× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbf432994e90a7290ba05d6b56b60d11e7135ec7108b01195516574a389f8884
File name: ldr.exe.0.bin
Detection ratio: 6 / 70
Analysis date: 2019-02-12 15:18:00 UTC ( 1 month ago ) View latest
Antivirus Result Update
Avast Win32:DangerousSig [Trj] 20190212
AVG Win32:DangerousSig [Trj] 20190212
DrWeb Trojan.DownLoad4.11934 20190212
Ikarus Win32.Outbreak 20190212
Kaspersky UDS:DangerousObject.Multi.Generic 20190212
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190212
Acronis 20190208
Ad-Aware 20190212
AegisLab 20190212
AhnLab-V3 20190212
Alibaba 20180921
ALYac 20190212
Antiy-AVL 20190212
Arcabit 20190212
Avast-Mobile 20190212
Avira (no cloud) 20190212
Babable 20180918
Baidu 20190202
BitDefender 20190212
Bkav 20190201
CAT-QuickHeal 20190212
ClamAV 20190212
CMC 20190212
Comodo 20190212
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190212
Cyren 20190212
eGambit 20190212
Emsisoft 20190212
Endgame 20181108
ESET-NOD32 20190212
F-Prot 20190212
F-Secure 20190212
Fortinet 20190212
GData 20190212
Sophos ML 20181128
Jiangmin 20190212
K7AntiVirus 20190212
K7GW 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190212
McAfee 20190212
McAfee-GW-Edition 20190212
Microsoft 20190212
eScan 20190212
NANO-Antivirus 20190212
Palo Alto Networks (Known Signatures) 20190212
Panda 20190212
Qihoo-360 20190212
Rising 20190212
SentinelOne (Static ML) 20190203
Sophos AV 20190212
SUPERAntiSpyware 20190206
Symantec 20190212
Symantec Mobile Insight 20190207
TACHYON 20190212
Tencent 20190212
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190212
TrendMicro-HouseCall 20190212
Trustlook 20190212
VBA32 20190212
VIPRE 20190212
ViRobot 20190212
Webroot 20190212
Yandex 20190212
Zillya 20190211
Zoner 20190212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Intel Corporation. All rights resvered.

Product Microsoft Windows Service
Original name windm.exe
Internal name Windows Device Manager
File version 6.2.13.2
Description Windows Device Manager
Signature verification Signed file, verified signature
Signing date 1:38 AM 2/12/2019
Signers
[+] BULDOK LIMITED
Status Valid
Issuer Sectigo RSA Code Signing CA
Valid from 01:00 AM 01/29/2019
Valid to 12:59 AM 01/30/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60AC183E49C5D7361B5FAE048AA95926E4744F16
Serial number 2F 0D 89 B6 55 F3 9F 64 B2 B9 25 34 C4 03 AE C9
[+] Sectigo RSA Code Signing CA
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 12:00 AM 11/02/2018
Valid to 12:59 AM 01/01/2031
Valid usage Code Signing, Timestamp Signing
Algorithm sha384RSA
Thumbprint 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66
Serial number 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
[+] USERTrust Secure™
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 01:00 AM 02/01/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Serial number 01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-12 08:37:45
Entry Point 0x00004D60
Number of sections 7
PE sections
Overlays
MD5 9936f83c99ee85055a310333775828a5
File type data
Offset 34816
Size 7776
Entropy 7.44
PE imports
RegOpenKeyExA
RegSetValueExA
RegGetValueA
RegCloseKey
RegCreateKeyExA
GetLastError
GetSystemTimeAsFileTime
DeviceIoControl
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetModuleFileNameA
RtlUnwind
GetShortPathNameA
IsProcessorFeaturePresent
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
InitializeSListHead
WideCharToMultiByte
GlobalFree
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetComputerNameExW
GetModuleHandleW
TerminateProcess
CreateProcessA
CreateFileW
Sleep
CreateFileA
GetCurrentThreadId
ShellExecuteA
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
rand
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
memset
abort
_fmode
_cexit
?terminate@@YAXXZ
_c_exit
??_U@YAPAXI@Z
_errno
??2@YAPAXI@Z
??0exception@@QAE@ABQBD@Z
memcpy
exit
_XcptFilter
__setusermatherr
??_V@YAXPAX@Z
_acmdln
_CxxThrowException
_ismbblead
??1exception@@UAE@XZ
__p__commode
??3@YAXPAX@Z
?what@exception@@UBEPBDXZ
__getmainargs
_exit
memmove
_control87
_initterm
__set_app_type
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.13.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Device Manager

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
12800

EntryPoint
0x4d60

OriginalFileName
windm.exe

MIMEType
application/octet-stream

LegalCopyright
Intel Corporation. All rights resvered.

FileVersion
6.2.13.2

TimeStamp
2019:02:12 00:37:45-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Windows Device Manager

ProductVersion
6.2.13.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Windows Service

CodeSize
22016

ProductName
Microsoft Windows Service

ProductVersionNumber
6.2.13.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 8f0017ed89c2f6639cc2a08bc1e83f1e
SHA1 5561acf3123983e24d4b333b23b10f5be5fb78f1
SHA256 dbf432994e90a7290ba05d6b56b60d11e7135ec7108b01195516574a389f8884
ssdeep
768:jQj2jUYNo2etIpbPxZjqZbtkckofc4mQxZMZNlZ7zp93j2fmL:hQS7xZwOckD4dMZd/pdImL

authentihash 7ec7ea484c3c2e3c5fd1e284d917cae46e5ca27ee343c1aa8faa983a2fd8447e
imphash d1637a1a0a015333ae9d5b0d60ea9952
File size 41.6 KB ( 42592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (61.0%)
Win32 Executable (generic) (16.6%)
OS/2 Executable (generic) (7.4%)
Generic Win/DOS Executable (7.3%)
DOS Executable Generic (7.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-02-12 14:18:51 UTC ( 1 month ago )
Last submission 2019-02-12 15:09:52 UTC ( 1 month ago )
File names windm.exe
ldr (signed).exe
Windows Device Manager
ldr.exe.0.bin
ldr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!