× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: 14af5f5285081437c5792bac5eba3c9aa868f935f8bb11065e388393ffa2b910
ファイル名: Eraser6.2.0.2970.exe
検出率: 0 / 70
分析日時: 2019-02-06 09:27:41 UTC (3 ヶ月, 2 週間前)
ウイルス対策ソフト 結果 更新日
Acronis 20190130
Ad-Aware 20190206
AegisLab 20190206
AhnLab-V3 20190205
Alibaba 20180921
ALYac 20190206
Antiy-AVL 20190206
Arcabit 20190206
Avast 20190206
Avast-Mobile 20190206
AVG 20190206
Avira (no cloud) 20190206
Babable 20180918
Baidu 20190202
BitDefender 20190206
Bkav 20190201
CAT-QuickHeal 20190205
ClamAV 20190205
CMC 20190205
Comodo 20190206
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190206
Cyren 20190206
DrWeb 20190206
eGambit 20190206
Emsisoft 20190206
Endgame 20181108
ESET-NOD32 20190206
F-Prot 20190206
F-Secure 20190206
Fortinet 20190206
GData 20190206
Ikarus 20190206
Sophos ML 20181128
Jiangmin 20190206
K7AntiVirus 20190206
K7GW 20190206
Kaspersky 20190206
Kingsoft 20190206
Malwarebytes 20190206
MAX 20190206
McAfee 20190206
McAfee-GW-Edition 20190205
Microsoft 20190206
eScan 20190206
NANO-Antivirus 20190206
Palo Alto Networks (Known Signatures) 20190206
Panda 20190205
Qihoo-360 20190206
Rising 20190206
SentinelOne (Static ML) 20190203
Sophos AV 20190206
SUPERAntiSpyware 20190130
Symantec 20190206
TACHYON 20190206
Tencent 20190206
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190206
TrendMicro-HouseCall 20190206
Trustlook 20190206
VBA32 20190206
VIPRE 20190205
ViRobot 20190205
Webroot 20190206
Yandex 20190204
Zillya 20190206
ZoneAlarm by Check Point 20190206
Zoner 20190206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2008-2015 The Eraser Project

Original name Eraser Setup Bootstrapper
Internal name Eraser Setup Bootstrapper
File version 6.2.0.2970
Description Eraser Setup Bootstrapper
Comments Eraser Setup Bootstrapper
Signature verification Signed file, verified signature
Signing date 3:32 PM 9/3/2015
Signers
[+] Heidi Computers Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G2
Valid from 03:56 PM 10/02/2014
Valid to 03:56 PM 10/03/2015
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3FA924614A31CFB111F4AF7D0E3AC59360C3E656
Serial number 11 21 44 22 8F 17 E7 6E B7 94 0B 2E 88 23 90 DD 7A F3
[+] GlobalSign CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 08/02/2011
Valid to 10:00 AM 08/02/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4E34C4841080D07059EFC1F3C5DE4D79905A36FF
Serial number 04 00 00 00 00 01 31 89 C6 37 E8
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 03/18/2009
Valid to 10:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] Certum Time-Stamping Authority
Status Valid
Issuer Certum CA
Valid from 12:58 PM 03/03/2009
Valid to 12:58 PM 03/03/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 0D2CF962FB4D042F2F1401DE66EACBA80DA76112
Serial number 04 7A 55
[+] Certum
Status Valid
Issuer Certum CA
Valid from 10:46 AM 06/11/2002
Valid to 10:46 AM 06/11/2027
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, OCSP Signing
Algorithm sha1RSA
Thumbrint 6252DC40F71143A22FDE9EF7348E064251B18118
Serial number 01 00 20
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-03 14:31:54
Entry Point 0x00010267
Number of sections 5
PE sections
Overlays
MD5 4009805b8b52591a742565fa8251af20
File type data
Offset 8333824
Size 4560
Entropy 7.44
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateFontIndirectW
GetNativeSystemInfo
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
UpdateResourceW
GetLocaleInfoW
RemoveDirectoryW
EndUpdateResourceW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
EnumSystemLocalesW
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
GetStringTypeW
GetFileSize
SetLastError
LockResource
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetStartupInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
WriteFile
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
FindNextFileW
GetSystemTimeAsFileTime
FindFirstFileW
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ExitProcess
GetOEMCP
FormatMessageW
TerminateProcess
GetConsoleCP
GetModuleHandleExW
BeginUpdateResourceW
LoadResource
FindResourceW
CreateFileW
CreateProcessW
OutputDebugStringW
FindClose
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetUserDefaultLCID
GetCurrentProcessId
WriteConsoleW
CloseHandle
CommandLineToArgvW
UpdateWindow
GetMessageW
DefWindowProcW
PostQuitMessage
ShowWindow
SetWindowLongW
MessageBoxW
PeekMessageW
RegisterClassExW
TranslateMessage
DispatchMessageW
SendMessageW
GetWindowLongW
SetWindowTextW
SystemParametersInfoW
InvalidateRect
CallWindowProcW
LoadCursorW
LoadIconW
CreateWindowExW
EnableWindow
DestroyWindow
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
NEUTRAL DEFAULT 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Eraser Setup Bootstrapper

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
6.2.0.2970

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Eraser Setup Bootstrapper

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8196608

EntryPoint
0x10267

OriginalFileName
Eraser Setup Bootstrapper

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2015 The Eraser Project

FileVersion
6.2.0.2970

TimeStamp
2015:09:03 15:31:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Eraser Setup Bootstrapper

ProductVersion
6.2.0.2970

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Eraser Project

CodeSize
136192

FileSubtype
0

ProductVersionNumber
6.2.0.2970

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 adac90074e564f36f8b51eae5fa5eb86
SHA1 787c6ba600da38f1fc77b145e362f414a8bce5ed
SHA256 14af5f5285081437c5792bac5eba3c9aa868f935f8bb11065e388393ffa2b910
ssdeep
196608:3xN7/EvKNMH0mRbshF1ULbLtpj+TPbdXyYRyzlqVoT/i:zTE6MUmU1U3LujbdXIUyT6

authentihash fe7e31ba24e21b49174b0507b5081218198c9b1b75aed0d997df138d7c4d1ec2
imphash 99190ec716f280aeba456b6db990779e
File size 8.0 MB ( 8338384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor signed overlay

VirusTotal metadata
First submission 2015-09-04 11:13:12 UTC (3 年, 8 ヶ月前)
Last submission 2019-02-06 09:27:41 UTC (3 ヶ月, 2 週間前)
ファイル名 Eraser 6.2.0.2970.exe$
Eraser6.2.0.2970.exe
Eraser 6.2.0.2970.exe
787c6ba600da38f1fc77b145e362f414a8bce5ed
Eraser6.2.0.2970.exe
Eraser 6.2.0.2970.exe
Eraser 6.2.0.2970 1-5-2016 virustotal OK.exe
Eraser 6.2.0.2970(1).exe
eraser 6.2.0.2970.exe.k9n8wi7.partial
Eraser 6.2.0.2970 - копия.exe
Eraser 6.2.0.2970.exe
eraser_6.2.0.2970.exe
Eraser 6.2.0.2970.exe
Eraser 6.2.0.2970.exe
Eraser.exe
eraser_6-2-0-2970_fr_11144.exe
Eraser6.2.0.2970.exe
Eraser 6.2.0.2970.exe
eraser 6.2.0.2970.exe
Eraser 6.2.0.2970.exe
Eraser%206.2.0.2970.exe
eraser_installer_6.2.0.2970.exe
filename
Eraser_v6.2.0.2970.exe
Eraser 6.2.0.2970.exe
コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。