× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70d65bc1628d1f202fb8fd64ef2bc2e1003421ec2bd2827496122c62fe37e8af
File name: cylancesvc.exe
Detection ratio: 0 / 56
Analysis date: 2016-10-08 00:31:33 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware 20161008
AegisLab 20161007
AhnLab-V3 20161007
Alibaba 20161003
ALYac 20161008
Antiy-AVL 20161008
Arcabit 20161008
Avast 20161008
AVG 20161008
Avira (no cloud) 20161008
AVware 20161008
Baidu 20161001
BitDefender 20161008
Bkav 20161007
CAT-QuickHeal 20161007
ClamAV 20161008
CMC 20161003
Comodo 20161007
CrowdStrike Falcon (ML) 20160725
Cyren 20161008
DrWeb 20161008
Emsisoft 20161008
ESET-NOD32 20161007
F-Prot 20161008
F-Secure 20161008
Fortinet 20161008
GData 20161008
Ikarus 20161007
Sophos ML 20160928
Jiangmin 20161007
K7AntiVirus 20161007
K7GW 20161007
Kaspersky 20161007
Kingsoft 20161008
Malwarebytes 20161007
McAfee 20161007
McAfee-GW-Edition 20161007
Microsoft 20161007
eScan 20161007
NANO-Antivirus 20161007
nProtect 20161007
Panda 20161007
Qihoo-360 20161008
Rising 20161007
Sophos AV 20161007
SUPERAntiSpyware 20161007
Symantec 20161007
Tencent 20161008
TheHacker 20161007
TrendMicro 20161007
TrendMicro-HouseCall 20161007
VBA32 20161007
VIPRE 20161007
ViRobot 20161007
Yandex 20161008
Zillya 20161007
Zoner 20161007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) Cylance 2016

Product CylancePROTECT
Original name CylanceSvc.exe
Internal name CylanceSvc.exe
File version 1.2.1390.74
Description Cylance Agent
Signature verification Signed file, verified signature
Signing date 6:15 PM 8/31/2016
Signers
[+] Cylance
Status Valid
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 9/9/2014
Valid to 12:59 AM 12/3/2016
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint C91F7616669768625FD1F87487FC1C544B6AEC94
Serial number 16 61 FD 0E 5D 7E 52 EE 4C 1F 1A 44 CC 97 ED CF
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-31 17:11:28
Entry Point 0x00087065
Number of sections 3
.NET details
Module Version ID 5e463c44-f45d-41a3-adb9-a1fa35af9370
TypeLib ID 24bf30c9-2af0-48f8-a042-ce08439efba5
PE sections
Overlays
MD5 a02778d8e9a5bd1a563edc2429dbf49b
File type data
Offset 657920
Size 25432
Entropy 7.66
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
112128

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1390.74

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x87065

OriginalFileName
CylanceSvc.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Cylance 2016

FileVersion
1.2.1390.74

TimeStamp
2016:08:31 18:11:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CylanceSvc.exe

ProductVersion
1.2.1390.74

FileDescription
Cylance Agent

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cylance, Inc.

CodeSize
545280

ProductName
CylancePROTECT

ProductVersionNumber
1.2.1390.74

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.2.1390.74

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 dc47eb5618c9d77b945036b920ef0747
SHA1 523af740a78b7d4f9390e89094418ee388211d27
SHA256 70d65bc1628d1f202fb8fd64ef2bc2e1003421ec2bd2827496122c62fe37e8af
ssdeep
12288:yE8D0gBjE6dOHHwA4xvKDMvzKgqmODt2eTdONn5IvqIQ11BE0BUkyHltf+Yfd5K:wBY6KQ78MbKnmgtVdA571WsU/LP15K

authentihash d7d5f3a8cd922a7fbe9c5800d44a9badfa1ca9ea083dfbf17f9399ad0ee9c1b8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 667.3 KB ( 683352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2016-09-08 20:26:42 UTC ( 1 year, 1 month ago )
Last submission 2016-10-08 00:31:33 UTC ( 1 year ago )
File names CylanceSvc.exe
cylancesvc.exe
cylancesvc.exe
CylanceSvc.exe
CylanceSvc.exe
CylanceSvc.exe
CylanceSvc.exe
CylanceSvc.exe
cylancesvc.exe
CylanceSvc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications