× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5e3ccea3615ad7175d7ab4f62bca0ca5d29eac8904f9e38b61aae32688cd026
File name: c5e3ccea3615ad7175d7ab4f62bca0ca5d29eac8904f9e38b61aae32688cd026
Detection ratio: 0 / 68
Analysis date: 2018-01-07 14:16:03 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180107
AegisLab 20180105
AhnLab-V3 20180107
Alibaba 20180105
ALYac 20180107
Antiy-AVL 20180107
Arcabit 20180107
Avast 20180107
Avast-Mobile 20180105
AVG 20180107
Avira (no cloud) 20180107
AVware 20180103
Baidu 20180105
BitDefender 20180107
Bkav 20180106
CAT-QuickHeal 20180106
ClamAV 20180107
CMC 20180107
Comodo 20180107
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180107
Cyren 20180107
DrWeb 20180107
eGambit 20180107
Emsisoft 20180107
Endgame 20171130
ESET-NOD32 20180107
F-Prot 20180107
F-Secure 20180107
Fortinet 20180107
GData 20180107
Ikarus 20180107
Sophos ML 20170914
Jiangmin 20180107
K7AntiVirus 20180107
K7GW 20180107
Kaspersky 20180107
Kingsoft 20180107
Malwarebytes 20180107
MAX 20180107
McAfee 20180102
McAfee-GW-Edition 20180107
Microsoft 20180107
eScan 20180107
NANO-Antivirus 20180107
nProtect 20180107
Palo Alto Networks (Known Signatures) 20180107
Panda 20180107
Qihoo-360 20180107
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180107
SUPERAntiSpyware 20180107
Symantec 20180106
Tencent 20180107
TheHacker 20180103
TotalDefense 20180107
TrendMicro 20180107
TrendMicro-HouseCall 20180107
Trustlook 20180107
VBA32 20180105
VIPRE 20180107
ViRobot 20180107
Webroot 20180107
WhiteArmor 20171226
Yandex 20171229
Zillya 20180105
ZoneAlarm by Check Point 20180107
Zoner 20180107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Moritz Bunkus https://www.bunkus.org/videotools/mkvtoolnix/

Product MKVToolNix
File version 16.0.0
Description MKVToolNix 16.0.0
Comments MKVToolNix is a set of tools to create, alter and inspect Matroska files under Linux, other Unices and Windows.
Signature verification Signed file, verified signature
Signing date 9:07 AM 9/30/2017
Signers
[+] Moritz Bunkus
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Class 2 Object CA
Valid from 2:15 PM 1/11/2016
Valid to 2:15 PM 1/11/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 48131B5D41631207D286206C28F378C8066F34AA
Serial number 5A D8 F8 75 9A C3 46 AE 8B EC 99 15 EB B5 5D 04
[+] StartCom Class 2 Object CA
Status Valid
Issuer StartCom Certification Authority
Valid from 2:00 AM 12/16/2015
Valid to 2:00 AM 12/16/2030
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1F6421C176CF03ED52CC37F21B587F166CEB828B
Serial number 6C 3B D2 7E DD 3C 94 9E 95 8E 28 A9 B3 C7 57 A0
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] COMODO SHA-256 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
Serial number 4E B0 87 8F CC 24 35 36 B2 D8 C9 F7 BF 39 55 77
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-11 18:37:55
Entry Point 0x0000432F
Number of sections 7
PE sections
Overlays
MD5 1dfcfbc0af967fc894bdfd8ef2281c5f
File type data
Offset 270848
Size 16275368
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyA
RegEnumValueA
ImageList_Create
InitCommonControls
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
GlobalLock
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EmptyClipboard
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
ScreenToClient
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetSysColor
CheckDlgButton
GetDC
DrawTextA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
SendMessageTimeoutA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 20
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 31
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
MKVToolNix is a set of tools to create, alter and inspect Matroska files under Linux, other Unices and Windows.

InitializedDataSize
45568

ImageVersion
6.0

ProductName
MKVToolNix

FileVersionNumber
16.0.0.0

UninitializedDataSize
253440

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
16.0.0

TimeStamp
2015:12:11 19:37:55+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
16.0.0

FileDescription
MKVToolNix 16.0.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Moritz Bunkus https://www.bunkus.org/videotools/mkvtoolnix/

MachineType
Intel 386 or later, and compatibles

CompanyName
Moritz Bunkus

CodeSize
35328

FileSubtype
0

ProductVersionNumber
16.0.0.0

EntryPoint
0x432f

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fbb1cf449f91acb3f8af076a20abf3b2
SHA1 48ee520fc92e8e3aab2d4d4a7a42d307f832f7f5
SHA256 c5e3ccea3615ad7175d7ab4f62bca0ca5d29eac8904f9e38b61aae32688cd026
ssdeep
393216:DCM2lW/LAbiKoMBuJWnkSYrFkHCrItNveoQ:GrQQ7uAkSUrITvxQ

authentihash 14a0e4b3943b9cc8fe2fa714465f1b7d39237f9f77aa319c8b26173d2de14386
imphash 28a099a911237a28521d8b7ea250f089
File size 15.8 MB ( 16546216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis peexe signed overlay

VirusTotal metadata
First submission 2017-09-30 14:56:46 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-23 22:50:03 UTC ( 1 month, 3 weeks ago )
File names mkvtoolnix.exe
mkvtoolnix-32-bit-16.0.0-setup.exe
mkvtoolnix-32-bit-16.0.0-setup.exe
MKVToolNixGUI.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests