× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
File name: vc_redist.x86.exe
Detection ratio: 0 / 67
Analysis date: 2018-04-26 04:03:40 UTC ( 2 months, 3 weeks ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20180426
AVG 20180426
AVware 20180426
Ad-Aware 20180426
AegisLab 20180426
AhnLab-V3 20180425
Antiy-AVL 20180418
Arcabit 20180426
Avast 20180426
Avast-Mobile 20180425
Avira (no cloud) 20180425
Babable 20180406
Baidu 20180425
BitDefender 20180426
Bkav 20180424
CAT-QuickHeal 20180425
CMC 20180425
ClamAV 20180425
Comodo 20180425
CrowdStrike Falcon (ML) 20180418
Cybereason 20180225
Cylance 20180426
Cyren 20180426
DrWeb 20180426
ESET-NOD32 20180426
Emsisoft 20180426
Endgame 20180403
F-Prot 20180426
F-Secure 20180426
Fortinet 20180426
GData 20180426
Ikarus 20180425
Sophos ML 20180121
Jiangmin 20180426
K7AntiVirus 20180426
K7GW 20180426
Kaspersky 20180426
Kingsoft 20180426
MAX 20180426
Malwarebytes 20180426
McAfee 20180426
McAfee-GW-Edition 20180425
eScan 20180426
Microsoft 20180426
NANO-Antivirus 20180426
Palo Alto Networks (Known Signatures) 20180426
Panda 20180425
Qihoo-360 20180426
Rising 20180426
SUPERAntiSpyware 20180426
SentinelOne (Static ML) 20180225
Sophos AV 20180426
Symantec 20180425
Tencent 20180426
TheHacker 20180425
TrendMicro 20180426
TrendMicro-HouseCall 20180426
VBA32 20180425
VIPRE 20180426
ViRobot 20180426
Webroot 20180426
Yandex 20180425
Zillya 20180425
ZoneAlarm by Check Point 20180426
Zoner 20180425
eGambit 20180426
nProtect 20180426
Alibaba 20180426
Symantec Mobile Insight 20180424
Trustlook 20180426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) Microsoft Corporation. All rights reserved.

Product Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Original name VC_redist.x86.exe
Internal name setup
File version 14.0.23026.0
Description Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Signature verification Signed file, verified signature
Signing date 8:02 AM 6/26/2015
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 6:42 PM 6/4/2015
Valid to 6:42 PM 9/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 6:32 PM 3/20/2015
Valid to 6:32 PM 6/20/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 0731E6E5631C8EC056E121B4DF6832DD460D90EF
Serial number 33 00 00 00 71 B3 2E 8A 6B 82 AA 1F 4E 00 00 00 00 00 71
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-13 19:42:32
Entry Point 0x00028494
Number of sections 7
PE sections
Overlays
MD5 f129d88a2d29c61450d69b40cfe3bbf7
File type data
Offset 380416
Size 13387360
Entropy 8.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
SetEntriesInAclW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
LookupAccountNameW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegEnumValueW
QueryServiceConfigW
FreeSid
CryptGetHashParam
RegSetValueExW
OpenSCManagerW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
CertGetCertificateContextProperty
CryptHashPublicKeyInfo
Ord(23)
Ord(20)
Ord(22)
GetDeviceCaps
CreateDCW
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
VerifyVersionInfoW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
CreateEventW
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetFilePointer
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
LCMapStringW
OpenProcess
GetDateFormatW
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
CreateFileMappingW
UnmapViewOfFile
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLocalTime
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
CompareStringA
SysFreeString
VariantInit
VariantClear
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
GetMessageW
DefWindowProcW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
EndPaint
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
ReleaseDC
BeginPaint
RegisterClassW
UnregisterClassW
MessageBoxW
IsDialogMessageW
MonitorFromPoint
WaitForInputIdle
PostThreadMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipFree
GdipGetImageWidth
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromResource
Ord(169)
Ord(70)
Ord(205)
Ord(111)
Ord(171)
Ord(45)
Ord(173)
Ord(141)
Ord(88)
Ord(125)
Ord(190)
Ord(17)
Ord(90)
Ord(116)
Ord(118)
Ord(238)
Ord(115)
Ord(8)
Ord(137)
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.23026.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
144896

EntryPoint
0x28494

OriginalFileName
VC_redist.x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Microsoft Corporation. All rights reserved.

FileVersion
14.0.23026.0

TimeStamp
2015:02:13 20:42:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
14.0.23026.0

FileDescription
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
234496

ProductName
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

ProductVersionNumber
14.0.23026.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 1a15e6606bac9647e7ad3caa543377cf
SHA1 bfb74e498c44d3a103ca3aa2831763fb417134d1
SHA256 fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
ssdeep
393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc

authentihash ab06cbec52d7a169638049012ef886a15e876511a6e990cd1f7bf7ad2514e8b4
imphash 8e2588a9cf43886de3449dfff03137b6
File size 13.1 MB ( 13767776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with vc_redist.x86.exe as its name.
VirusTotal metadata
First submission 2015-07-11 16:31:36 UTC ( 3 years ago )
Last submission 2018-07-17 11:27:32 UTC ( 8 hours, 25 minutes ago )
File names vcredist_x86(2015).exe
Visual C++ x86 (x32).exe
vcredist_x86(3).exe
1. vc_redist.x86.exe
vc_redist.x86_V11.0.exe
vcredist_x86.exe
319320
vc_redist_140.exe
vc-redist-x86.exe
Microsoft visual c++ 2015.exe
134
vc2015_redist_14.0.23026.0.x86.exe
vc_redist.x86.exe
ISSetupFile.SetupFile4
Microsoft Visual C++ 2015_32bit_vcredist_x86.exe
Runtime.exe
vs2015_vcredist_x86.exe
32Bit.exe
vc_redist.x86 huy.exe
106811069.exe
INSTALL IT IF U ARE PLAYING FOR THE FIRST TIME.exe
2005vc_redist.x86.exe
MVC++ 2015 X86.exe
vcredist_2015_up2_x86.exe
131834
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs
DNS requests