× Sütik letiltva! Az oldal helyes működéséhez engedélyezni kell a sütiket.
SHA256: e46620bd4eb048fcb2a8f1541d2dbda8299e38e01a4eef9c4e7c3c43b96d0629
Fájl neve: OpNepEV3.exe
Észlelési arány: 0 / 66
Elemzés ideje: 2018-03-31 22:05:55 UTC ( 1 év, 1 hónap ezelőtt ) Legfrissebb megtekintése
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Vírusirtó Eredmény Utolsó frissítés
ALYac 20180331
AVG 20180331
AVware 20180331
Ad-Aware 20180331
AegisLab 20180331
AhnLab-V3 20180331
Antiy-AVL 20180331
Arcabit 20180331
Avast 20180331
Avast-Mobile 20180331
Avira (no cloud) 20180331
Baidu 20180330
BitDefender 20180331
Bkav 20180331
CAT-QuickHeal 20180331
CMC 20180331
ClamAV 20180331
Comodo 20180331
CrowdStrike Falcon (ML) 20170201
Cylance 20180331
Cyren 20180331
DrWeb 20180331
ESET-NOD32 20180331
Emsisoft 20180331
Endgame 20180316
F-Prot 20180331
F-Secure 20180331
Fortinet 20180331
GData 20180331
Ikarus 20180331
Sophos ML 20180120
Jiangmin 20180331
K7AntiVirus 20180331
K7GW 20180331
Kaspersky 20180331
Kingsoft 20180331
MAX 20180331
Malwarebytes 20180331
McAfee 20180331
McAfee-GW-Edition 20180331
eScan 20180331
Microsoft 20180331
NANO-Antivirus 20180331
Palo Alto Networks (Known Signatures) 20180331
Panda 20180331
Qihoo-360 20180331
Rising 20180331
SUPERAntiSpyware 20180331
SentinelOne (Static ML) 20180225
Sophos AV 20180331
Symantec 20180331
Tencent 20180331
TheHacker 20180330
TotalDefense 20180331
TrendMicro 20180331
TrendMicro-HouseCall 20180331
VBA32 20180330
VIPRE 20180331
ViRobot 20180331
WhiteArmor 20180324
Yandex 20180331
Zillya 20180330
ZoneAlarm by Check Point 20180331
Zoner 20180330
eGambit 20180331
nProtect 20180331
Alibaba 20180330
Cybereason None
Symantec Mobile Insight 20180311
Trustlook 20180331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name write
Internal name write
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Write
Signature verification Signed file, verified signature
Signing date 7:35 PM 11/20/2010
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 09:57 PM 12/07/2009
Valid to 09:57 PM 03/07/2011
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 09:55 PM 09/15/2005
Valid to 10:05 PM 03/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 07:12 PM 07/25/2008
Valid to 07:22 PM 07/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:53 PM 04/03/2007
Valid to 01:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 05/09/2001
Valid to 11:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2009-07-13 23:56:28
Entry Point 0x000015A4
Number of sections 5
PE sections
PE imports
HeapSetInformation
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
Sleep
GetCurrentProcessId
UnhandledExceptionFilter
RtlVirtualUnwind
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetModuleHandleW
ShellExecuteW
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
__wgetmainargs
_exit
_cexit
exit
_XcptFilter
_commode
__setusermatherr
_wcmdln
_fmode
_initterm
__set_app_type
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Write

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
6656

EntryPoint
0x15a4

OriginalFileName
write

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:13 23:56:28+00:00

FileType
Win64 EXE

PEType
PE32+

InternalName
write

ProductVersion
6.1.7600.16385

SubsystemVersion
6.1

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
4096

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 f8ed3b4b209e2cb49028e36cf06ca851
SHA1 71e0c405d0e615d55367df1bce4ceb19b3937a5c
SHA256 e46620bd4eb048fcb2a8f1541d2dbda8299e38e01a4eef9c4e7c3c43b96d0629
ssdeep
192:eKve2PKcOoRuhECWGbez3yhWxu/oWxaOW:e8ePnoResGICoxu/oWxaOW

authentihash d1635e8eee2979a4fba988cae2ba8ffb700fc78109fc1c38dce8b4ac9e8ff402
imphash 8ae4743c15eb8e9b302a857e3ce73d5e
Fájl méret 10.0 KB ( 10240 bytes )
Fájl típus Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (55.0%)
Microsoft Visual C++ compiled executable (generic) (32.9%)
OS/2 Executable (generic) (4.0%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Tags
64bits peexe assembly signed trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with write.exe as its name.
VirusTotal metadata
First submission 2009-08-27 14:41:04 UTC ( 9 év, 9 hónap ezelőtt )
Last submission 2019-05-22 02:42:23 UTC ( 5 nap, 5 óra ezelőtt )
Fájl nevek imm-flt-266625
[31]write.exe
e2add2d4-ea45-45d3-91e2-04432107f8e5.tmp
[60]write.exe
98f901.tmpscan
c1dd7bcfb5dbb01ede87fcc9a551f3f47db2b4df.exe
c02f61.tmpscan
0104b1.tmpscan
1ac511.tmpscan
5ed2c1.tmpscan
b1bc81.tmpscan
[13]write.exe
6e8eacc0b339365d79a2c06896865d3d.exes
996fe.tmpscan
c5b9665b-1d19-47cc-a287-09a2d0fd4d07.tmp
[53]write.exe
842791feab9b50a34b7beb787a51f8146d1b0c0f.exe
tmp4156.tmp
2439a3.tmpscan
491af282fbcc3fc832f96000789a85c3
imm-flt-242969
8aa4d1.tmpscan
[54]write.exe
204-korora_2017-08-07T17.59.48-0600_1.1.11.206-58465_1.2.30.121-8080_f8ed3b4b209e2cb49028e36cf06ca851_11.html
c1e00f1.tmpscan
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Nincsenek hozzászólások. Még egy VirusTotal felhasználó sem írt bejegyzést ehhez, legyél te az első!

Hozzászólás írása...

?
Hozzászólás elküldése

Nem vagy bejelentkezve. Csak regisztrált felhasználók írhatnak hozzászólást, jelentkezz be és oszd meg a véleményed!

Nincsenek szavazatok. Még senki nem szavazott, legyél te az első!