× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
File name: vc_redist_x86.exe
Detection ratio: 0 / 68
Analysis date: 2018-10-26 19:01:31 UTC ( 2 months, 3 weeks ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20181026
AVG 20181026
Ad-Aware 20181026
AegisLab 20181026
AhnLab-V3 20181026
Alibaba 20180921
Antiy-AVL 20181026
Arcabit 20181026
Avast 20181026
Avast-Mobile 20181026
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181026
Bkav 20181025
CAT-QuickHeal 20181026
CMC 20181026
ClamAV 20181025
Comodo 20181026
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181026
Cyren 20181026
DrWeb 20181026
ESET-NOD32 20181026
Emsisoft 20181026
Endgame 20180730
F-Prot 20181026
F-Secure 20181026
Fortinet 20181026
GData 20181026
Ikarus 20181026
Sophos ML 20180717
Jiangmin 20181026
K7AntiVirus 20181026
K7GW 20181025
Kaspersky 20181026
Kingsoft 20181026
MAX 20181026
Malwarebytes 20181026
McAfee 20181026
McAfee-GW-Edition 20181026
eScan 20181026
Microsoft 20181026
NANO-Antivirus 20181026
Palo Alto Networks (Known Signatures) 20181026
Panda 20181026
Qihoo-360 20181026
Rising 20181026
SUPERAntiSpyware 20181022
SentinelOne (Static ML) 20181011
Sophos AV 20181026
Symantec 20181026
TACHYON 20181026
Tencent 20181026
TheHacker 20181025
TotalDefense 20181026
TrendMicro 20181026
TrendMicro-HouseCall 20181026
Trustlook 20181026
VBA32 20181026
ViRobot 20181026
Webroot 20181026
Yandex 20181026
Zillya 20181024
ZoneAlarm by Check Point 20181026
Zoner 20181025
eGambit 20181026
Symantec Mobile Insight 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) Microsoft Corporation. All rights reserved.

Product Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Original name VC_redist.x86.exe
Internal name setup
File version 14.0.23026.0
Description Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Signature verification Signed file, verified signature
Signing date 11:02 PM 6/25/2015
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 9:42 AM 6/4/2015
Valid to 9:42 AM 9/4/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 2:19 PM 8/31/2010
Valid to 2:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 3:19 PM 5/9/2001
Valid to 3:28 PM 5/9/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 9:32 AM 3/20/2015
Valid to 9:32 AM 6/20/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 0731E6E5631C8EC056E121B4DF6832DD460D90EF
Serial number 33 00 00 00 71 B3 2E 8A 6B 82 AA 1F 4E 00 00 00 00 00 71
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 4:53 AM 4/3/2007
Valid to 5:03 AM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 3:19 PM 5/9/2001
Valid to 3:28 PM 5/9/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-13 19:42:32
Entry Point 0x00028494
Number of sections 7
PE sections
Overlays
MD5 f129d88a2d29c61450d69b40cfe3bbf7
File type data
Offset 380416
Size 13387360
Entropy 8.00
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
SetEntriesInAclW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
LookupAccountNameW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegEnumValueW
QueryServiceConfigW
FreeSid
CryptGetHashParam
RegSetValueExW
OpenSCManagerW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
CertGetCertificateContextProperty
CryptHashPublicKeyInfo
Ord(23)
Ord(20)
Ord(22)
GetDeviceCaps
CreateDCW
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
ProcessIdToSessionId
GetFileAttributesW
VerifyVersionInfoW
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
CreateEventW
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetFilePointer
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
LCMapStringW
OpenProcess
GetDateFormatW
GetStartupInfoW
SetEvent
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
CreateFileMappingW
UnmapViewOfFile
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLocalTime
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
CompareStringA
SysFreeString
VariantInit
VariantClear
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
GetMessageW
DefWindowProcW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
EndPaint
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
ReleaseDC
BeginPaint
RegisterClassW
UnregisterClassW
MessageBoxW
IsDialogMessageW
MonitorFromPoint
WaitForInputIdle
PostThreadMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipFree
GdipGetImageWidth
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateBitmapFromResource
Ord(169)
Ord(70)
Ord(205)
Ord(111)
Ord(171)
Ord(45)
Ord(173)
Ord(141)
Ord(88)
Ord(125)
Ord(190)
Ord(17)
Ord(90)
Ord(116)
Ord(118)
Ord(238)
Ord(115)
Ord(8)
Ord(137)
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.23026.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
144896

EntryPoint
0x28494

OriginalFileName
VC_redist.x86.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Microsoft Corporation. All rights reserved.

FileVersion
14.0.23026.0

TimeStamp
2015:02:13 11:42:32-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
14.0.23026.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
234496

ProductName
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026

ProductVersionNumber
14.0.23026.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 1a15e6606bac9647e7ad3caa543377cf
SHA1 bfb74e498c44d3a103ca3aa2831763fb417134d1
SHA256 fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
ssdeep
393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc

authentihash ab06cbec52d7a169638049012ef886a15e876511a6e990cd1f7bf7ad2514e8b4
imphash 8e2588a9cf43886de3449dfff03137b6
File size 13.1 MB ( 13767776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with vc_redist.x86.exe as its name.
VirusTotal metadata
First submission 2015-07-11 16:31:36 UTC ( 3 years, 6 months ago )
Last submission 2019-01-15 10:50:15 UTC ( 1 day, 10 hours ago )
File names vcredist_x86(2015).exe
vcredist_x86(3).exe
1. vc_redist.x86.exe
vc_redist.x86_V11.0.exe
vcredist_x86.exe
319320
vc_redist.x864.exe_fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
vc-redist-x86.exe
134
vc2015_redist_14.0.23026.0.x86.exe
131834
ISSetupFile.SetupFile4
Microsoft Visual C++ 2015_32bit_vcredist_x86.exe
Runtime.exe
vs2015_vcredist_x86.exe
VC140_VCRedist_x86.exe
vc_redist.x86 (2).exe
vc_redist.x86 huy.exe
106811069.exe
INSTALL IT IF U ARE PLAYING FOR THE FIRST TIME.exe
2005vc_redist.x86.exe
MVC++ 2015 X86.exe
vcredist_2015_up2_x86.exe
Microsoft Visual C + +2015 Redistributable x86.exe
1a15e6606bac9647e7ad3caa543377cf-fp-pe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs
DNS requests