usblogview.exe
This report is generated from a file or URL submitted to this webservice on August 22nd 2019 22:14:30 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Reads terminal service related keys (often RDP related)
- Spyware
- Contains ability to open the clipboard
- Evasive
- Possibly tries to implement anti-virtualization techniques
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 3
-
General
-
Contains ability to start/interact with device drivers
- details
- DeviceIoControl@KERNEL32.DLL from usblogview.exe (PID: 2452) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 8/10
-
The input sample is signed with an invalid certificate
- details
- Error: A certificate was explicitly revoked by its issuer. (0x800b010c)
- source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains ability to start/interact with device drivers
-
Unusual Characteristics
-
Checks for a resource fork (ADS) file
- details
-
"usblogview.exe" checked file "Z:"
"usblogview.exe" checked file "C:"
"usblogview.exe" checked file "D:" - source
- API Call
- relevance
- 5/10
-
Checks for a resource fork (ADS) file
-
Suspicious Indicators 10
-
Environment Awareness
-
Possibly tries to implement anti-virtualization techniques
- details
-
"05d2 Wave Systems Corp.
05d3 Tohoku Ricoh Co., Ltd
05d5 Super Gate Technology Co., Ltd
05d6 Philips Semiconductors, CICT
05d7 Thomas & Betts Corp.
0099 10Mbps Ethernet [klsi]
05d8 Ultima Electronics Corp.
4001 Artec Ultima 2000
4002 Artec Ultima 2000 (GT6801 based)/Lifetec LT9385/ScanMagic 1200 UB Plus Scanner
4003 Artec E+ 48U
4004 Artec E+ Pro
4005 MEM48U
4006 TRUST EASY WEBSCAN 19200
4007 TRUST 240H EASY WEBSCAN GOLD
4008 Trust Easy Webscan 19200
4009 Umax Astraslim
4013 IT Scan 1200
8105 Artec T1 USB TVBOX (cold)
8106 Artec T1 USB TVBOX (warm)
8107 Artec T1 USB TVBOX with AN2235 (cold)
8108 Artec T1 USB TVBOX with AN2235 (warm)
8109 Artec T1 USB2.0 TVBOX (cold
05d9 Axiohm Transaction Solutions
a225 A225 Printer
a758 A758 Printer
a794 A794 Printer
05da Microtek International, Inc.
0091 ScanMaker X6u
0093 ScanMaker V6USL
0094 Phantom 336CX/C3
0099 ScanMaker X6/X6U
009a Phantom C6
00a0 Phantom 336CX/C3 (#2)
00a3 ScanMaker V6USL
00ac ScanMaker V6UL" (Indicator: "vbox")
"lDrive 2C
6521 TravelDrive 2C
6522 TravelDrive 2C
6523 TravelDrive
6524 TravelDrive
6525 TravelDrive
6526 TravelDrive
6527 TravelDrive
6528 TravelDrive
6529 TravelDrive
652a TravelDrive
652b TravelDrive
652c TravelDrive
652d TravelDrive
652f TravelDrive
6530 TravelDrive
6531 TravelDrive
6532 256M Stick
6533 512M Stick
6534 TravelDrive
653c Kingston DataTraveler 2.0 Stick (512M)
653d Kingston DataTraveler 2.0 Stick (1GB)
653e Flash Memory
6540 TransMemory Flash Memory
6544 Kingston DataTraveler 2.0 Stick (2GB)
6545 Kingston DataTraveler 102 Flash Drive / HEMA Flash Drive 2 GB / PNY Attache 4GB Stick
0931 Harmonic Data Systems, Ltd
0932 Crescentec Corp.
0300 VideoAdvantage
0302 Syntek DC-112X
0320 VideoAdvantage
0482 USB2.0 TVBOX
1100 DC-1100 Video Enhamcement Device
1112 Veo Web Camera
a311 Video Enhancement Device
0933 Quantum Corp.
0934 Netcom Systems
0936 NuTesla
0030 Composite Device, Mass Storage Device (Flash Drive) amd HID
003c Rhy" (Indicator: "vbox")
"Adapter
0800 Data Cable
0820 Data Cable
0900 MA i-gotU Travel Logger GPS
1800 Generic Card Reader
1802 Card Reader
0dfa Toyo Communication Equipment Co., Ltd
0dfc GeneralTouch Technology Co., Ltd
0001 Touchscreen
0e03 Nippon Systemware Co., Ltd
0e08 Winbest Technology Co., Ltd
0e0b Amigo Technology Inc.
9031 802.11n Wireless USB Card
9041 802.11n Wireless USB Card
0e0c Gesytec
0101 LonUSB LonTalk Network Adapter
0e0f VMware, Inc.
0001 Device
0002 Virtual USB Hub
0003 Virtual Mouse
0004 Virtual CCID
0005 Virtual Mass Storage
0006 Virtual Keyboard
f80a Smoker FX2
0e16 JMTek, LLC
0e17 Walex Electronic, Ltd
0e1b Crewave
0e20 Pegasus Technologies Ltd.
0101 NoteTaker
0e21 Cowon Systems, Inc.
0300 iAudio CW200
0400 MP3 Player
0500 iAudio M3
0510 iAudio X5, subpack USB port
0513 iAudio X5, side USB port
0520 iAudio M5, side USB port
0601 iAudio G3
0681 iAUDIO E2
0700 iAudio U3
0751 iAudio 7
0760 iAUDIO U5 / iAUDIO G2
0800 Cowon D2 (UMS mode)
0801" (Indicator: "vmware")
"temOnChip in RecoveryMode
0054 i.MX6Q SystemOnChip in RecoveryMode
15a4 Afatech Technologies, Inc.
1000 AF9015/AF9035 DVB-T stick
1001 AF9015/AF9035 DVB-T stick
1336 SDHC/MicroSD/MMC/MS/M2/CF/XD Flash Card Reader
9015 AF9015 DVB-T USB2.0 stick
9016 AF9015 DVB-T USB2.0 stick
15a8 Teams Power Limited
15a9 Gemtek
0004 WUBR-177G [Ralink RT2571W]
0006 Wireless 11n USB Adapter
0010 802.11n USB Wireless Card
0012 WUBR-208N 802.11abgn Wireless Adapter [Ralink RT2870]
15aa Gearway Electronics (Dong Guan) Co., Ltd.
15ad VMware Inc.
15ba Olimex Ltd.
0003 OpenOCD JTAG
0004 OpenOCD JTAG TINY
002a ARM-USB-TINY-H JTAG interface
15c0 XL Imaging
0001 2M pixel Microscope Camera
0002 3M pixel Microscope Camera
0003 1.3M pixel Microscope Camera (mono)
0004 1.3M pixel Microscope Camera (colour)
0005 3M pixel Microscope Camera (Mk 2)
0006 2M pixel Microscope Camera (with capture button)
0007 3M pixel Microscope Camera (with capture button)
0008 1.3M pixel Microscope Camera (colour," (Indicator: "vmware")
"0104 Multifunction Composite Gadget
0105 FunctionFS Gadget
0200 Qemu Audio Device
1e0e Qualcomm / Option
1e10 Point Grey Research, Inc.
2004 Sony 1.3MP 1/3" ICX445 IIDC video camera [Chameleon]
1e1d Lumension Security
0165 Secure Pen drive
1e1f INVIA
1e29 Festo AG & Co. KG
0101 CPX Adapter
0102 CPX Adapter >=HW10.09 [CP2102]
0401 iL3-TP [AT90USB646]
0402 FTDI232 [EasyPort]
0403 FTDI232 [EasyPort Mini]
0404 FTDI232 [Netzteil-GL]
0405 FTDI232 [MotorPr" (Indicator: "qemu"), "3240 Modem
8602 Miniature Card Slot
9303 Intel 8x930Hx Hub
9500 CE 9500 DVB-T
9890 82930 Test Board
beef SCM Miniature Card Reader/Writer
c013 Wireless HID Station
f001 XScale PXA27x Bulverde flash
f1a5 Z-U130 [Value Solid State Drive]
8087 Intel Corp.
0020 Integrated Rate Matching Hub
0024 Integrated Rate Matching Hub
80ee VirtualBox
0021 USB Tablet
8282 Keio
3201 Retro Adapter
3301 Retro Adapter Mouse
8341 EGO Systems
Inc.
2000 Flashdisk
9016 Sitecom
182d WL-022 802.11b Adapter
9022 TeVii Technology Ltd.
d630 DVB-S S630
d650 DVB-S2 S650
d660 DVB-S2 S660
9148 GeoLab
Ltd
# All of GeoLab's devices share the same ID 0004.
0004 R3 Compatible Device
9710 MosChip Semiconductor
7703 MCS7703 Serial Port Adapter
7705 MCS7705 Parallel port adapter
7715 MCS7715 Parallel and serial port adapter
7717 MCS7717 3-port hub with serial and parallel adapter
7720 MCS7720 Dual serial port adapter
7730 MCS7730 10/100 Mbps Ethernet adapter
7780 MCS7780 4Mbps Fast IrDA" (Indicator: "virtualbox"), "05d2 Wave Systems Corp.
05d3 Tohoku Ricoh Co.
Ltd
05d5 Super Gate Technology Co.
Ltd
05d6 Philips Semiconductors
CICT
05d7 Thomas & Betts Corp.
0099 10Mbps Ethernet [klsi]
05d8 Ultima Electronics Corp.
4001 Artec Ultima 2000
4002 Artec Ultima 2000 (GT6801 based)/Lifetec LT9385/ScanMagic 1200 UB Plus Scanner
4003 Artec E+ 48U
4004 Artec E+ Pro
4005 MEM48U
4006 TRUST EASY WEBSCAN 19200
4007 TRUST 240H EASY WEBSCAN GOLD
4008 Trust Easy Webscan 19200
4009 Umax Astraslim
4013 IT Scan 1200
8105 Artec T1 USB TVBOX (cold)
8106 Artec T1 USB TVBOX (warm)
8107 Artec T1 USB TVBOX with AN2235 (cold)
8108 Artec T1 USB TVBOX with AN2235 (warm)
8109 Artec T1 USB2.0 TVBOX (cold
05d9 Axiohm Transaction Solutions
a225 A225 Printer
a758 A758 Printer
a794 A794 Printer
05da Microtek International, Inc.
0091 ScanMaker X6u
0093 ScanMaker V6USL
0094 Phantom 336CX/C3
0099 ScanMaker X6/X6U
009a Phantom C6
00a0 Phantom 336CX/C3 (#2)
00a3 ScanMaker V6USL
00ac ScanMaker V6U" (Indicator: "vbox"), "lDrive 2C
6521 TravelDrive 2C
6522 TravelDrive 2C
6523 TravelDrive
6524 TravelDrive
6525 TravelDrive
6526 TravelDrive
6527 TravelDrive
6528 TravelDrive
6529 TravelDrive
652a TravelDrive
652b TravelDrive
652c TravelDrive
652d TravelDrive
652f TravelDrive
6530 TravelDrive
6531 TravelDrive
6532 256M Stick
6533 512M Stick
6534 TravelDrive
653c Kingston DataTraveler 2.0 Stick (512M)
653d Kingston DataTraveler 2.0 Stick (1GB)
653e Flash Memory
6540 TransMemory Flash Memory
6544 Kingston DataTraveler 2.0 Stick (2GB)
6545 Kingston DataTraveler 102 Flash Drive / HEMA Flash Drive 2 GB / PNY Attache 4GB Stick
0931 Harmonic Data Systems
Ltd
0932 Crescentec Corp.
0300 VideoAdvantage
0302 Syntek DC-112X
0320 VideoAdvantage
0482 USB2.0 TVBOX
1100 DC-1100 Video Enhamcement Device
1112 Veo Web Camera
a311 Video Enhancement Device
0933 Quantum Corp.
0934 Netcom Systems
0936 NuTesla
0030 Composite Device
Mass Storage Device (Flash Drive) amd HID
003c Rh" (Indicator: "vbox"), "Adapter
0800 Data Cable
0820 Data Cable
0900 MA i-gotU Travel Logger GPS
1800 Generic Card Reader
1802 Card Reader
0dfa Toyo Communication Equipment Co.
Ltd
0dfc GeneralTouch Technology Co.
Ltd
0001 Touchscreen
0e03 Nippon Systemware Co.
Ltd
0e08 Winbest Technology Co.
Ltd
0e0b Amigo Technology Inc.
9031 802.11n Wireless USB Card
9041 802.11n Wireless USB Card
0e0c Gesytec
0101 LonUSB LonTalk Network Adapter
0e0f VMware
Inc.
0001 Device
0002 Virtual USB Hub
0003 Virtual Mouse
0004 Virtual CCID
0005 Virtual Mass Storage
0006 Virtual Keyboard
f80a Smoker FX2
0e16 JMTek
LLC
0e17 Walex Electronic
Ltd
0e1b Crewave
0e20 Pegasus Technologies Ltd.
0101 NoteTaker
0e21 Cowon Systems
Inc.
0300 iAudio CW200
0400 MP3 Player
0500 iAudio M3
0510 iAudio X5
subpack USB port
0513 iAudio X5
side USB port
0520 iAudio M5
side USB port
0601 iAudio G3
0681 iAUDIO E2
0700 iAudio U3
0751 iAudio 7
0760 iAUDIO U5 / iAUDIO G2
0800 Cowon D2 (UMS mode)
080" (Indicator: "vmware") - source
- File/Memory
- relevance
- 4/10
-
Possibly tries to implement anti-virtualization techniques
-
General
-
Contains ability to find and load resources of a specific module
- details
-
LoadResource@KERNEL32.DLL from usblogview.exe (PID: 2452) (Show Stream)
LoadResource@KERNEL32.DLL from usblogview.exe (PID: 2452) (Show Stream) - source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to find and load resources of a specific module
-
Network Related
-
Detected increased number of ARP broadcast requests (network device lookup)
- details
- Attempt to find devices in networks: "192.168.240.25/32, 192.168.240.30/32, 192.168.240.39/32, 192.168.240.82/32, 192.168.240.85/32, 192.168.240.213/32, ..."
- source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1046 (Show technique in the MITRE ATT&CK™ matrix)
-
Detected increased number of ARP broadcast requests (network device lookup)
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
- "usblogview.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1076 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads terminal service related keys (often RDP related)
-
Spyware/Information Retrieval
-
Contains ability to open the clipboard
- details
- OpenClipboard@USER32.DLL from usblogview.exe (PID: 2452) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 10/10
- ATT&CK ID
- T1115 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains ability to open the clipboard
-
System Destruction
-
Opens file with deletion access rights
- details
- "usblogview.exe" opened "C:\report.html" with delete access
- source
- API Call
- relevance
- 7/10
-
Opens file with deletion access rights
-
Unusual Characteristics
-
Imports suspicious APIs
- details
-
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
DeviceIoControl
GetFileAttributesA
LockResource
GetDriveTypeA
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetFileSize
OpenProcess
DeleteFileA
GetTempFileNameA
ReadProcessMemory
GetProcAddress
GetTempPathA
GetModuleHandleA
WriteFile
GetStartupInfoA
LoadLibraryExA
CreateFileA
FindResourceA
ShellExecuteA
GetCursorPos - source
- Static Parser
- relevance
- 1/10
-
Reads information about supported languages
- details
- "usblogview.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
- source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Imports suspicious APIs
-
Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 11
-
Environment Awareness
-
Contains ability to query machine time
- details
- GetSystemTimeAsFileTime@KERNEL32.DLL from usblogview.exe (PID: 2452) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 1/10
- ATT&CK ID
- T1124 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains ability to query the machine version
- details
- GetVersionExA@KERNEL32.DLL from usblogview.exe (PID: 2452) (Show Stream)
- source
- Hybrid Analysis Technology
- relevance
- 1/10
-
Contains ability to query machine time
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
-
0/20 Antivirus vendors marked sample as malicious (0% detection rate)
0/64 Antivirus vendors marked sample as malicious (0% detection rate) - source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contains PDB pathways
- details
- "c:\Projects\VS2005\USBLogView\Release\USBLogView.pdb"
- source
- File/Memory
- relevance
- 1/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE" (SHA1: 8A:D5:C9:98:7E:6F:19:0B:D6:F5:41:6E:2D:E4:4C:CD:64:1D:8C:DA; see report for more information)
The input sample is signed with a certificate issued by "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US" (SHA1: 03:A5:B1:46:63:EB:12:02:30:91:B8:4A:6D:6A:68:BC:87:1D:E6:6B; see report for more information)
The input sample is signed with a certificate issued by "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US" (SHA1: B6:47:71:39:25:38:D1:EB:7A:92:81:99:87:91:C1:4A:FD:0C:50:35; see report for more information)
The input sample is signed with a certificate issued by "CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB" (SHA1: A8:0B:AE:DA:57:3D:F2:71:2F:23:A4:18:57:E6:48:47:5E:AC:9B:A5; see report for more information) - source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains PDB pathways
-
Installation/Persistance
-
Connects to LPC ports
- details
- "usblogview.exe" connecting to "\ThemeApiPort"
- source
- API Call
- relevance
- 1/10
-
Dropped files
- details
- "usblogview.cfg" has type "data"
- source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"usblogview.exe" touched file "%WINDIR%\Fonts\StaticCache.dat"
"usblogview.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"usblogview.exe" touched file "%WINDIR%\System32\en-US\msctf.dll.mui" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.nirsoft.net/"
Pattern match: "http://www.linux-usb.org/usb-ids.html"
Pattern match: "1.Gen/2.Gen"
Pattern match: "http://www.usertrust.com1"
Pattern match: "crl.usertrust.com/AddTrustExternalCARoot.crl05"
Pattern match: "http://ocsp.usertrust.com0"
Pattern match: "crl.usertrust.com/UTN-USERFirst-Object.crl05"
Pattern match: "crl.usertrust.com/UTN-USERFirst-Object.crl0t"
Pattern match: "crt.usertrust.com/UTNAddTrustObject_CA.crt0%"
Pattern match: "https://secure.comodo.net/CPS0A"
Pattern match: "crl.comodoca.com/COMODOCodeSigningCA2.crl0r"
Pattern match: "crt.comodoca.com/COMODOCodeSigningCA2.crt0$"
Pattern match: "http://ocsp.comodoca.com0"
Pattern match: "https://secure.comodo.net/CPS0C"
Pattern match: "crl.comodoca.com/COMODORSACodeSigningCA.crl0t"
Pattern match: "crt.comodoca.com/COMODORSACodeSigningCA.crt0$"
Pattern match: "http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q"
Pattern match: "http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$"
Heuristic match: "httpimww.niri0tt.net" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
- "usblogview.exe" opened "\Device\KsecDD"
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
-
Unusual Characteristics
-
Matched Compiler/Packer signature
- details
- "1581e12962cecdccc1cc3f5a980e8a3b74da95cc5f0edf9fdd8607e33a8a882b.bin" was detected as "Microsoft visual C++ v7.0"
- source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1002 (Show technique in the MITRE ATT&CK™ matrix)
-
Matched Compiler/Packer signature
File Details
usblogview.exe
- Filename
- usblogview.exe
- Size
- 535KiB (547536 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- 1581e12962cecdccc1cc3f5a980e8a3b74da95cc5f0edf9fdd8607e33a8a882b
- MD5
- 745f7c9690e220e9958aade6d5392384
- SHA1
- 2ee392492d48aebc7e8852060cb25a948615da6d
- ssdeep
- 12288:qGRk+nLrNCc19oRvPbYjxC31iyAqNyorHU4dr9TPO0iCSayRcD6W5G/TpPQ7aWgx:nRk4LrNCc19oZbFFdryHysb
- imphash
- 61f26e37013655088986b42214a8b3ac
- authentihash
- 2f9351570297d31daf30f240aea85df636d909303f122d1feaf6f9c7569c5833
- Compiler/Packer
- Microsoft visual C++ v7.0
- PDB Timestamp
- 01/18/2018 08:02:22 (UTC)
- PDB Pathway
- c:\Projects\VS2005\USBLogView\Release\USBLogView.pdb
- PDB GUID
- 107E0F95933F413A87C772D1ACB2EBCB
Version Info
- LegalCopyright
- Copyright 2011 - 2018 Nir Sofer
- InternalName
- USBLogView
- FileVersion
- 1.25
- CompanyName
- NirSoft
- ProductName
- USBLogView
- ProductVersion
- 1.25
- FileDescription
- USBLogView
- OriginalFilename
- USBLogView.exe
- Translation
- 0x0409 0x04b0
Classification (TrID)
- 32.5% (.EXE) InstallShield setup
- 23.6% (.EXE) Win32 Executable MS Visual C++ (generic)
- 20.9% (.EXE) Win64 Executable (generic)
- 9.9% (.SCR) Windows screen saver
- 4.9% (.DLL) Win32 Dynamic Link Library (generic)
File Metadata
- 1 .OBJ Files (COFF) linked with LINK.EXE 8.00 (Visual Studio 2005) (build: 50727)
- 1 .RES Files linked with CVTRES.EXE 8.00 (Visual Studio 2005) (build: 50727)
- 30 .CPP Files (with LTCG) compiled with CL.EXE 14.00 (Visual Studio 2005) (build: 50727)
- 3 .LIB Files generated with LIB.EXE 7.00 (Visual Studio .NET 2002) (build: 9210)
- 11 .C Files compiled with CL.EXE 13.10 (Visual Studio .NET 2003) (build: 9178)
- 3 .ASM Files assembled with MASM 7.00 (Visual Studio .NET 2002) (build: 9210)
- 18 .LIB Files generated with LIB.EXE 7.10 (Visual Studio .NET 2003) (build: 4035)
- 2 .C Files compiled with CL.EXE 13.10 (Visual Studio .NET 2003) (build: 4035)
- File contains C++ code
- File appears to contain raw COFF/OMF content
- File was optimized using LTCG and/or POGO
- File is the product of a medium codebase (30 files)
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
File Certificates
Error validating certificate: A certificate was explicitly revoked by its issuer. (0x800b010c)
Download Certificate File (12KiB)Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US | CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial: 421af2940984191f520a4bc62426a74b |
06/07/2005 08:09:10 05/30/2020 10:48:38 |
FF:5F:BC:42:90:FA:38:9E:79:84:67:EB:D7:AE:94:0B 8A:D5:C9:98:7E:6F:19:0B:D6:F5:41:6E:2D:E4:4C:CD:64:1D:8C:DA |
CN=COMODO SHA-1 Time Stamping Signer, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Serial: 1688f039255e638e69143907e6330b |
12/31/2015 00:00:00 07/09/2019 18:40:36 |
8F:C6:01:B2:F5:01:26:30:60:AC:8D:52:9D:37:A2:94 03:A5:B1:46:63:EB:12:02:30:91:B8:4A:6D:6A:68:BC:87:1D:E6:6B |
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Serial: 10709d4ff55408d7306001d8ea9175bb |
08/24/2011 00:00:00 05/30/2020 10:48:38 |
DB:84:B1:A0:71:5C:FD:1E:33:D1:93:5D:DC:9B:EB:4E B6:47:71:39:25:38:D1:EB:7A:92:81:99:87:91:C1:4A:FD:0C:50:35 |
CN=Nir Sofer, O=Nir Sofer, STREET=5 Hashoshanim st., L=Ramat Gan, ST=Gush Dan, OID.2.5.4.17=52583, C=IL | CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial: 1af0660e837a35a2cd92ec613fc15db8 |
09/12/2014 00:00:00 09/12/2019 23:59:59 |
20:08:03:20:FB:D4:63:05:C5:57:81:75:AB:0A:9E:AA A8:0B:AE:DA:57:3D:F2:71:2F:23:A4:18:57:E6:48:47:5E:AC:9B:A5 |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- usblogview.exe (PID: 2452)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Memory Forensics
String | Context | Stream UID |
---|---|---|
http://www.nirsoft.net | Domain/IP reference | 00025877-00002452-59010-131-00402151 |
Extracted Strings
Extracted Files
-
Informative 1
-
-
usblogview.cfg
- Size
- 490B (490 bytes)
- Type
- data
- Runtime Process
- usblogview.exe (PID: 2452)
- MD5
- 3e91290748340930fcb7a5b1829d184d
- SHA1
- 2f99b77971e9fe73a809de5e587e9c2463ec1fa2
- SHA256
- ad595ee086cd8452a064204e2f13ab0354a08c694c9426ff355f5ad1e981b455
-