File name: | clang.exe |
Full analysis: | https://app.any.run/tasks/94ca0bf3-60e2-41eb-8209-fac9e23f56d0 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2019, 20:21:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386, for MS Windows |
MD5: | 5720F420E642562E5FC1A7DBC5C40160 |
SHA1: | 44E50E388A8A63599A735AF892371CCC4BD64F49 |
SHA256: | E037C1FA6A4F396F26293895846290932F29229225CE28B1882E6AACCFAAAFAE |
SSDEEP: | 24576:W45Q4FhY2E/Iq05FZBNmAxfToc0ClZeK/5tJN7DlET7ZFO5KFUTpkakb9:W45p2Iq05FbNmYToc0C+gXJvEhFOeUTJ |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductVersion: | 8.10.11.0 |
---|---|
ProductName: | BullseyeCoverage |
LegalCopyright: | Copyright (c) Bullseye Testing Technology |
FileVersion: | 8.10.11.0 |
FileDescription: | BullseyeCoverage |
CompanyName: | Bullseye Testing Technology |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Unknown (0) |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 8.10.11.0 |
FileVersionNumber: | 8.10.11.0 |
Subsystem: | Windows command line |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0xa67c0 |
UninitializedDataSize: | - |
InitializedDataSize: | 274432 |
CodeSize: | 900096 |
LinkerVersion: | 14 |
PEType: | PE32 |
TimeStamp: | 2016:06:27 22:35:26+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 27-Jun-2016 20:35:26 |
Detected languages: |
|
CompanyName: | Bullseye Testing Technology |
FileDescription: | BullseyeCoverage |
FileVersion: | 8.10.11.0 |
LegalCopyright: | Copyright (c) Bullseye Testing Technology |
ProductName: | BullseyeCoverage |
ProductVersion: | 8.10.11.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000120 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 6 |
Time date stamp: | 27-Jun-2016 20:35:26 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000DBAC0 | 0x000DBC00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.66005 |
.rdata | 0x000DD000 | 0x000335CE | 0x00033600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.41953 |
.data | 0x00111000 | 0x000064AC | 0x00002600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.66823 |
.gfids | 0x00118000 | 0x0000016C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.31398 |
.tls | 0x00119000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0203931 |
.rsrc | 0x0011A000 | 0x00008FE8 | 0x00009000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.9379 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.37694 | 1076 | UNKNOWN | English - United States | RT_MANIFEST |
IMAGE_EVENT_E0 | 4.88581 | 103 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E1 | 6.50583 | 239 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E10 | 5.17685 | 116 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E11 | 5.60119 | 152 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E12 | 6.52849 | 230 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E2 | 5.73279 | 136 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E3 | 6.02858 | 173 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E4 | 6.51821 | 234 | UNKNOWN | English - United States | PNG |
IMAGE_EVENT_E5 | 6.38738 | 239 | UNKNOWN | English - United States | PNG |
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Users\admin\AppData\Local\Temp\clang.exe" | C:\Users\admin\AppData\Local\Temp\clang.exe | — | explorer.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
4068 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
2564 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
3196 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
3804 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
2300 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
2940 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
3572 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
2116 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 | ||||
2776 | c:\Users\admin\AppData\Local\Temp\.\clang.exe | c:\Users\admin\AppData\Local\Temp\clang.exe | — | clang.exe |
User: admin Company: Bullseye Testing Technology Integrity Level: MEDIUM Description: BullseyeCoverage Version: 8.10.11.0 |