× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe8e150b15352dd89c16b8651fe33155c892a63b694a7166332c2b3d38a7efb2
File name: redis-server.exe
Detection ratio: 0 / 57
Analysis date: 2016-10-01 10:26:31 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20161001
AegisLab 20161001
AhnLab-V3 20160930
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161001
Arcabit 20161001
Avast 20161001
AVG 20161001
Avira (no cloud) 20161001
AVware 20161001
Baidu 20161001
BitDefender 20161001
Bkav 20161001
CAT-QuickHeal 20161001
ClamAV 20161001
CMC 20160930
Comodo 20161001
CrowdStrike Falcon (ML) 20160725
Cyren 20161001
DrWeb 20161001
Emsisoft 20161001
ESET-NOD32 20161001
F-Prot 20160926
F-Secure 20161001
Fortinet 20161001
GData 20161001
Ikarus 20161001
Sophos ML 20160928
Jiangmin 20161001
K7AntiVirus 20161001
K7GW 20161001
Kaspersky 20161001
Kingsoft 20161001
Malwarebytes 20161001
McAfee 20161001
McAfee-GW-Edition 20161001
Microsoft 20161001
eScan 20161001
NANO-Antivirus 20161001
nProtect 20161001
Panda 20160930
Qihoo-360 20161001
Rising 20161001
Sophos AV 20161001
SUPERAntiSpyware 20161001
Symantec 20161001
Tencent 20161001
TheHacker 20161001
TrendMicro 20161001
TrendMicro-HouseCall 20161001
VBA32 20160930
VIPRE 20161001
ViRobot 20161001
Yandex 20160930
Zillya 20160929
Zoner 20161001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:13 PM 12/7/2015
Signers
[+] Microsoft Open Technologies Inc
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA 2010
Valid from 9:27 PM 4/8/2015
Valid to 9:27 PM 7/8/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 5BF47A931868B767B9691269AB48FFCD8869D646
Serial number 33 00 00 00 C1 2B 7A F1 83 31 82 CD 68 00 00 00 00 00 C1
[+] Microsoft Code Signing PCA 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 9:40 PM 7/6/2010
Valid to 9:50 PM 7/6/2025
Valid usage All
Algorithm sha256RSA
Thumbprint 8BFE3107712B3C886B1C96AAEC89984914DC9B6B
Serial number 61 0C 52 4C 00 00 00 00 00 03
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbprint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA 2010
Valid from 9:40 PM 10/28/2015
Valid to 9:40 PM 1/28/2017
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint DC13F01D32CAC4FA1F67D71F72047677E0B02746
Serial number 33 00 00 00 83 28 16 DE 66 BC B6 DB D8 00 00 00 00 00 83
[+] Microsoft Time-Stamp PCA 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:36 PM 7/1/2010
Valid to 10:46 PM 7/1/2025
Valid usage All
Algorithm sha256RSA
Thumbrint 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Serial number 61 09 81 2A 00 00 00 00 00 02
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbrint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
PE header basic information
Target machine x64
Compilation timestamp 2015-12-07 19:19:28
Entry Point 0x0004382C
Number of sections 6
PE sections
Overlays
MD5 2c17c27a2e1dacb06dd2123846cbb8c7
File type data
Offset 1549312
Size 8688
Entropy 7.34
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
RegQueryValueExA
ControlService
DeleteService
RegCreateKeyA
CloseServiceHandle
ChangeServiceConfig2W
OpenProcessToken
RegSetValueExA
CreateServiceA
QueryServiceStatus
RegisterEventSourceA
GetNamedSecurityInfoA
GetTokenInformation
SetServiceStatus
RegOpenKeyA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetNamedSecurityInfoA
OpenSCManagerW
DeregisterEventSource
StartServiceA
SetEntriesInAclA
ReportEventA
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SetConsoleCursorPosition
ScrollConsoleScreenBufferW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
MapViewOfFileEx
GetConsoleCursorInfo
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetCommandLineA
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
CreateEventW
OutputDebugStringW
TlsGetValue
FormatMessageA
DebugBreak
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
InitializeCriticalSection
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
FillConsoleOutputCharacterW
VerSetConditionMask
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
CreatePipe
SetNamedPipeHandleState
SetUnhandledExceptionFilter
SetHandleInformation
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
GetProcAddress
HeapCreate
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
WriteConsoleInputW
RtlPcToFileHeader
MoveFileExA
LCMapStringW
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
SetEvent
DeleteFileW
GetUserDefaultLCID
GetNamedPipeHandleStateW
FillConsoleOutputAttribute
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
FreeEnvironmentStringsW
RtlLookupFunctionEntry
ResetEvent
IsValidLocale
DuplicateHandle
RtlUnwindEx
ReadConsoleW
GetConsoleScreenBufferInfo
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
EnumSystemLocalesW
VirtualAllocEx
GetSystemInfo
GetConsoleCP
CompareStringW
GetProcessTimes
GetEnvironmentStringsW
PostQueuedCompletionStatus
CreateNamedPipeA
GetCPInfo
GetQueuedCompletionStatus
FileTimeToLocalFileTime
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
CreateIoCompletionPort
GetConsoleTitleW
GetCurrentDirectoryA
HeapSize
RaiseException
SetConsoleCursorInfo
GetCurrentThread
SetConsoleTitleW
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
UnmapViewOfFile
SetCurrentDirectoryA
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetPerformanceInfo
ShellExecuteExA
PathRemoveFileSpecA
PathIsRelativeA
PathCombineA
wsprintfW
SymSetOptions
SymInitialize
SymGetSymFromAddr64
StackWalk64
SymGetModuleBase64
SymGetLineFromAddr64
SymFunctionTableAccess64
Number of PE resources by type
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2015:12:07 20:19:28+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
1132544

LinkerVersion
12.0

EntryPoint
0x4382c

InitializedDataSize
525312

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 041708f6bc1c5d2f4493380bb4de1ce4
SHA1 346a4a862303e3e77863e62351f223fde733d1c9
SHA256 fe8e150b15352dd89c16b8651fe33155c892a63b694a7166332c2b3d38a7efb2
ssdeep
24576:GoNwNoogFeYDrE/e2hfzXbahvWBvxpDMRVco0Vp5eTub/fodXQpJ5lg62KnD:GoSNoBeOrE/eOzXbah0Qmo035trfodAF

authentihash 9b7fb18cc14c91f4e0d6005df18fd4e94eb9de378572a94723c80df50eef7036
imphash 5766d803f659d301e3ca5b234023eb71
File size 1.5 MB ( 1558000 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2016-05-20 09:01:31 UTC ( 2 years, 6 months ago )
Last submission 2016-05-20 09:01:31 UTC ( 2 years, 6 months ago )
File names redis-server.exe
redis-server.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!