f5bb83b36c96104eb0a18e5da8fc989bcfab1b1afd89b0c08699eca496e093ad

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2059-Feb-24 20:26:57
Comments
CompanyName Varonis
FileDescription Cleaner
FileVersion 5.6.82
InternalName Cleaner.exe
LegalCopyright Copyright © Varonis 2024
LegalTrademarks
OriginalFilename Cleaner.exe
ProductName Cleaner
ProductVersion 5.6.82
Assembly Version 5.6.82.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to security software:
  • Cleaner.exe
 May have dropper capabilities:
  • CurrentControlSet\Services
 Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • help.varonis.com
  • https://help.varonis.com
  • https://help.varonis.com/s/article/Varonis-SaaS-Prerequisites-Checker-Tool-Installation-Cleaner
  • varonis.com
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Info The PE is digitally signed. Signer: Varonis Systems
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 61e804f840f5cdc333105fa4ea4c89ec
SHA1 503f92abe630d7c20e02fcaebd8148265a4551ae
SHA256 f5bb83b36c96104eb0a18e5da8fc989bcfab1b1afd89b0c08699eca496e093ad
SHA3 54886db463fd594b164c67cd734895ecc4d7e2d7398e402b156a45bc11b3585c
SSDeep 768:ceSbvx1SxhJ8UWr2nx64AsJnEbOE5dLs5FctlTLknTsKls2C+q5YiYfdsE2EyO:qTx1FQnx64AsJEbpTLAF3Kwo7Y1sEYO
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2059-Feb-24 20:26:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 48.0
SizeOfCode 0xd600
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x12000
SizeOfHeaders 0x200
Checksum 0x13459
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c956b757d9e12fbf06aac914ba9b1fc0
SHA1 29bb0a65ca5e1b0cf7e7924cec6be9d016fd9f7d
SHA256 edbc74efba48af130d2d19b14529a5dd4e0a1809333272e9511ea87448bf88c7
SHA3 6e10196a46fbda499288e5c7486c915d156fe097d5edc626de0f49777003dfe3
VirtualSize 0xd5c4
VirtualAddress 0x2000
SizeOfRawData 0xd600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.86216

.rsrc

MD5 1a8e0da7ea186b3f857b7ad5e182e84e
SHA1 6bb3de7d3b24ca180308f0d8165ba8566b4d3675
SHA256 74fcbfeba5ca2698e4af72d2fc62313e2a3b2561738711101d9d72d906287257
SHA3 2bc646f537edd153099913c3a9b62b85aabe012434a6e159891aa422fa03de6a
VirtualSize 0xac8
VirtualAddress 0x10000
SizeOfRawData 0xc00
PointerToRawData 0xd800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.60413

Imports

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.4033
MD5 e49bd7cba61748b17d0c1b2df0ebe383
SHA1 ec32fe7686d559d2a13d46e5093c4c7bc8d7cc9c
SHA256 07fd8106961d03fe031ef1d03755da15fafdc8079ada6ccf9beb7633c6e83c40
SHA3 ddf7fa845b2cadd2f1aa8669cc18778674e47d6871f7f5894ff5f06d7abb836d

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 78bb727f88e9a797284b4261136ce56b
SHA1 5ed1d3100502c999ae46a84582b2978c9a4b4802
SHA256 404e02d011bc669c67ead03b175f7eaab8a01e00c044f6aed26dc0fb1ffef4f5
SHA3 f57de7a7e2c8e0c277f68d3240579431255bc793cf2c015ec7daed9f06b55d13

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x32a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29703
MD5 e7fc7ea8896db8353ebc75bc940409b9
SHA1 6f3a9bab9983556b0d508e9046b30d4d3ef205f4
SHA256 5b5687ceda349c59b668eff40b9813aaee78f2a33523f558388f2fae2bc74fd8
SHA3 84d823699cfc24bbbb09ae8cb7d7116f5c818aace65320a262d79332fe7f7f8a

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.6.82.0
ProductVersion 5.6.82.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName Varonis
FileDescription Cleaner
FileVersion (#2) 5.6.82
InternalName Cleaner.exe
LegalCopyright Copyright © Varonis 2024
LegalTrademarks
OriginalFilename Cleaner.exe
ProductName Cleaner
ProductVersion (#2) 5.6.82
Assembly Version 5.6.82.0
Resource LangID UNKNOWN

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.