![]() |
Clean |
Valkyrie Final Verdict |
File Name: ShareX_NativeMessagingHost.exe
File Type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SHA1: a837a13d3970418932158fbcc6b3e1626a50b53c
MD5: deb3c9b791986a397d8c57a93c658169
First Seen Date: 2017-04-17 14:13:53 ( )
Number of Clients Seen: 2
Last Analysis Date: 2017-04-17 14:13:53 ( )
Human Expert Analysis Result: No human expert analysis verdict given to this sample yet.
Verdict Source: Signature Based Detection
Analysis Summary
Analysis Type | Date | Verdict | |
---|---|---|---|
Signature Based Detection | 2017-04-17 14:13:53 | Clean | |
Static Analysis Overall Verdict | 2017-04-17 14:13:53 | No Threat Found | help |
Dynamic Analysis Overall Verdict | 2017-04-17 14:13:53 | No Threat Found | help |
Precise Detectors Overall Verdict | 2017-04-17 14:13:53 | No Match | help |
File Certificate Validation | 2017-04-17 14:13:53 | Not Applicable | help |
Static Analysis
Static Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Detector | Result | |
---|---|---|
Optional Header LoaderFlags field is valued illegal | Clean | |
Non-ascii or empty section names detected | Clean | |
Illegal size of optional Header | Clean | |
Packer detection on signature database | Unknown | help |
Based on the sections entropy check! file is possibly packed | Clean | |
Timestamp value suspicious | Clean | |
Header Checksum is zero! | Suspicious | |
Enrty point is outside the 1st(.code) section! Binary is possibly packed | Clean | |
Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
Anti-vm present | Clean | |
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
TLS callback functions array detected | Clean |
Packer detection on signature database
Microsoft Visual C# / Basic .NET
.NET executable
Dynamic Analysis
Dynamic Analysis Overall Verdict | Result |
---|---|
No Threat Found | help |
Suspicious Behaviors | |
---|---|
Operation successfully finished. |
Behavioral Information
C:\Windows\SysWOW64\rundll32.exe
Precise Detectors Analysis Results
Detector Name | Date | Verdict | Reason | |
---|---|---|---|---|
Static Precise PUA Detector 1 | 2017-04-17 14:13:12 | No Match | help | NotDetected |
Static Precise Virus Detector | 2017-04-17 14:13:12 | No Match | help | NotDetected |
Static Precise Trojan Detector | 2017-04-17 14:13:12 | No Match | help | NotDetected |
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Additional File Information
Property | Value |
---|---|
compilation time stamp | 0x58EFF610 [Thu Apr 13 22:05:04 2017 UTC] |
entry point | 0x402df2 (.text) |
file size | 6656 |
machine type | Intel 386 or later - 32Bit |
Translation | 0x0000 0x04b0 |
Legal Copyright | Copyright (c) 2007-2017 ShareX Team |
Assembly Version | 1.0.0.0 |
Internal Name | ShareX_NativeMessagingHost.exe |
File Version | 1.0.0.0 |
Company Name | ShareX Team |
Legal Trademarks | |
Comments | |
Product Name | ShareX |
Product Version | 1.0.0.0 |
File Description | ShareX NativeMessagingHost |
Original Filename | ShareX_NativeMessagingHost.exe |
mime type | application/x-dosexec |
number of sections | 3 |
sha256 | 8d1bbce4b602aaacbf7e2153c83793ed67a2bf121e5eea2e57bb783b9b023dc7 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
---|---|---|---|---|---|
.text | 0x2000 | 0xdf8 | 0xe00 | 5.334402 | - |
.rsrc | 0x4000 | 0x64c | 0x800 | 3.525980 | - |
.reloc | 0x6000 | 0xc | 0x200 | 0.081539[SUSPICIOUS] | - |