× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2706dff723d63304f37bfe416aebf6a75da947acb4a71a267e29da00b5fa1ab
File name: GoogleEarthWin.exe
Detection ratio: 1 / 55
Analysis date: 2016-04-02 19:33:57 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Baidu Win32.Virus.Lamer.g 20160402
Ad-Aware 20160402
AegisLab 20160402
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160402
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
AVware 20160402
Baidu-International 20160402
BitDefender 20160402
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160402
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160402
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160402
Qihoo-360 20160402
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 1:44 AM 5/21/2015
Signers
[+] Google Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 1/29/2014
Valid to 12:59 AM 1/30/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint FCAC7E666CC54341CA213BECF2EB463F2B62ADB0
Serial number 29 12 C7 0C 9A 2B 8A 3E F6 F6 07 46 62 D6 8B 8D
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-21 00:37:50
Entry Point 0x0000611E
Number of sections 5
PE sections
Overlays
MD5 1bc99028609a84b2e070a71b1f1f950b
File type data
Offset 36176384
Size 6472
Entropy 7.30
PE imports
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
SetBkColor
GetUserDefaultUILanguage
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
InterlockedPopEntrySList
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
VirtualFree
HeapSetInformation
GetCurrentProcess
SizeofResource
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
FlushInstructionCache
GetProcessHeap
GetTempFileNameW
EnumResourceLanguagesW
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
GetTempPathW
FindResourceExW
InterlockedPushEntrySList
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
CreateProcessW
TlsGetValue
Sleep
WriteConsoleW
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
SysFreeString
SysAllocString
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
Ord(176)
MapWindowPoints
GetMonitorInfoW
GetParent
UpdateWindow
EndDialog
DefWindowProcW
SetProcessDefaultLayout
ShowWindow
SetWindowPos
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
IsWindow
GetWindowRect
InflateRect
RegisterClassExW
DialogBoxParamW
GetWindow
GetSysColor
SetDlgItemTextW
SendMessageW
UnregisterClassA
wsprintfW
LoadStringW
GetClientRect
SystemParametersInfoW
CallWindowProcW
MonitorFromWindow
LoadImageW
SetWindowTextW
GetSysColorBrush
LoadCursorW
CreateWindowExW
GetWindowLongW
DestroyWindow
Ord(169)
Ord(137)
Ord(141)
Ord(88)
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 9
BINARY 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:05:21 01:37:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66560

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
36108800

SubsystemVersion
5.1

EntryPoint
0x611e

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
PCAP parents
File identification
MD5 f8a7093ec1b8a8e28e5856197bbaf54f
SHA1 b55ac4c75ae4e80f0334b3857ed3fcac7f9440ce
SHA256 f2706dff723d63304f37bfe416aebf6a75da947acb4a71a267e29da00b5fa1ab
ssdeep
786432:N7sPIf4uPORLS7IWpAVKSNq9xC2r1Z85DYHHlqVr:dsgf4sO87FAkSU1w5DyqVr

authentihash 6bdbcde043295a5ec0634947de07b0ed0478610551bdf74230bdfcc743568b04
imphash c76f95e0b9146de523b85945c2481afe
File size 34.5 MB ( 36182856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-05-22 02:12:57 UTC ( 2 years, 8 months ago )
Last submission 2017-10-13 15:25:36 UTC ( 3 months ago )
File names bitcb74.tmp
bitda57.tmp
bit9a7c.tmp
bit4be7.tmp
bita75f.tmp
678044
bitd37d.tmp
bit3304.tmp
bit9415.tmp
bit8fcc.tmp
bit2a66.tmp
bit22b1.tmp
bit7202.tmp
bit9e38.tmp
bit4b54.tmp
bit504f.tmp
bit248d.tmp
googleearthwin.exe
bit179d.tmp
bit588f.tmp
bit1760.tmp
bit7660.tmp
bit4fa9.tmp
bit9aaa.tmp
bit9668.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!