× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e52f32bcb49ed65bc51009a60f1ea8b890fc1b59ce709242b8c23c2c6a37beef
File name: livekd64.exe
Detection ratio: 0 / 64
Analysis date: 2019-02-19 19:15:28 UTC ( 1 month ago )
Antivirus Result Update
Acronis 20190219
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
ALYac 20190219
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190219
AVG 20190219
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
BitDefender 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190219
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190219
Cyren 20190219
DrWeb 20190219
eGambit 20190219
Emsisoft 20190219
Endgame 20190215
ESET-NOD32 20190219
F-Secure 20190219
Fortinet 20190219
GData 20190219
Ikarus 20190219
Sophos ML 20181128
Jiangmin 20190219
K7AntiVirus 20190219
K7GW 20190219
Kaspersky 20190219
Kingsoft 20190219
Malwarebytes 20190219
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
Microsoft 20190219
eScan 20190219
NANO-Antivirus 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190219
Qihoo-360 20190219
Rising 20190219
SentinelOne (Static ML) 20190203
Sophos AV 20190219
SUPERAntiSpyware 20190213
Symantec 20190219
Symantec Mobile Insight 20190207
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190219
Trapmine 20190123
Trustlook 20190219
VBA32 20190219
ViRobot 20190219
Webroot 20190219
Yandex 20190219
ZoneAlarm by Check Point 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2000-2017 Mark Russinovich and Ken Johnson

Product Sysinternals LiveKd
Original name livekd.exe
Internal name livekd
File version 5.62
Description livekd
Signature verification Signed file, verified signature
Signing date 4:33 AM 5/16/2017
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 07:17 PM 08/18/2016
Valid to 08:17 PM 11/02/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 04:58 PM 09/07/2016
Valid to 04:58 PM 09/07/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 69BA259530C5894E7DB1DE73E2D1218645961E1B
Serial number 33 00 00 00 CA 7D 32 16 7C 7E FD 05 03 00 00 00 00 00 CA
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2017-05-16 03:33:39
Entry Point 0x00012A48
Number of sections 6
PE sections
Overlays
MD5 3c0afe2d0b911edd3e15371c09ec09e2
File type data
Offset 402944
Size 16032
Entropy 7.43
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
OpenServiceW
AdjustTokenPrivileges
ControlService
DeleteService
RegCreateKeyA
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
CreateServiceW
GetTokenInformation
FreeSid
AllocateAndInitializeSid
RegSetValueExA
StartServiceA
EqualSid
OpenSCManagerA
PrintDlgA
GetDeviceCaps
SetMapMode
StartDocA
EndDoc
StartPage
EndPage
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
RtlUnwindEx
FreeEnvironmentStringsW
GetLocaleInfoW
GetFullPathNameA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
ResumeThread
GetEnvironmentVariableA
LoadResource
TlsGetValue
FormatMessageA
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
OutputDebugStringW
GetModuleFileNameW
GetNumberOfConsoleInputEvents
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
SetConsoleCtrlHandler
RtlVirtualUnwind
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateSemaphoreW
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
SearchPathA
ReadConsoleW
GetCurrentThreadId
SetCurrentDirectoryA
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
Process32Next
GetStartupInfoA
Process32First
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
GetCPInfo
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameW
GetTimeFormatW
GetFileSizeEx
RtlLookupFunctionEntry
CreateFileMappingA
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SetEndOfFile
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
PeekConsoleInputA
GetACP
GetModuleHandleW
SetStdHandle
SizeofResource
CreateProcessA
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
FindResourceA
GetOEMCP
VariantChangeType
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
VariantInit
GetSysColorBrush
LoadCursorA
InflateRect
EndDialog
SendMessageA
GetDlgItem
SetWindowTextA
DialogBoxIndirectParamA
SetCursor
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
CoInitializeEx
CoCreateInstance
CoUninitialize
Number of PE resources by type
BINRES 2
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.62.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
livekd

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
220672

EntryPoint
0x12a48

OriginalFileName
livekd.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2000-2017 Mark Russinovich and Ken Johnson

FileVersion
5.62

TimeStamp
2017:05:16 05:33:39+02:00

FileType
Win64 EXE

PEType
PE32+

InternalName
livekd

ProductVersion
5.62

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
191488

ProductName
Sysinternals LiveKd

ProductVersionNumber
5.62.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 5c77092d89a8ff9ec2a94786a844f264
SHA1 41e04eea77368a298bea1007becb682a7e026d8d
SHA256 e52f32bcb49ed65bc51009a60f1ea8b890fc1b59ce709242b8c23c2c6a37beef
ssdeep
6144:gE1hYEtOKnr9U8yDNC1fTJGPn9+KT82fSsf6xi/26fYPPaVCTCMWj:gYYEoMqD/+aeRwUy

authentihash d670ca2b5260222fbbf0fb4cc07e90e582b418ea64311d451286227a496a67e3
imphash b89ecfe389f186137836ce02ee5525e3
File size 409.2 KB ( 418976 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2017-05-16 14:36:51 UTC ( 1 year, 10 months ago )
Last submission 2019-02-19 19:15:28 UTC ( 1 month ago )
File names livekd64.exe
livekd64.exe
livekd64.exe
livekd64.exe
livekd64.exe
livekd64.exe
livekd.exe
livekd64.exe
livekd64.exe
E52F32BCB49ED65BC51009A60F1EA8B890FC1B59CE709242B8C23C2C6A37BEEF
livekd64.exe
livekd64.exe
livekd64.exe
livekd
E52F32BCB49ED65BC51009A60F1EA8B890FC1B59CE709242B8C23C2C6A37BEEF.exe
livekd64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!