× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9
File name: SecureInput .exe
Detection ratio: 42 / 57
Analysis date: 2016-09-28 12:55:15 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Zusy.132865 20160928
AVG BackDoor.Generic18.BOZC 20160928
AVware Trojan.Win32.Generic!BT 20160928
Ad-Aware Gen:Variant.Zusy.132865 20160928
AegisLab DangerousObject.Multi.Generic!c 20160928
AhnLab-V3 Packed/Win32.Generic.N1421733450 20160928
Arcabit Trojan.Zusy.D20701 20160928
Avast Win32:BackDoor-ADW [Trj] 20160928
Avira (no cloud) TR/Zusy.mdym 20160928
BitDefender Gen:Variant.Zusy.132865 20160928
Bkav W32.HfsAdware.6B12 20160928
Comodo UnclassifiedMalware 20160928
DrWeb Trojan.Siggen6.58591 20160928
ESET-NOD32 Win32/Shyape.J 20160928
Emsisoft Gen:Variant.Zusy.132865 (B) 20160928
F-Secure Gen:Variant.Zusy.132865 20160928
Fortinet PossibleThreat.SB!tr.dldr 20160928
GData Gen:Variant.Zusy.132865 20160928
Ikarus Trojan.DtopToolz 20160928
Jiangmin Trojan/Sakelua.a 20160928
K7AntiVirus Trojan ( 004b506c1 ) 20160928
K7GW Trojan ( 004b506c1 ) 20160928
Kaspersky Trojan.Win32.Sakelua.a 20160928
McAfee BackDoor-FCLT 20160928
McAfee-GW-Edition BackDoor-FCLT 20160927
eScan Gen:Variant.Zusy.132865 20160928
Microsoft Trojan:Win32/Sakurel.C!dha 20160928
NANO-Antivirus Trojan.Win32.Sakelua.drlhwi 20160927
Panda Trj/CI.A 20160927
Qihoo-360 Trojan.Generic 20160928
Rising Trojan.Generic-UAGJvm9Br1D (cloud) 20160928
Sophos Troj/Agent-ALMY 20160928
Symantec Trojan.Sakurel 20160928
Tencent Win32.Trojan.Sakelua.Hufi 20160928
TheHacker Trojan/Shyape.j 20160927
TrendMicro BKDR_SAKUREL.D 20160928
TrendMicro-HouseCall BKDR_SAKUREL.D 20160928
VBA32 Trojan.Sakelua 20160928
VIPRE Trojan.Win32.Generic!BT 20160928
ViRobot Trojan.Win32.Z.Sakelua.508128.A[h] 20160928
Yandex Trojan.Sakelua! 20160927
Zillya Trojan.Sakelua.Win32.2 20160928
Alibaba 20160928
Antiy-AVL 20160928
Baidu 20160928
CAT-QuickHeal 20160928
CMC 20160928
ClamAV 20160928
CrowdStrike Falcon (ML) 20160725
Cyren 20160928
F-Prot 20160926
Invincea 20160917
Kingsoft 20160928
Malwarebytes 20160928
SUPERAntiSpyware 20160928
Zoner 20160928
nProtect 20160928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
CITRIX System,Inc. All rights reserved.

Product Secure Input
Original name SecureInput .exe
Internal name SecureInput .exe
File version 1, 3, 2, 1
Description CITRIX Access Gateway Secure Input.
Signature verification Certificate out of its validity period
Signers
[+] DTOPTOOLZ Co.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 8/28/2013
Valid to 12:59 AM 9/28/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 6E752358D18B8B401A764ABE1AB9D6D5B42332C8
Serial number 47 D5 D5 37 2B CB 15 62 B4 C9 F4 C2 BD F1 35 87
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-20 01:34:53
Entry Point 0x000102E2
Number of sections 5
PE sections
Overlays
MD5 b83d8aadb46384cefaa67a7a03949fe1
File type data
Offset 504320
Size 3808
Entropy 7.25
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
GetCurrentThread
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumResourceLanguagesW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
CreateThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcmpW
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
WritePrivateProfileStringW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
CreateProcessA
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
ShellExecuteA
PathFindExtensionW
PathFindFileNameW
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
GetTopWindow
GetWindowTextW
GetActiveWindow
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
IsIconic
GetSubMenu
SetTimer
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
SetFocus
RegisterWindowMessageW
BeginPaint
DefWindowProcW
KillTimer
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
DrawIcon
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
CreateDialogIndirectParamW
DrawTextExW
EndDialog
GetCapture
GetWindowThreadProcessId
MessageBoxW
GetMenu
UnhookWindowsHookEx
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
EnableMenuItem
IsWindowVisible
WinHelpW
DispatchMessageW
CallWindowProcW
GetClassNameW
ModifyMenuW
ValidateRect
GetFocus
wsprintfW
SetCursor
SetMenu
RemovePropW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 9
RT_BITMAP 4
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 63
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.2.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
360448

EntryPoint
0x102e2

OriginalFileName
SecureInput .exe

MIMEType
application/octet-stream

LegalCopyright
CITRIX System,Inc. All rights reserved.

FileVersion
1, 3, 2, 1

TimeStamp
2013:12:20 02:34:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SecureInput .exe

ProductVersion
1, 3, 2, 1

FileDescription
CITRIX Access Gateway Secure Input.

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CITRIX System,Inc

CodeSize
142848

ProductName
Secure Input

ProductVersionNumber
1.3.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 98721c78dfbf8a45d152a888c804427c
SHA1 e8d06bd24e600f95b67786db6ff37da1c8995854
SHA256 8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9
ssdeep
6144:FO5VQbWWLNA2rdbN16L3U67Doa3SYBvO53S8+XvubqY9xnhTKPSa:VNAidbN16467x3HSS86uq2tVpa

authentihash 854a038dbec840533bec54eb7beaee3ea279cb01e06b8b422044887cfb3f9477
imphash e16f2163e264b8c76d0ab0a2ef9d0dc6
File size 496.2 KB ( 508128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-04-22 14:43:49 UTC ( 2 years, 9 months ago )
Last submission 2015-07-30 10:42:29 UTC ( 1 year, 5 months ago )
File names SecureInput .exe
file-7681442_
CitrixInstallere8d06bd24e600f95b67786db6ff37da1c8995854.exe
98721C78DFBF8A45D152A888C804427C.ex
vti-rescan
SecureInput.exe
98721c78dfbf8a45d152a888c804427c.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created processes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.