| SHA256: | d796aaa0091b53d68ab55168ad19f63dad80d03d710de7145562f30f3caf9f52 |
| File name: | cloc-1.64.exe |
| Detection ratio: | 0 / 64 |
| Analysis date: | 2017-07-07 02:05:53 UTC ( 1 week ago ) |
| Antivirus | Result | Update |
|---|---|---|
| Ad-Aware | 20170707 | |
| AegisLab | 20170707 | |
| AhnLab-V3 | 20170706 | |
| Alibaba | 20170706 | |
| ALYac | 20170707 | |
| Antiy-AVL | 20170707 | |
| Arcabit | 20170707 | |
| Avast | 20170707 | |
| AVG | 20170707 | |
| Avira (no cloud) | 20170706 | |
| AVware | 20170707 | |
| Baidu | 20170706 | |
| BitDefender | 20170707 | |
| CAT-QuickHeal | 20170706 | |
| ClamAV | 20170706 | |
| CMC | 20170706 | |
| Comodo | 20170707 | |
| CrowdStrike Falcon (ML) | 20170420 | |
| Cylance | 20170707 | |
| Cyren | 20170707 | |
| DrWeb | 20170707 | |
| Emsisoft | 20170707 | |
| Endgame | 20170706 | |
| ESET-NOD32 | 20170707 | |
| F-Prot | 20170707 | |
| F-Secure | 20170707 | |
| Fortinet | 20170629 | |
| GData | 20170707 | |
| Ikarus | 20170706 | |
| Invincea | 20170607 | |
| Jiangmin | 20170706 | |
| K7AntiVirus | 20170706 | |
| K7GW | 20170707 | |
| Kaspersky | 20170707 | |
| Kingsoft | 20170707 | |
| Malwarebytes | 20170706 | |
| MAX | 20170707 | |
| McAfee | 20170707 | |
| McAfee-GW-Edition | 20170706 | |
| Microsoft | 20170706 | |
| eScan | 20170706 | |
| NANO-Antivirus | 20170706 | |
| nProtect | 20170707 | |
| Palo Alto Networks (Known Signatures) | 20170707 | |
| Panda | 20170706 | |
| Qihoo-360 | 20170707 | |
| Rising | 20170706 | |
| SentinelOne (Static ML) | 20170516 | |
| Sophos | 20170707 | |
| SUPERAntiSpyware | 20170707 | |
| Symantec | 20170707 | |
| Symantec Mobile Insight | 20170707 | |
| Tencent | 20170707 | |
| TheHacker | 20170704 | |
| TotalDefense | 20170706 | |
| TrendMicro-HouseCall | 20170707 | |
| Trustlook | 20170707 | |
| VBA32 | 20170705 | |
| VIPRE | 20170707 | |
| ViRobot | 20170706 | |
| Webroot | 20170707 | |
| WhiteArmor | 20170706 | |
| Yandex | 20170706 | |
| Zillya | 20170705 | |
| ZoneAlarm by Check Point | 20170707 | |
| Zoner | 20170707 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Product
Original name
Internal name
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-01 01:28:22
Entry Point 0x000014E0
Number of sections 8
PE sections
Overlays
MD5 f8935e5403f744d8b9532d3a7c35b1c0
File type data
Offset 2476032
Size 8964407
Entropy 7.92
PE imports
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
34304
LinkerVersion
2.22
ImageVersion
1.0
FileVersionNumber
0.0.0.0
LanguageCode
Neutral
FileFlagsMask
0x003f
CharacterSet
Unicode
InitializedDataSize
2475008
EntryPoint
0x14e0
MIMEType
application/octet-stream
FileVersion
0.0.0.0
TimeStamp
2013:05:01 02:28:22+01:00
FileType
Win32 EXE
PEType
PE32
ProductVersion
0.0.0.0
SubsystemVersion
4.0
OSVersion
4.0
FileOS
Windows NT 32-bit
Subsystem
Windows command line
MachineType
Intel 386 or later, and compatibles
CodeSize
16896
FileSubtype
0
ProductVersionNumber
0.0.0.0
FileTypeExtension
exe
ObjectFileType
Executable application
CarbonBlack
CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the
following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this
sample wrote the following files to disk.
Compressed bundles
File identification
MD5 616a87f8e95d30b65348a037b4da34eb
SHA1 9d72d90de0f4d32bcabeac2d76cb75c7d1c199ee
SHA256 d796aaa0091b53d68ab55168ad19f63dad80d03d710de7145562f30f3caf9f52
ssdeep
196608:7wrYH8ycPjlsaGQ5r60PpzlhTT+0HqjYCLDK8/S5ZwX0M9OGcLaA:oiNQ16gpRA0HqkaK8K5q1snB
File size
10.9 MB ( 11440439 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit
| TrID |
InstallShield setup (36.7%) Win32 Executable MS Visual C++ (generic) (26.6%) Win64 Executable (generic) (23.6%) Win32 Dynamic Link Library (generic) (5.6%) Win32 Executable (generic) (3.8%) |
Tags
peexe
overlay
VirusTotal metadata
First submission
2015-06-29 05:53:23 UTC ( 2 years ago )
Last submission
2017-06-27 16:08:39 UTC ( 2 weeks, 2 days ago )
| File names |
cloc-1.64.exe cloc-1.64.exe cloc-1.64.exe D796AAA0091B53D68AB55168AD19F63DAD80D03D710DE7145562F30F3CAF9F52 cloc-1.64.exe cloc-1.64.exe cloc-1.64.exe cloc-1.64.exe cloc-1.64.exe cloc.exe cloc.exe cloc-1.64.exe cloc.exe cloc.exe unconfirmed 581396.crdownload |
Advanced heuristic and reputation engines
Symantec reputation
Suspicious.Insight
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.