× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c
File name: windirstat.exe
Detection ratio: 0 / 60
Analysis date: 2017-05-18 13:07:18 UTC ( 4 days, 23 hours ago )
Antivirus Result Update
Ad-Aware 20170518
AegisLab 20170518
AhnLab-V3 20170518
Alibaba 20170518
ALYac 20170518
Antiy-AVL 20170518
Arcabit 20170518
Avast 20170518
AVG 20170518
Avira (no cloud) 20170518
AVware 20170518
Baidu 20170503
BitDefender 20170518
Bkav 20170518
CAT-QuickHeal 20170518
ClamAV 20170518
CMC 20170517
Comodo 20170518
CrowdStrike Falcon (ML) 20170130
Cyren 20170518
DrWeb 20170518
Emsisoft 20170518
Endgame 20170515
ESET-NOD32 20170518
F-Prot 20170518
F-Secure 20170518
Fortinet 20170518
GData 20170518
Ikarus 20170518
Invincea 20170516
Jiangmin 20170518
K7AntiVirus 20170518
K7GW 20170518
Kaspersky 20170518
Kingsoft 20170518
Malwarebytes 20170518
McAfee 20170518
McAfee-GW-Edition 20170517
Microsoft 20170518
eScan 20170518
NANO-Antivirus 20170518
nProtect 20170518
Palo Alto Networks (Known Signatures) 20170518
Panda 20170517
Qihoo-360 20170518
Rising 20170508
SentinelOne (Static ML) 20170516
Sophos 20170518
SUPERAntiSpyware 20170518
Symantec 20170517
Symantec Mobile Insight 20170518
Tencent 20170518
TheHacker 20170516
TotalDefense 20170518
VBA32 20170518
VIPRE 20170518
ViRobot 20170518
Webroot 20170518
WhiteArmor 20170517
Yandex 20170517
Zillya 20170518
ZoneAlarm by Check Point 20170518
Zoner 20170518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2003-2005 Bernhard Seifert

Product WinDirStat
Original name windirstat.exe
Internal name windirstat
File version 1.1.2.80 (Unicode)
Description Windows Directory Statistics
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-16 13:55:49
Entry Point 0x0003728A
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
GetFileSecurityW
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExW
SetFileSecurityW
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
ImageList_GetImageCount
ImageList_Duplicate
DestroyPropertySheetPage
ImageList_Destroy
ImageList_AddMasked
ImageList_SetBkColor
Ord(8)
ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
Ord(17)
PropertySheetW
ImageList_GetIcon
ImageList_ReplaceIcon
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
PatBlt
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetWindowExtEx
GetPixel
Rectangle
BitBlt
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
GetMapMode
GetCharWidthW
SetPixel
IntersectClipRect
CreateBitmap
PtVisible
SetTextColor
CreatePatternBrush
RectVisible
ExtTextOutW
GetObjectW
GetTextExtentPoint32W
MoveToEx
EnumFontFamiliesExW
GetStockObject
ScaleWindowExtEx
GetViewportExtEx
OffsetViewportOrgEx
ExtSelectClipRgn
SelectClipRgn
SetViewportOrgEx
CreateFontW
StretchDIBits
ScaleViewportExtEx
CreateRectRgn
Escape
DeleteObject
Ellipse
Pie
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
SelectObject
SetBkColor
GetBkColor
SetRectRgn
CreateCompatibleDC
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
LoadLibraryW
GetStringTypeA
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
FormatMessageW
SetStdHandle
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
GetProfileIntW
ResumeThread
CreateEventW
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
GlobalFindAtomW
GetUserDefaultLangID
GetModuleFileNameW
HeapAlloc
GetVersionExA
GetModuleFileNameA
GlobalHandle
LoadLibraryA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
lstrcpynW
TerminateProcess
SearchPathW
VirtualQuery
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
GetDateFormatW
GetStartupInfoW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetTempFileNameW
CompareStringW
lstrcpyW
GlobalReAlloc
lstrcmpA
FindNextFileW
GetCurrentThreadId
CompareStringA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GlobalAlloc
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GlobalGetAtomNameW
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetTimeFormatW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SizeofResource
HeapCreate
WriteFile
VirtualFree
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
VariantInit
DragQueryFileW
ShellExecuteW
DragFinish
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
SHBrowseForFolderW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetForegroundWindow
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
WindowFromPoint
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
CharUpperW
UnregisterClassW
GetClassInfoW
DrawTextW
SetScrollPos
CallNextHookEx
GetClientRect
ClientToScreen
GetTopWindow
OpenClipboard
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
GetActiveWindow
InvalidateRgn
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CopyAcceleratorTableW
LoadIconW
EnableWindow
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
MsgWaitForMultipleObjects
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
GetScrollPos
DrawFocusRect
GetDCEx
ShowOwnedPopups
FillRect
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetCursorPos
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
ReleaseCapture
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetMenuDefaultItem
SetCapture
IsDialogMessageW
IntersectRect
SendDlgItemMessageW
PostMessageW
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
GetDC
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
EndDialog
HideCaret
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
DispatchMessageW
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
EnableMenuItem
IsRectEmpty
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
TranslateAcceleratorW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
ChooseColorW
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CLSIDFromString
CreateILockBytesOnHGlobal
OleInitialize
OleUIBusyW
Number of PE resources by type
RT_STRING 37
RT_CURSOR 24
RT_GROUP_CURSOR 19
RT_DIALOG 10
RT_BITMAP 5
RT_MENU 3
RT_ICON 2
TEXT 1
Struct(241) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 106
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.2.80

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
212992

EntryPoint
0x3728a

OriginalFileName
windirstat.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2003-2005 Bernhard Seifert

FileVersion
1.1.2.80 (Unicode)

TimeStamp
2005:07:16 14:55:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
windirstat

ProductVersion
1.1.2.80 (Unicode)

FileDescription
Windows Directory Statistics

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Seifert

CodeSize
450560

ProductName
WinDirStat

ProductVersionNumber
1.1.2.80

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 24cd9a82fcfc658dd3ae7ba25c958ffb
SHA1 26e14a532e1e050eb20755a0b7a5fea99dd80588
SHA256 cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c
ssdeep
12288:o5UnhjOmG0fJO6egoEQFauJsfmhR5ju0phsQkPaUynbiljjQt6pgw/HuADm:qUnxUjJVhRZdpmQkYyjjQtSgK

authentihash f75fb5c23b87e9cf1cc770f797a5bfcc6ac89d378cffc24d8de30d92e3d1b0f3
imphash 7c6d8e50d7c0e8326fce0f8eecb79276
File size 636.0 KB ( 651264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (34.8%)
Win32 Executable MS Visual C++ (generic) (25.2%)
Win64 Executable (generic) (22.3%)
Windows screen saver (10.6%)
Win32 Executable (generic) (3.6%)
Tags
peexe

VirusTotal metadata
First submission 2007-12-30 19:49:52 UTC ( 9 years, 4 months ago )
Last submission 2017-05-17 18:58:00 UTC ( 5 days, 17 hours ago )
File names windirstat.exe
path_hash-a87480e046eb1eecf4aabce81d90e33cd8944920ce54b4ad9dc7cd1ea9d43efd
file
windirstat
24cd9a82fcfc658dd3ae7ba25c958ffb.malware
windirstat[1].exe
windirstat.exe
WinDirStat.exe
windirstat.ex
windirstat.exe
vs5606bl.g5k
vs860627.52c
windirstat.exe
2fae31.tmpscan
eecd31.tmpscan
vs3p12um.cfh
windirstat.exe
path_hash-d3fa76e4cdaaf651f44f689aa618b17e8651c646b7e0a15ee63a8fbc04afa4ee
ee05a.tmpscan
prf184a.tmp
vspq0sei.pfg
smona_cc3ee246f2710dc9ba9e2a88e3192b88f1db4caa2eefb8641642a33df04e585c.bin
9c535b8e-32ec-11e7-95f0-64006a0606b5
windirstat.exe
filename
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!