefender 20180703
Bkav 20180703
CAT-QuickHeal 20180703
ClamAV 20180703
CMC 20180703
Comodo 20180703
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180704
DrWeb 20180704
eGambit 20180704
Emsisoft 20180704
Endgame 20180612
ESET-NOD32 20180704
F-Prot 20180704
F-Secure 20180704
Fortinet 20180704
GData 20180704
Ikarus 20180703
Sophos ML 20180601
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180704
Kaspersky 20180704
Kingsoft 20180704
Malwarebytes 20180703
MAX 20180704
McAfee 20180704
McAfee-GW-Edition 20180703
Microsoft 20180703
eScan 20180704
NANO-Antivirus 20180704
Palo Alto Networks (Known Signatures) 20180704
Panda 20180703
Qihoo-360 20180704
SentinelOne (Static ML) 20180701
Sophos AV 20180704
SUPERAntiSpyware 20180703
Symantec 20180704
TACHYON 20180704
Tencent 20180704
TheHacker 20180628
TotalDefense 20180703
Trustlook 20180704
VBA32 20180629
VIPRE 20180703
ViRobot 20180703
Webroot 20180704
Yandex 20180703
Zillya 20180703
ZoneAlarm by Check Point 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
JDK_COPYRIGHT

Product FIU
Original name FilesInUse.exe
Internal name MSI EXE
File version 1.7.0
Description FIU
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-23 19:17:54
Entry Point 0x0000EE76
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
SetGraphicsMode
SaveDC
CreateFontIndirectA
GetTextMetricsA
ModifyWorldTransform
GetDeviceCaps
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
BitBlt
GetObjectA
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
SetWindowOrgEx
DPtoLP
DeleteObject
CreateCompatibleBitmap
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedPushEntrySList
LoadResource
GlobalHandle
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
LoadLibraryExA
Module32First
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
Module32Next
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
Process32Next
OpenProcess
GetStartupInfoW
GetProcAddress
GetProcessHeap
lstrcmpA
GlobalLock
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
SetDllDirectoryA
CloseHandle
Process32First
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
GetLongPathNameA
Sleep
FindResourceA
VirtualAlloc
LoadRegTypeLib
OleCreateFontIndirect
SysStringLen
VarUI4FromStr
SysAllocStringLen
VariantClear
SysAllocString
LoadTypeLib
SysFreeString
VariantInit
GetModuleFileNameExA
EnumProcessModules
SetFocus
RedrawWindow
GetParent
ReleaseDC
SetCapture
EndDialog
BeginPaint
EnumWindows
MoveWindow
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
IsWindow
EndPaint
SwitchToThisWindow
PostMessageA
ReleaseCapture
MessageBoxA
SetWindowLongA
GetWindowLongA
GetWindow
GetSysColor
GetDC
RegisterClassExA
MapDialogRect
GetDlgCtrlID
SetWindowTextA
LoadStringA
SendMessageA
GetWindowTextA
GetClientRect
SetWindowContextHelpId
GetDlgItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
ClientToScreen
FillRect
CharNextA
DestroyAcceleratorTable
GetDesktopWindow
CallWindowProcA
GetClassNameA
GetFocus
EnableWindow
SetForegroundWindow
InvalidateRgn
UnregisterClassA
CreateAcceleratorTableA
IsChild
DialogBoxIndirectParamA
DestroyWindow
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
StringFromGUID2
CoGetClassObject
Number of PE resources by type
RT_STRING 22
RT_DIALOG 22
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
ITALIAN NEUTRAL 4
SWEDISH NEUTRAL 4
CHINESE TRADITIONAL 4
SPANISH NEUTRAL 4
GERMAN NEUTRAL 4
CHINESE SIMPLIFIED 4
PORTUGUESE BRAZILIAN 4
JAPANESE DEFAULT 4
FRENCH NEUTRAL 4
KOREAN 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

FileDescription
FIU

InitializedDataSize
165376

ImageVersion
0.0

ProductName
FIU

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FullVersion
1.7.0

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
FilesInUse.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.7.0

TimeStamp
2012:02:23 20:17:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSI EXE

ProductVersion
1.7.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
JDK_COPYRIGHT

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle

CodeSize
105472

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xee76

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 bd2a821cb5dd0e4b17386407d3be2503
SHA1 07aa634279c6b4c62f81a558ace4ca4461037170
SHA256 c2b74111399f06ebe8de5ec0659ab6e78d2fe5315d8fedf473f5ab9947ad5d81
ssdeep
3072:uTteeYjzL448rbu2wDlWrqAhHNyoSCJQH0XbUELdjPwjRDK:A+j2riTDlWrlhnHCWRq

authentihash 92b02790287f82e5d155056c9528564fe234f4e99ece535ac7a12cbd698a7772
imphash f5a4b7b11bdfcc5a24e822cee65d8d25
File size 265.5 KB ( 271872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-03-03 04:09:31 UTC ( 7 years ago )
Last submission 2016-05-18 07:04:17 UTC ( 2 years, 10 months ago )
File names sbs_ve_ambr_20160228221903.595_ 471644
msi8bfb.tmp
sbs_ve_ambr_20160229214013.423_ 239283
sbs_ve_ambr_20160705222600.302_ 1157588
0038948e.tmp
sbs_ve_ambr_20160713202929.655_ 409577
msi595c.tmp
msic227.tmp
msi250f.tmp
msi54a4.tmp
sbs_ve_ambr_20160306043739.575_ 172950
msi367f.tmp
sbs_ve_ambr_20160521230146.463_ 289257
msi62c8.tmp
msi2508.tmp
msie0ea.tmp
sbs_ve_ambr_20160412221320.416_ 433674
msi8d91.tmp
msi4960.tmp
sbs_ve_ambr_20160230230311.383_ 450983
sbs_ve_ambr_20160519152240.953_ 2541771
msi919c.tmp
sbs_ve_ambr_20160630201545.894_ 407392
sbs_ve_ambr_20160307230241.696_ 467744
sbs_ve_ambr_20161019222812.282_ 39343
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!