× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8ec243be1ca6c20d7ec12b164526e060fc2e8a7f2f4b27f0784cb5970377708
File name: LoadOrd64.exe
Detection ratio: 0 / 69
Analysis date: 2019-02-19 19:15:23 UTC ( 1 month ago )
Antivirus Result Update
Acronis 20190219
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
ALYac 20190219
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190219
AVG 20190219
Avira (no cloud) 20190219
Babable 20180917
Baidu 20190214
BitDefender 20190219
Bkav 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190219
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190219
Cyren 20190219
DrWeb 20190219
eGambit 20190219
Emsisoft 20190219
Endgame 20190215
ESET-NOD32 20190219
F-Prot 20190219
F-Secure 20190219
Fortinet 20190219
GData 20190219
Ikarus 20190219
Sophos ML 20181128
Jiangmin 20190219
K7AntiVirus 20190219
K7GW 20190219
Kaspersky 20190219
Kingsoft 20190219
Malwarebytes 20190219
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
Microsoft 20190219
eScan 20190219
NANO-Antivirus 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190219
Qihoo-360 20190219
Rising 20190219
SentinelOne (Static ML) 20190203
Sophos AV 20190219
SUPERAntiSpyware 20190213
Symantec 20190219
Symantec Mobile Insight 20190206
TACHYON 20190218
Tencent 20190219
TheHacker 20190217
TotalDefense 20190218
Trapmine 20190123
TrendMicro 20190219
TrendMicro-HouseCall 20190219
Trustlook 20190219
VBA32 20190219
ViRobot 20190219
Webroot 20190219
Yandex 20190218
Zillya 20190219
ZoneAlarm by Check Point 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 1998-2016 Mark Russinovich

Product Sysinternals Loadord
Original name Loadord
Internal name Loadord
File version 1.01
Description Startup order viewer
Signature verification Signed file, verified signature
Signing date 7:41 AM 5/28/2016
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 04:42 PM 06/04/2015
Valid to 04:42 PM 09/04/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 06:21 PM 03/30/2016
Valid to 06:21 PM 06/30/2017
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint EA1ED0F0EA5BD51D62E2306BB430917E750FA6B9
Serial number 33 00 00 00 9C EE FE 14 55 A9 5D 35 50 00 00 00 00 00 9C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2016-05-28 15:40:59
Entry Point 0x00005788
Number of sections 6
PE sections
Overlays
MD5 f75abd59495fb9364c260b8e05539e0a
File type data
Offset 140800
Size 16040
Entropy 7.43
PE imports
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
RegQueryValueExW
Ord(6)
Ord(17)
PrintDlgA
GetDeviceCaps
CreateDCA
SetMapMode
DeleteDC
StartDocA
GetStockObject
EndDoc
StartPage
EndPage
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetConsoleMode
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GlobalUnlock
LoadLibraryA
GetModuleFileNameA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
GetCommandLineW
RtlVirtualUnwind
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
RtlUnwindEx
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
GlobalAlloc
GlobalLock
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
ExitProcess
LocalAlloc
WriteConsoleW
LeaveCriticalSection
ShellExecuteExA
SetFocus
GetMessageA
UpdateWindow
EndDialog
PostQuitMessage
ShowWindow
DefWindowProcA
FindWindowA
DeferWindowPos
BeginDeferWindowPos
DispatchMessageA
EnableWindow
MoveWindow
MessageBoxA
TranslateMessage
RegisterClassExA
EndDeferWindowPos
SetWindowTextA
SetClipboardData
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
LoadAcceleratorsA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
WaitForInputIdle
GetSysColorBrush
InflateRect
EmptyClipboard
SetForegroundWindow
OpenClipboard
DialogBoxIndirectParamA
SetCursor
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Startup order viewer

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
129024

EntryPoint
0x5788

OriginalFileName
Loadord

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998-2016 Mark Russinovich

FileVersion
1.01

TimeStamp
2016:05:28 08:40:59-07:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Loadord

ProductVersion
1.01

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
68096

ProductName
Sysinternals Loadord

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 409ed17853d3a1b7413926ff8471957c
SHA1 0558f8975cebe341bbfa5d95356406307c446892
SHA256 e8ec243be1ca6c20d7ec12b164526e060fc2e8a7f2f4b27f0784cb5970377708
ssdeep
3072:Au+qdlgrbYmLlqJATTmBb26WJGOTcrp5UF/YfUuXI3rgWqYENfa:AVoZYlqKTU26drE/m9XIwfa

authentihash 5defa17fdbf7805d87a7b1bb908b0619bb8cce5ca335f399f75446b7d404b539
imphash 029784929dbb3ca04d47e51c910cab3e
File size 153.2 KB ( 156840 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe assembly overlay signed via-tor 64bits

VirusTotal metadata
First submission 2016-06-30 18:04:00 UTC ( 2 years, 8 months ago )
Last submission 2019-02-19 19:15:23 UTC ( 1 month ago )
File names LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
36533a5b81d3d52f!155-36533a5b81d3d52f!9309-36533a5b81d3d52f!30858-0558f8975cebe341bbfa5d9535640630.temp
tmpb3nras
LoadOrd64.exe
D__C1_SysinternalsSuite_LoadOrd64.exe
loadord641.exe
loadord64.exe
tmpb075.tmp
LoadOrd64.exe
LoadOrd64.exe
Loadord
LoadOrd64.exe
LoadOrd64.exe
E8EC243BE1CA6C20D7EC12B164526E060FC2E8A7F2F4B27F0784CB5970377708
LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
LoadOrd64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!