× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d796aaa0091b53d68ab55168ad19f63dad80d03d710de7145562f30f3caf9f52
File name: cloc-1.64.exe
Detection ratio: 0 / 64
Analysis date: 2017-07-07 02:05:53 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware 20170707
AegisLab 20170707
AhnLab-V3 20170706
Alibaba 20170706
ALYac 20170707
Antiy-AVL 20170707
Arcabit 20170707
Avast 20170707
AVG 20170707
Avira (no cloud) 20170706
AVware 20170707
Baidu 20170706
BitDefender 20170707
CAT-QuickHeal 20170706
ClamAV 20170706
CMC 20170706
Comodo 20170707
CrowdStrike Falcon (ML) 20170420
Cylance 20170707
Cyren 20170707
DrWeb 20170707
Emsisoft 20170707
Endgame 20170706
ESET-NOD32 20170707
F-Prot 20170707
F-Secure 20170707
Fortinet 20170629
GData 20170707
Ikarus 20170706
Invincea 20170607
Jiangmin 20170706
K7AntiVirus 20170706
K7GW 20170707
Kaspersky 20170707
Kingsoft 20170707
Malwarebytes 20170706
MAX 20170707
McAfee 20170707
McAfee-GW-Edition 20170706
Microsoft 20170706
eScan 20170706
NANO-Antivirus 20170706
nProtect 20170707
Palo Alto Networks (Known Signatures) 20170707
Panda 20170706
Qihoo-360 20170707
Rising 20170706
SentinelOne (Static ML) 20170516
Sophos 20170707
SUPERAntiSpyware 20170707
Symantec 20170707
Symantec Mobile Insight 20170707
Tencent 20170707
TheHacker 20170704
TotalDefense 20170706
TrendMicro-HouseCall 20170707
Trustlook 20170707
VBA32 20170705
VIPRE 20170707
ViRobot 20170706
Webroot 20170707
WhiteArmor 20170706
Yandex 20170706
Zillya 20170705
ZoneAlarm by Check Point 20170707
Zoner 20170707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright

Product
Original name
Internal name
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-01 01:28:22
Entry Point 0x000014E0
Number of sections 8
PE sections
Overlays
MD5 f8935e5403f744d8b9532d3a7c35b1c0
File type data
Offset 2476032
Size 8964407
Entropy 7.92
PE imports
GetUserNameA
GetLastError
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
__lconv_init
malloc
_lseek
realloc
memset
__dllonexit
_cexit
abort
fprintf
_open
_access
_chmod
_rmdir
_fmode
_write
strncpy
_amsg_exit
_findclose
_errno
fwrite
_lock
_environ
_onexit
__initenv
exit
sprintf
_unlink
__setusermatherr
_read
_getpid
_strdup
_close
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
_stricmp
memcpy
_stat
strstr
memmove
signal
strchr
_findnext
_spawnvpe
_findfirst
strcpy
_mkdir
_strnicmp
strtok
_initterm
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
34304

LinkerVersion
2.22

ImageVersion
1.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2475008

EntryPoint
0x14e0

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2013:05:01 02:28:22+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
16896

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 616a87f8e95d30b65348a037b4da34eb
SHA1 9d72d90de0f4d32bcabeac2d76cb75c7d1c199ee
SHA256 d796aaa0091b53d68ab55168ad19f63dad80d03d710de7145562f30f3caf9f52
ssdeep
196608:7wrYH8ycPjlsaGQ5r60PpzlhTT+0HqjYCLDK8/S5ZwX0M9OGcLaA:oiNQ16gpRA0HqkaK8K5q1snB

authentihash 62eb6a03f89724e64733bbf1dcbd0a4744c510d9f653867c81e62f96896f3ba1
imphash f0a99381737b2ccae346c6e7f4091190
File size 10.9 MB ( 11440439 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (36.7%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-29 05:53:23 UTC ( 2 years ago )
Last submission 2017-06-27 16:08:39 UTC ( 2 weeks, 2 days ago )
File names cloc-1.64.exe
cloc-1.64.exe
cloc-1.64.exe
D796AAA0091B53D68AB55168AD19F63DAD80D03D710DE7145562F30F3CAF9F52
cloc-1.64.exe
cloc-1.64.exe
cloc-1.64.exe
cloc-1.64.exe
cloc-1.64.exe
cloc.exe
cloc.exe
cloc-1.64.exe
cloc.exe
cloc.exe
unconfirmed 581396.crdownload
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs