× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c
File name: windirstat.exe
Detection ratio: 0 / 60
Analysis date: 2017-03-23 16:37:18 UTC ( 9 hours, 24 minutes ago )
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Ad-Aware 20170323
AegisLab 20170323
AhnLab-V3 20170323
Alibaba 20170323
ALYac 20170323
Antiy-AVL 20170323
Arcabit 20170323
Avast 20170323
AVG 20170323
Avira (no cloud) 20170323
AVware 20170323
Baidu 20170323
BitDefender 20170323
Bkav 20170323
CAT-QuickHeal 20170322
ClamAV 20170323
CMC 20170317
Comodo 20170323
CrowdStrike Falcon (ML) 20170130
Cyren 20170323
DrWeb 20170323
Emsisoft 20170323
Endgame 20170317
ESET-NOD32 20170323
F-Prot 20170323
F-Secure 20170323
Fortinet 20170323
GData 20170323
Ikarus 20170323
Invincea 20170203
Jiangmin 20170323
K7AntiVirus 20170323
K7GW 20170323
Kaspersky 20170323
Kingsoft 20170323
Malwarebytes 20170323
McAfee 20170323
McAfee-GW-Edition 20170323
Microsoft 20170323
eScan 20170323
NANO-Antivirus 20170323
nProtect 20170323
Palo Alto Networks (Known Signatures) 20170323
Panda 20170323
Qihoo-360 20170323
Rising 20170323
SentinelOne (Static ML) 20170315
Sophos 20170323
SUPERAntiSpyware 20170323
Symantec 20170322
Symantec Mobile Insight 20170322
Tencent 20170323
TheHacker 20170321
TrendMicro 20170323
TrendMicro-HouseCall 20170323
Trustlook 20170323
VBA32 20170323
VIPRE 20170323
ViRobot 20170323
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
ZoneAlarm by Check Point 20170323
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2003-2005 Bernhard Seifert

Product WinDirStat
Original name windirstat.exe
Internal name windirstat
File version 1.1.2.80 (Unicode)
Description Windows Directory Statistics
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-16 13:55:49
Entry Point 0x0003728A
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
GetFileSecurityW
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExW
SetFileSecurityW
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
ImageList_GetImageCount
ImageList_Duplicate
DestroyPropertySheetPage
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
Ord(8)
ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
Ord(17)
PropertySheetW
ImageList_GetIcon
ImageList_ReplaceIcon
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
PatBlt
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetWindowExtEx
GetPixel
Rectangle
BitBlt
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetMapMode
GetCharWidthW
SetPixel
IntersectClipRect
CreateBitmap
PtVisible
SetTextColor
CreatePatternBrush
RectVisible
ExtTextOutW
GetObjectW
GetTextExtentPoint32W
MoveToEx
EnumFontFamiliesExW
GetStockObject
ScaleWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
ExtSelectClipRgn
SelectClipRgn
SetViewportOrgEx
CreateFontW
StretchDIBits
ScaleViewportExtEx
CreateRectRgn
Escape
DeleteObject
Ellipse
Pie
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
SelectObject
SetBkColor
GetBkColor
SetRectRgn
CreateCompatibleDC
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
LoadLibraryW
GetStringTypeA
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
FormatMessageW
SetStdHandle
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
GetProfileIntW
ResumeThread
CreateEventW
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
GlobalFindAtomW
GetUserDefaultLangID
GetModuleFileNameW
HeapAlloc
GetVersionExA
GetModuleFileNameA
GlobalHandle
LoadLibraryA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
lstrcpynW
TerminateProcess
SearchPathW
VirtualQuery
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
GetDateFormatW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetTempFileNameW
CompareStringW
lstrcpyW
GlobalReAlloc
lstrcmpA
FindNextFileW
GetCurrentThreadId
CompareStringA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GlobalGetAtomNameW
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetTimeFormatW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SizeofResource
HeapCreate
WriteFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
ShellExecuteW
DragFinish
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
SHBrowseForFolderW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetForegroundWindow
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
WindowFromPoint
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
CharUpperW
UnregisterClassW
GetClassInfoW
DrawTextW
SetScrollPos
CallNextHookEx
GetClientRect
ClientToScreen
GetTopWindow
OpenClipboard
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
GetActiveWindow
InvalidateRgn
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
EnableWindow
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
MsgWaitForMultipleObjects
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
GetScrollPos
DrawFocusRect
GetDCEx
ShowOwnedPopups
FillRect
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetCursorPos
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetMenuDefaultItem
SetCapture
IsDialogMessageW
IntersectRect
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
EndDialog
HideCaret
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
DispatchMessageW
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableMenuItem
IsRectEmpty
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
TranslateAcceleratorW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
ChooseColorW
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CLSIDFromString
CreateILockBytesOnHGlobal
OleInitialize
OleUIBusyW
Number of PE resources by type
RT_STRING 37
RT_CURSOR 24
RT_GROUP_CURSOR 19
RT_DIALOG 10
RT_BITMAP 5
RT_MENU 3
RT_ICON 2
TEXT 1
Struct(241) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 106
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.2.80

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
212992

EntryPoint
0x3728a

OriginalFileName
windirstat.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2003-2005 Bernhard Seifert

FileVersion
1.1.2.80 (Unicode)

TimeStamp
2005:07:16 14:55:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
windirstat

ProductVersion
1.1.2.80 (Unicode)

FileDescription
Windows Directory Statistics

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Seifert

CodeSize
450560

ProductName
WinDirStat

ProductVersionNumber
1.1.2.80

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 24cd9a82fcfc658dd3ae7ba25c958ffb
SHA1 26e14a532e1e050eb20755a0b7a5fea99dd80588
SHA256 cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c
ssdeep
12288:o5UnhjOmG0fJO6egoEQFauJsfmhR5ju0phsQkPaUynbiljjQt6pgw/HuADm:qUnxUjJVhRZdpmQkYyjjQtSgK

authentihash f75fb5c23b87e9cf1cc770f797a5bfcc6ac89d378cffc24d8de30d92e3d1b0f3
imphash 7c6d8e50d7c0e8326fce0f8eecb79276
File size 636.0 KB ( 651264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.8%)
Win32 Executable MS Visual C++ (generic) (25.2%)
Win64 Executable (generic) (22.3%)
Windows screen saver (10.6%)
Win32 Executable (generic) (3.6%)
Tags
peexe

VirusTotal metadata
First submission 2007-12-30 19:49:52 UTC ( 9 years, 2 months ago )
Last submission 2017-03-23 16:37:18 UTC ( 9 hours, 24 minutes ago )
File names windirstat.exe
path_hash-a87480e046eb1eecf4aabce81d90e33cd8944920ce54b4ad9dc7cd1ea9d43efd
file
windirstat
24cd9a82fcfc658dd3ae7ba25c958ffb.malware
windirstat[1].exe
windirstat.exe
is-dki21.tmp
windirstat.ex
windirstat.exe
vs5606bl.g5k
vs860627.52c
windirstat.exe
cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c.exe
vs3p12um.cfh
windirstat.exe
path_hash-d3fa76e4cdaaf651f44f689aa618b17e8651c646b7e0a15ee63a8fbc04afa4ee
24cd9a82fcfc658dd3ae7ba25c958ffb
prf184a.tmp
vspq0sei.pfg
smona_cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c.bin
vsg617ga.b98
windirstat.exe
filename
windirstat.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!