× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e333f542d684ef7a72844e631fd4d4748bc804c66a72ea7dcdbfed88e7240ff0
File name: Wextract
Detection ratio: 0 / 67
Analysis date: 2018-07-16 08:35:22 UTC ( 3 days, 2 hours ago )
Antivirus Result Update
Ad-Aware 20180716
AegisLab 20180716
AhnLab-V3 20180715
Alibaba 20180713
ALYac 20180716
Antiy-AVL 20180716
Arcabit 20180716
Avast 20180716
Avast-Mobile 20180716
AVG 20180716
Avira (no cloud) 20180716
AVware 20180716
Babable 20180406
Baidu 20180716
BitDefender 20180716
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180716
CMC 20180714
Comodo 20180716
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180716
Cyren 20180716
DrWeb 20180716
eGambit 20180716
Emsisoft 20180716
Endgame 20180711
ESET-NOD32 20180716
F-Prot 20180716
F-Secure 20180716
Fortinet 20180716
GData 20180716
Ikarus 20180715
Sophos ML 20180601
Jiangmin 20180716
K7AntiVirus 20180716
K7GW 20180716
Kaspersky 20180716
Kingsoft 20180716
Malwarebytes 20180716
MAX 20180716
McAfee 20180716
McAfee-GW-Edition 20180715
Microsoft 20180716
eScan 20180716
NANO-Antivirus 20180716
Palo Alto Networks (Known Signatures) 20180716
Panda 20180715
Qihoo-360 20180716
Rising 20180716
SentinelOne (Static ML) 20180701
Sophos AV 20180716
SUPERAntiSpyware 20180716
Symantec 20180716
TACHYON 20180716
Tencent 20180716
TheHacker 20180716
TrendMicro 20180716
TrendMicro-HouseCall 20180716
Trustlook 20180716
VBA32 20180713
VIPRE 20180716
ViRobot 20180716
Webroot 20180716
Yandex 20180713
Zillya 20180713
ZoneAlarm by Check Point 20180716
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows® Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Description Win32 Cabinet Self-Extractor
Signature verification Signed file, verified signature
Signing date 10:51 PM 10/30/2013
Signers
[+] Jrim Software
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 10:26 PM 7/25/2013
Valid to 12:54 PM 11/12/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C0AA2C22A48AACD439288C28C95164AFF61B94A3
Serial number 11 21 A3 93 C3 C6 B8 76 DD ED 57 B8 EE 1E D8 9C AB C9
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for MS Authenticode - G1
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 8/23/2013
Valid to 1:00 AM 9/23/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8CE69F5012E1D1A8FB395E2E31E2B42BDE3B343B
Serial number 11 21 40 5C 1F 0E D2 58 88 2B E5 4D 86 86 BA 11 EA 45
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-17 07:00:50
Entry Point 0x00006926
Number of sections 5
PE sections
Overlays
MD5 163e78052df9818983af45d47eb3bddf
File type data
Offset 2017792
Size 5888
Entropy 7.42
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
Ord(23)
Ord(20)
Ord(21)
Ord(22)
GetDeviceCaps
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetExitCodeProcess
GetCurrentProcess
LocalAlloc
ExpandEnvironmentStringsA
_llseek
GetTempPathA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
SetFileAttributesA
FreeLibrary
LocalFree
LoadResource
FindClose
FormatMessageA
OutputDebugStringA
ExitProcess
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
CreateMutexA
SetFilePointer
_lclose
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
SetCurrentDirectoryA
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
GlobalLock
CreateEventA
CreateFileA
GetLastError
DosDateTimeToFileTime
GetSystemInfo
GlobalFree
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
InterlockedCompareExchange
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
FreeResource
CreateProcessA
Sleep
FindResourceA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
?terminate@@YAXXZ
_vsnprintf
_ismbblead
_acmdln
__p__fmode
_exit
__p__commode
memset
_errno
memcpy
_amsg_exit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
RT_RCDATA 14
RT_ICON 13
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 43
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
1990656

ImageVersion
6.2

ProductName
Windows Internet Explorer

FileVersionNumber
10.0.9200.16521

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.1

FileTypeExtension
exe

OriginalFileName
WEXTRACT.EXE .MUI

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

TimeStamp
2013:02:17 08:00:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
10.00.9200.16521

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
6.2

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
26112

FileSubtype
0

ProductVersionNumber
10.0.9200.16521

EntryPoint
0x6926

ObjectFileType
Executable application

File identification
MD5 fa003a39139434eb0922620c18383667
SHA1 c97b6b5d616b157e10207cab9a35a7fb7381579a
SHA256 e333f542d684ef7a72844e631fd4d4748bc804c66a72ea7dcdbfed88e7240ff0
ssdeep
49152:IoMe5cgp3vDFClD+b6ulPTQTak/Oux4fsSEiuHGBkwj:n3D/A4RPT1ZuPomG2q

authentihash 3a885bfd16d8bbe1abc17ecfa7aa4153a57aa2a6ddc2dc8a5fc09fafdf25d7a4
imphash b7ed8c660e4ca1446e9ef00b1e8f91c3
File size 1.9 MB ( 2023680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (79.9%)
Win32 Executable MS Visual C++ (generic) (8.2%)
Win64 Executable (generic) (7.2%)
Win32 Dynamic Link Library (generic) (1.7%)
Win32 Executable (generic) (1.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-10-31 21:50:42 UTC ( 4 years, 8 months ago )
Last submission 2017-07-01 15:25:58 UTC ( 1 year ago )
File names ProxyMultiplyInstaller.exe
file-7646079_exe
installer (1).exe
Installer.exe
466521
PROXYMULTIPLY_18032015_Installer.exe
installer.exe
Proxy_Multiply_Installer.exe
vti-rescan
InstallerJRIM.exe
Wextract
WEXTRACT.EXE .MUI
Proxy Multiply Installer.exe
Installer.exe
Installer (1).exe
36dd88b88c5d0097994495a4af.exe
Installer(2).exe
Proxy-Multiply.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs