× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f447d69682a49d03fb88628d4a088c358ab83a60a0638572cd1b8b4de05f2205
File name: netbeans-8.1-html-windows-x86.exe
Detection ratio: 0 / 55
Analysis date: 2016-07-09 03:10:11 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware 20160709
AegisLab 20160708
AhnLab-V3 20160708
Alibaba 20160708
ALYac 20160709
Antiy-AVL 20160709
Arcabit 20160709
Avast 20160709
AVG 20160709
Avira (no cloud) 20160708
AVware 20160709
Baidu 20160706
BitDefender 20160709
Bkav 20160708
CAT-QuickHeal 20160708
ClamAV 20160709
CMC 20160704
Comodo 20160708
Cyren 20160709
DrWeb 20160709
Emsisoft 20160709
ESET-NOD32 20160708
F-Prot 20160709
F-Secure 20160709
Fortinet 20160709
GData 20160709
Ikarus 20160708
Jiangmin 20160709
K7AntiVirus 20160708
K7GW 20160709
Kaspersky 20160709
Kingsoft 20160709
Malwarebytes 20160709
McAfee 20160709
McAfee-GW-Edition 20160709
Microsoft 20160708
eScan 20160708
NANO-Antivirus 20160708
nProtect 20160708
Panda 20160708
Qihoo-360 20160709
Sophos AV 20160709
SUPERAntiSpyware 20160709
Symantec 20160709
Tencent 20160709
TheHacker 20160707
TotalDefense 20160709
TrendMicro 20160709
TrendMicro-HouseCall 20160709
VBA32 20160708
VIPRE 20160709
ViRobot 20160708
Yandex 20160708
Zillya 20160708
Zoner 20160709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 2:21 AM 10/23/2015
Signers
[+] Oracle America
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 1:00 AM 4/14/2015
Valid to 12:59 AM 4/14/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3B75816D15A6D8F4598E9CF5603F1839EE84D73D
Serial number 12 F0 27 7E 0F 23 3B 39 F9 41 9B 06 E8 CD E3 52
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 12/10/2013
Valid to 12:59 AM 12/10/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-29 09:18:47
Entry Point 0x000012B0
Number of sections 7
PE sections
Overlays
MD5 a1b73958a0139e347785311b9078e09d
File type data
Offset 389120
Size 107626112
Entropy 8.00
PE imports
SetSecurityDescriptorDacl
RegCloseKey
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
IsTextUnicode
RegQueryValueExW
InitCommonControls
GetObjectA
CreateFontIndirectA
GetStockObject
PeekNamedPipe
GetLastError
GetStdHandle
EnterCriticalSection
lstrcpynW
ReadFile
lstrcpynA
GetModuleFileNameW
SetEvent
GetExitCodeProcess
WaitForSingleObject
ExitProcess
GetVersionExA
VirtualProtect
FlushFileBuffers
GetFileAttributesW
GetModuleFileNameA
GetLocalTime
CreatePipe
GetCurrentProcess
GetCurrentDirectoryW
LocalAlloc
FindClose
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetLocaleInfoW
SetStdHandle
lstrlenA
CreateDirectoryExW
CreateThread
RemoveDirectoryW
GetModuleHandleA
lstrcmpA
DeleteCriticalSection
FindNextFileW
SetUnhandledExceptionFilter
GetTempPathW
GetStartupInfoA
CloseHandle
DeleteFileW
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GetUserDefaultLCID
lstrlenW
GetFileAttributesExW
LocalFree
FormatMessageW
TerminateProcess
CreateEventW
InitializeCriticalSection
WriteFile
CreateFileW
VirtualQuery
CreateProcessW
GetDiskFreeSpaceExW
TlsGetValue
Sleep
SetFileAttributesW
GetTickCount
GetEnvironmentVariableW
LeaveCriticalSection
CommandLineToArgvW
SHGetFolderPathA
SetFocus
GetMessageA
UpdateWindow
PostQuitMessage
DefWindowProcA
ShowWindow
wvsprintfW
GetSystemMetrics
MessageBoxW
DispatchMessageA
MessageBoxA
TranslateMessage
RegisterClassExA
UnregisterClassA
SendMessageA
SetWindowTextW
CreateWindowExA
LoadCursorA
LoadIconA
GetClientRect
LoadImageA
CreateWindowExW
SetForegroundWindow
IsDialogMessageA
DestroyWindow
GetUserProfileDirectoryW
_cexit
__p__fmode
__p__environ
fwrite
signal
memset
strcat
free
_onexit
atexit
strrchr
abort
_setmode
vfprintf
__getmainargs
calloc
printf
_iob
memcpy
__set_app_type
Number of PE resources by type
RT_ICON 13
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:29 10:18:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
2.22

FileTypeExtension
exe

InitializedDataSize
320000

SubsystemVersion
4.0

EntryPoint
0x12b0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
512

File identification
MD5 f5871aac0e35d827baa8a2c0441fab8c
SHA1 7aa45dfbb9c65695b488ba30799d2892f911acf2
SHA256 f447d69682a49d03fb88628d4a088c358ab83a60a0638572cd1b8b4de05f2205
ssdeep
1572864:eOAhrpm9pjXyUhorig34DwlcK9a7W0fjSUo4MhmZQPFcBDyq0fmDQ8elKTI/HdRw:efe/Smg+wlcFt9ZIFcBDyqVnelK49Rw

authentihash 9f361516d666501b9958ee1230a229bac93b604d161285740b8996e7ce69890b
imphash 9bf44691adf76d48d26250698f17709e
File size 103.0 MB ( 108015232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (30.1%)
UPX compressed Win32 Executable (29.5%)
Win32 EXE Yoda's Crypter (25.6%)
Win32 Dynamic Link Library (generic) (6.3%)
Win32 Executable (generic) (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-11-10 19:18:57 UTC ( 2 years, 10 months ago )
Last submission 2016-05-24 11:43:37 UTC ( 2 years, 3 months ago )
File names netbeans-8.1-php-windows-x86.exe
netbeans-8.1-php-windows-x86.exe
netbeans-8.1-html-windows-x86.exe
netbeans-8.1-php-windows-x86.exe
netbeans-8.1-php-windows-x86.exe
netbeans-8.1-html-windows-x86.exe
netbeans-8.1-php-windows-x86.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!