× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f57545aaf069b34606caa995f94f6e0d62797344633dd02df303d42ed2895cd1
File name: chocolatey.exe
Detection ratio: 0 / 57
Analysis date: 2016-11-05 21:04:40 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware 20161105
AegisLab 20161105
AhnLab-V3 20161105
Alibaba 20161104
ALYac 20161105
Antiy-AVL 20161105
Arcabit 20161105
Avast 20161105
AVG 20161105
Avira (no cloud) 20161105
AVware 20161105
Baidu 20161104
BitDefender 20161105
Bkav 20161105
CAT-QuickHeal 20161105
ClamAV 20161105
CMC 20161105
Comodo 20161105
CrowdStrike Falcon (ML) 20161024
Cyren 20161105
DrWeb 20161105
Emsisoft 20161105
ESET-NOD32 20161105
F-Prot 20161105
F-Secure 20161105
Fortinet 20161105
GData 20161105
Ikarus 20161105
Sophos ML 20161018
Jiangmin 20161105
K7AntiVirus 20161105
K7GW 20161105
Kaspersky 20161105
Kingsoft 20161105
Malwarebytes 20161105
McAfee 20161105
McAfee-GW-Edition 20161105
Microsoft 20161105
eScan 20161105
NANO-Antivirus 20161105
nProtect 20161105
Panda 20161105
Qihoo-360 20161105
Rising 20161105
Sophos AV 20161105
SUPERAntiSpyware 20161105
Symantec 20161105
Tencent 20161105
TheHacker 20161104
TotalDefense 20161105
TrendMicro 20161105
TrendMicro-HouseCall 20161105
VBA32 20161105
VIPRE 20161105
ViRobot 20161105
Yandex 20161105
Zillya 20161105
Zoner 20161105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013 - Present RealDimensions Software, LLC

Product ShimGen generated shim
Original name chocolatey.exe
Internal name chocolatey.exe
File version 0.5.0.0
Description ShimGen generated shim
Comments This is a shim that points to a particular file. It was generated by ShimGen (Shim Generator). The use of shimgen must comply with its proprietary license.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-22 18:54:15
Entry Point 0x0000633E
Number of sections 3
.NET details
Module Version ID 263c7461-e1d6-4b95-8fd7-bd48f1d66bcb
TypeLib ID 6104579d-2ee7-414d-b467-aa4a1e2d440a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This is a shim that points to a particular file. It was generated by ShimGen (Shim Generator). The use of shimgen must comply with its proprietary license.

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.5.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
ShimGen generated shim

CharacterSet
Unicode

InitializedDataSize
7168

EntryPoint
0x633e

OriginalFileName
chocolatey.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 - Present RealDimensions Software, LLC

FileVersion
0.5.0.0

TimeStamp
2015:02:22 19:54:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
chocolatey.exe

ProductVersion
0.5.0.825e7d6b

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
RealDimensions Software, LLC

CodeSize
17408

ProductName
ShimGen generated shim

ProductVersionNumber
0.5.0.825

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
0.5.0.0

File identification
MD5 f905997505602c24bd66bdbfff93fcfd
SHA1 59eaf6ae8c4915610ea5d6c8a8756fb1930cacc0
SHA256 f57545aaf069b34606caa995f94f6e0d62797344633dd02df303d42ed2895cd1
ssdeep
384:VQ4YdAtABitqaktVncWgry9fNij80XXxht86u1ExbbbbGbZY4he9LLa:ODy2Bihk7cre9Ku1ExbbbbGbO4h6LG

authentihash e13bc391d8899efdb1cc3d2658c2a85e6c73d443ed939a4cb94998882aa30865
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 24.5 KB ( 25088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2015-03-03 20:05:37 UTC ( 3 years, 8 months ago )
Last submission 2015-03-03 20:05:37 UTC ( 3 years, 8 months ago )
File names chocolatey.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!