× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7a732a4234da5a1f703b013e90b9531efeb60c05b6ad0adf98c9f87d2087f5a
File name: rootsupd.exe
Detection ratio: 0 / 56
Analysis date: 2015-10-02 21:48:38 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151002
AegisLab 20151002
Yandex 20150930
AhnLab-V3 20151002
Alibaba 20150927
ALYac 20151002
Antiy-AVL 20151002
Arcabit 20151002
Avast 20151002
AVG 20151002
Avira (no cloud) 20151002
AVware 20151002
Baidu-International 20151002
BitDefender 20151002
Bkav 20151002
ByteHero 20151002
CAT-QuickHeal 20151002
ClamAV 20151002
CMC 20151002
Comodo 20151002
Cyren 20151002
DrWeb 20151002
Emsisoft 20151002
ESET-NOD32 20151002
F-Prot 20150929
F-Secure 20151002
Fortinet 20151002
GData 20151002
Ikarus 20151002
Jiangmin 20151001
K7AntiVirus 20151002
K7GW 20151002
Kaspersky 20151002
Kingsoft 20151002
Malwarebytes 20151002
McAfee 20151002
McAfee-GW-Edition 20151002
Microsoft 20151002
eScan 20151002
NANO-Antivirus 20151002
nProtect 20151002
Panda 20151002
Qihoo-360 20151002
Rising 20151002
Sophos AV 20151002
SUPERAntiSpyware 20151002
Symantec 20151002
Tencent 20151002
TheHacker 20151001
TrendMicro 20151002
TrendMicro-HouseCall 20151002
VBA32 20151001
VIPRE 20151002
ViRobot 20151002
Zillya 20151002
Zoner 20151002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WEXTRACT.EXE
Internal name Wextract
File version 6.0.6000.16386 (vista_rtm.061101-2205)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-02 08:49:24
Entry Point 0x00006B24
Number of sections 4
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetCurrentProcess
LocalAlloc
ExpandEnvironmentStringsA
_llseek
GetTempPathA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
SetFileAttributesA
FreeLibrary
LocalFree
LoadResource
FindClose
FormatMessageA
ExitProcess
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
CreateMutexA
SetFilePointer
_lclose
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
SetCurrentDirectoryA
TerminateThread
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GlobalLock
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
GetProcAddress
CreateEventA
CreateFileA
GetLastError
DosDateTimeToFileTime
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
InterlockedCompareExchange
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
FreeResource
CreateProcessA
Sleep
FindResourceA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_amsg_exit
__p__fmode
memset
_ismbblead
_acmdln
?terminate@@YAXXZ
_exit
_adjust_fdiv
__setusermatherr
memcpy
_cexit
_vsnprintf
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__p__commode
__set_app_type
Number of PE resources by type
RT_RCDATA 14
RT_STRING 6
RT_DIALOG 6
AVI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.0.6000.16386

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Win32 Cabinet Self-Extractor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
370176

EntryPoint
0x6b24

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.0.6000.16386 (vista_rtm.061101-2205)

TimeStamp
2006:11:02 09:49:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
6.0.6000.16386

SubsystemVersion
5.1

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
43520

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.6000.16386

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
PE resource-wise parents
Compressed bundles
File identification
MD5 22a4ac3835595d84fe5b155c1e146481
SHA1 9232833004cf02135dba887d2037c4487fadd42d
SHA256 d7a732a4234da5a1f703b013e90b9531efeb60c05b6ad0adf98c9f87d2087f5a
ssdeep
6144:7Vq4HkfCtlgiSRLofDHISkGUNSxZso0zza61deVuXrWBL5UweI0rAF3moD:BkfWqiRiNs0n9deVvBlU3AF3m

authentihash 5725becf4f0c795de01b09b46bc9f00805e04e9ba711b972c3d5608c42b5ec6a
imphash 522326ab5e85ccee9a1a42d7026fa750
File size 405.0 KB ( 414720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (76.6%)
Win32 Executable MS Visual C++ (generic) (7.8%)
Win64 Executable (generic) (6.9%)
Microsoft Visual C++ compiled executable (generic) (4.1%)
Win32 Dynamic Link Library (generic) (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-04 18:25:42 UTC ( 4 years, 2 months ago )
Last submission 2019-04-06 15:25:09 UTC ( 1 week, 5 days ago )
File names rootsupd_38,0,2195,0-OfflineDownloader.exe
bit2e83.tmp
clean.exe
RootsUpd.exe
rootsupd.exe
bit5e7b.tmp
Fix my IT - rootsupd.exe
rootsupd.exe.cfa4edcd.tpt
7e25ed44-2541-8b29-e593-25484c6be9a1_1d2128a8db207d4
bit83e9.tmp
bitc434.tmp
rootsupdルート証明書の更新20151111.exe
bitcfec.tmp
bitd66a.tmp
rootsupd.exe
rootsupd (2).exe
rootsupd.exe
bit8e11.tmp
rootsupd.exe
bit1c18.tmp
rootsupd.exe
bitf331.tmp
rootsupd.exe
filename
bit18b2.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications