× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e414a4b8a96893398543e416ba003a49e0d6165676a9aec1f7c73f79ddcbcb11
File name: mbsetup.exe
Detection ratio: 0 / 56
Analysis date: 2015-12-03 08:26:12 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151130
AegisLab 20151202
Yandex 20151202
AhnLab-V3 20151202
Alibaba 20151203
ALYac 20151203
Antiy-AVL 20151203
Arcabit 20151203
Avast 20151203
AVG 20151203
Avira (no cloud) 20151203
AVware 20151203
Baidu-International 20151202
BitDefender 20151203
Bkav 20151202
ByteHero 20151203
CAT-QuickHeal 20151203
ClamAV 20151202
CMC 20151201
Comodo 20151202
Cyren 20151203
DrWeb 20151203
Emsisoft 20151203
ESET-NOD32 20151203
F-Prot 20151203
F-Secure 20151203
Fortinet 20151202
GData 20151203
Ikarus 20151203
Jiangmin 20151201
K7AntiVirus 20151202
K7GW 20151202
Kaspersky 20151203
Malwarebytes 20151203
McAfee 20151203
McAfee-GW-Edition 20151203
Microsoft 20151203
eScan 20151203
NANO-Antivirus 20151203
nProtect 20151203
Panda 20151202
Qihoo-360 20151203
Rising 20151202
Sophos AV 20151203
SUPERAntiSpyware 20151203
Symantec 20151202
Tencent 20151203
TheHacker 20151202
TotalDefense 20151203
TrendMicro 20151203
TrendMicro-HouseCall 20151203
VBA32 20151202
VIPRE 20151203
ViRobot 20151203
Zillya 20151201
Zoner 20151203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2001-2004 Tandem Systems, Ltd.

File version 1.0
Description WinAgents MIB Browser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 6ce6dd9324cb71097820de6206130b87
File type data
Offset 14848
Size 6156797
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WinAgents MIB Browser

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2001:10:25 21:47:11+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
(C) 2001-2004 Tandem Systems, Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
WinAgents Software Group

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
File identification
MD5 3223207ced518146a793d41e8680eafc
SHA1 914671cfe9634eb19f659d8eb79fe9a707bc1334
SHA256 e414a4b8a96893398543e416ba003a49e0d6165676a9aec1f7c73f79ddcbcb11
ssdeep
98304:W4vB0LYRtmbg8T1Lo5hmdlw/7jQYjYGg0FD+s7BtGh33FquZM60SNV:W4evc8x2sdC/7jXYm+s7BtGh33FqSp

authentihash cdcc04b12a4ef6ccea663df0d67e792ff212782dc0e10d42119ea03fb268bf33
imphash e41c25ab7824b3df73334188c40518ae
File size 5.9 MB ( 6171645 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2007-12-06 09:38:12 UTC ( 11 years, 5 months ago )
Last submission 2019-01-01 03:22:26 UTC ( 4 months, 3 weeks ago )
File names mbsetup.exe
mbsetup.exe
mbsetup.exe?referer1=archives
8982753
output.8982753.txt
50861
winagents_mib_browser-12924.exe
mbsetup.exe
mbsetup.exe
mbsetup.exe
mbsetup_2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!