× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: d2ceb2c12df691789377cc2ee4bb0524c2ed8358a7d458185e0018ec21bc1b4f
Dateiname: installer.exe
Erkennungsrate: 3 / 46
Analyse-Datum: 2013-04-02 13:18:16 UTC ( vor 5 Jahre, 4 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
DrWeb Adware.Downware.914 20130402
Emsisoft Trojan.Win32.YourFileDownloader.AMN (A) 20130402
ESET-NOD32 a variant of Win32/YourFileDownloader.B 20130402
Yandex 20130401
AhnLab-V3 20130402
AntiVir 20130402
Antiy-AVL 20130402
Avast 20130402
AVG 20130402
BitDefender 20130402
ByteHero 20130322
CAT-QuickHeal 20130402
ClamAV 20130402
Commtouch 20130402
Comodo 20130402
eSafe 20130328
F-Prot 20130402
F-Secure 20130402
Fortinet 20130402
GData 20130402
Ikarus 20130402
Jiangmin 20130331
K7AntiVirus 20130401
Kaspersky 20130402
Kingsoft 20130401
Malwarebytes 20130402
McAfee 20130402
McAfee-GW-Edition 20130402
Microsoft 20130402
eScan 20130402
NANO-Antivirus 20130402
Norman 20130402
nProtect 20130402
Panda 20130402
PCTools 20130402
Rising 20130402
Sophos AV 20130402
SUPERAntiSpyware 20130402
Symantec 20130402
TheHacker 20130401
TotalDefense 20130402
TrendMicro 20130402
TrendMicro-HouseCall 20130402
VBA32 20130330
VIPRE 20130402
ViRobot 20130402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright http://www.goforfiles.com/ (C) 2012

Publisher Righway Technologies
Product GoforFiles
Original name GoforFiles.exe
Internal name GoforFiles
File version 1, 0, 0, 458
Description GoforFiles
Signature verification Signed file, verified signature
Signing date 1:20 PM 1/31/2013
Signers
[+] Righway Technologies
Status Valid
Issuer None
Valid from 1:00 AM 8/22/2012
Valid to 12:59 AM 8/23/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint 18E203C5B1637AA55933D277B14D49A9CBE98BD0
Serial number 00 89 B8 C1 47 F0 63 76 9F 8D 68 59 62 C1 61 E0 27
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-28 12:03:58
Entry Point 0x0000EE88
Number of sections 5
PE sections
PE imports
GetTokenInformation
DuplicateTokenEx
SetEntriesInAclW
GetSidSubAuthority
OpenProcessToken
GetSidSubAuthorityCount
FreeSid
AllocateAndInitializeSid
GetSecurityInfo
SetSecurityInfo
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
WriteFile
RemoveDirectoryW
FindNextFileW
GetCurrentThreadId
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
UnmapViewOfFile
OpenEventW
CreateProcessW
Sleep
FindResourceA
SysFreeString
VariantInit
VariantClear
SysAllocString
RpcStringFreeW
UuidToStringW
SHGetMalloc
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
SHSetValueW
SHDeleteKeyW
PathFindFileNameW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW
PathRemoveExtensionW
PostQuitMessage
DefWindowProcW
GetMessageW
GetShellWindow
ShowWindow
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
TranslateMessage
PostMessageW
DispatchMessageW
DestroyIcon
SendMessageA
SetWindowTextW
MessageBoxIndirectW
FindWindowExA
LoadCursorW
LoadIconW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW
InternetReadFile
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateGuid
Number of PE resources by type
PNG 27
DATA 14
RT_ICON 12
RT_HTML 6
RT_GROUP_ICON 2
RT_MANIFEST 1
GIF 1
CSS 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 64
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.458

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4722176

FileOS
Windows NT 32-bit

EntryPoint
0xee88

MIMEType
application/octet-stream

LegalCopyright
Copyright http://www.goforfiles.com/ (C) 2012

FileVersion
1, 0, 0, 458

TimeStamp
2013:01:28 13:03:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GoforFiles

ProductVersion
2,0,0,0

FileDescription
GoforFiles

OSVersion
5.1

OriginalFilename
GoforFiles.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
http://www.goforfiles.com/

CodeSize
137728

ProductName
GoforFiles

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 1cadb0aa6b4ba5f6c6b6665532884060
SHA1 9aba8d19793b0937f9d9f0a8dfc2055aa4dcbfb9
SHA256 d2ceb2c12df691789377cc2ee4bb0524c2ed8358a7d458185e0018ec21bc1b4f
ssdeep
98304:2bEVXcz0wqsNhjtjGH5YfHqQUReYNa1pzsDryDDqGT35MQHETuud:24Vsz0whBjGZYfTU3Na1RBNNeTus

authentihash 60ba936087161d7f69a888a527c6f1de902367a387cd0e64a370f5d5dbb674b1
imphash fa3bb3f27bb2c4ec2d8b4ce5d730daed
File size 4.6 MB ( 4868168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2013-02-12 14:09:37 UTC ( vor 5 Jahre, 6 Monate )
Last submission 2015-05-03 11:52:40 UTC ( vor 3 Jahre, 3 Monate )
Dateinamen GoforFiles.exe
aa
installer.exe
file-5188407_exe
GoforFiles
o7LMnLC.sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.