× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff6fc7d863e3f2ee20e76c8c163b9a85b6e3f5eb0308edd1f0c59072d551e423
File name: psexec.exe.ViR
Detection ratio: 1 / 42
Analysis date: 2012-07-11 19:47:43 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
Sophos AV PsExec 20120705
AhnLab-V3 20120705
AntiVir 20120705
Antiy-AVL 20120705
Avast 20120705
AVG 20120705
BitDefender 20120705
ByteHero 20120704
CAT-QuickHeal 20120705
ClamAV 20120705
Commtouch 20120705
Comodo 20120705
DrWeb 20120706
Emsisoft 20120705
eSafe 20120705
F-Prot 20120705
F-Secure 20120706
Fortinet 20120705
GData 20120705
Ikarus 20120705
Jiangmin 20120705
K7AntiVirus 20120705
Kaspersky 20120705
McAfee 20120706
McAfee-GW-Edition 20120705
Microsoft 20120705
NOD32 20120705
Norman 20120705
nProtect 20120706
Panda 20120705
PCTools 20120705
Rising 20120705
SUPERAntiSpyware 20120705
Symantec 20120706
TheHacker 20120704
TotalDefense 20120705
TrendMicro 20120706
TrendMicro-HouseCall 20120705
VBA32 20120705
VIPRE 20120705
ViRobot 20120705
VirusBuster 20120705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001-2006 Mark Russinovich

Product Sysinternals PsExec
Original name psexec.c
Internal name PsExec
File version 1.72
Description Execute processes remotely
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-07-11 14:00:18
Entry Point 0x000053DA
Number of sections 4
PE sections
PE imports
GetTokenInformation
CloseServiceHandle
LsaFreeMemory
StartServiceW
OpenProcessToken
LsaClose
QueryServiceStatus
OpenSCManagerW
AllocateAndInitializeSid
FreeSid
OpenServiceW
ControlService
LookupPrivilegeValueW
DeleteService
LsaEnumerateAccountRights
CreateProcessAsUserW
CreateServiceW
LsaOpenPolicy
GetStdHandle
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
WriteFile
GetCommandLineA
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
ReadConsoleInputA
CopyFileW
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetProcessAffinityMask
GetFullPathNameW
CreateThread
GetSystemDirectoryW
DeleteCriticalSection
SetNamedPipeHandleState
ExitThread
TerminateProcess
InterlockedDecrement
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
FreeLibrary
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SetEvent
DeleteFileW
WaitForMultipleObjects
GetComputerNameW
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
LCMapStringA
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
TransactNamedPipe
SetConsoleTitleW
ReadConsoleW
SetFilePointer
ReadFile
CloseHandle
GetACP
GetVersion
GetEnvironmentStrings
SetConsoleMode
FindResourceW
VirtualFree
Sleep
VirtualAlloc
WNetCancelConnection2W
WNetAddConnection2W
NetServerEnum
NetApiBufferFree
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WSAStartup
gethostbyname
inet_ntoa
gethostname
Number of PE resources by type
BINRES 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.72.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Execute processes remotely

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
258048

EntryPoint
0x53da

OriginalFileName
psexec.c

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2001-2006 Mark Russinovich

FileVersion
1.72

TimeStamp
2006:07:11 16:00:18+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
PsExec

ProductVersion
1.72

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Sysinternals - www.sysinternals.com

CodeSize
49152

ProductName
Sysinternals PsExec

ProductVersionNumber
1.72.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 579b43e13294eb85faa7c28b470b19c1
SHA1 5d7d4875740535d9beedfa8b5bc83df50c60e2f6
SHA256 ff6fc7d863e3f2ee20e76c8c163b9a85b6e3f5eb0308edd1f0c59072d551e423
ssdeep
3072:3IcrWZgPGbuIRxBqtZQOqGh8lf3IE+Uzbo09DtkP:zWOPodQh8lf4rQ9S

authentihash 81656066ed4e53799dbff0a222ad2a3c8bb8c0fc35059696a3f2bb31e821b7ea
imphash 5c2700b90bf71b17ff9ae6fb0a8963ff
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2008-01-23 23:59:51 UTC ( 11 years, 1 month ago )
Last submission 2018-05-23 09:13:15 UTC ( 10 months ago )
File names nav8e1f.tmp
psexec.exe.12856_1.27800.partial
579b43e13294eb85faa7c28b470b19c1
1992#4040_47775
vti-rescan
psexec.exe.17844_1.27158.partial
malware___263.exe
psexec.exe.8948_1.40468.partial
204#9648_72496
psexec.exe.14932_1.61214.partial
psexec.exe.17844_1.39318.partial
3
psexec.exe.8948_1.26797.partial
psexec.exe.11280_1.40452.partial
psexec.exe
1342124450.psexec.exe.ViR
smona132699038067063982643
psexec.exe
6136#6920_37129
34.exe
alt5a21.tmp
49076#47568_88464
6136#5348_61258
psexec-suspicious.ex
pexe.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!