× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 006118bf1ea457baa2c10a851fcd9628c323e4970ff2319f1789062b88fff389
File name: wincert
Detection ratio: 43 / 55
Analysis date: 2014-12-18 16:27:10 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.111627 20141218
Yandex Trojan.Agentb!/VuIy4wmtNc 20141217
AhnLab-V3 Trojan/Win32.Agentb 20141218
ALYac Trojan.30962013 20141218
Antiy-AVL Trojan/Win32.Agentb 20141218
Avast Win32:Malware-gen 20141218
AVG BackDoor.Generic17.CDUF 20141218
Avira (no cloud) TR/Graftor.111627.2 20141218
AVware Trojan.Win32.Generic!BT 20141218
Baidu-International Trojan.Win32.Agent.AsP 20141218
BitDefender Gen:Variant.Graftor.111627 20141218
Comodo UnclassifiedMalware 20141218
Cyren W32/Agent.WDBM-4646 20141218
DrWeb Trojan.DownLoader10.40779 20141218
Emsisoft Gen:Variant.Graftor.111627 (B) 20141218
ESET-NOD32 a variant of Win32/Agent.QBC 20141218
F-Prot W32/Agent.KFJ 20141218
F-Secure Gen:Variant.Graftor.111627 20141218
Fortinet W32/BDoor.FBKI!tr.bdr 20141218
GData Gen:Variant.Graftor.111627 20141218
Ikarus Trojan-Spy.Win32.Hanove 20141218
K7AntiVirus Trojan ( 0001140e1 ) 20141218
K7GW Trojan ( 0001140e1 ) 20141218
Kaspersky Trojan.Win32.Agentb.aehm 20141218
Kingsoft Win32.Troj.Agentb.ad.(kcloud) 20141218
Malwarebytes Trojan.FakeMS.ED 20141218
McAfee BackDoor-FBKI!920FEFDC36DA 20141218
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20141218
Microsoft TrojanSpy:Win32/Hanove.F 20141218
eScan Gen:Variant.Graftor.111627 20141218
Norman Suspicious_Gen5.AHRZP 20141218
nProtect Trojan/W32.Agentb.250368.B 20141218
Panda Generic Malware 20141218
Qihoo-360 Win32/Trojan.04c 20141218
Symantec Trojan.Gen.2 20141218
Tencent Win32.Trojan.Agentb.Hphv 20141218
TheHacker Trojan/Agent.qbc 20141217
TrendMicro TROJ_AGENTB.EG 20141218
TrendMicro-HouseCall TROJ_AGENTB.EG 20141218
VBA32 Trojan.Agentb 20141218
VIPRE Trojan.Win32.Generic!BT 20141218
ViRobot Trojan.Win32.Agent.250368.H[h] 20141218
Zillya Trojan.Agentb.Win32.1784 20141218
AegisLab 20141218
Bkav 20141217
ByteHero 20141218
CAT-QuickHeal 20141218
ClamAV 20141218
CMC 20141218
Jiangmin 20141218
NANO-Antivirus 20141218
Rising 20141217
SUPERAntiSpyware 20141218
TotalDefense 20141218
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Publisher Microsoft Organization
Product Windows NT Application
Original name wincert.exe
Internal name wincert
File version 5,2, 0, 12
Description Windows NT Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-29 10:31:08
Entry Point 0x00010E58
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
SetFileAttributesW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GlobalDeleteAtom
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetComputerNameW
GlobalReAlloc
lstrcmpA
InterlockedIncrement
IsValidLocale
lstrcmpW
GlobalLock
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetSpecialFolderPathW
ShellExecuteW
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
IsIconic
ReleaseDC
DrawTextExW
GetPropW
LoadBitmapW
SetWindowTextW
DefWindowProcW
CopyRect
GetCapture
GetMenuState
KillTimer
MessageBoxW
DestroyMenu
GetMessageW
PostQuitMessage
GetMessagePos
SetPropW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
SetWindowLongW
GetMenuCheckMarkDimensions
PeekMessageW
GrayStringW
GetWindowRect
EnableWindow
SetMenu
SetWindowPos
AdjustWindowRectEx
GetMessageTime
GetWindow
PostMessageW
GetSysColor
SendMessageW
SetMenuItemBitmaps
GetDC
GetKeyState
GetMenuItemCount
SystemParametersInfoA
GetDlgCtrlID
CheckMenuItem
GetMenu
GetClassLongW
RegisterClassW
WinHelpW
GetWindowPlacement
IsWindowEnabled
GetClassInfoW
GetDlgItem
RemovePropW
DrawTextW
IsWindow
EnableMenuItem
ClientToScreen
CallNextHookEx
GetSubMenu
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
GetMenuItemID
GetTopWindow
ModifyMenuW
GetClientRect
GetWindowTextW
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetFocus
CreateWindowExW
TabbedTextOutW
GetWindowLongW
SetForegroundWindow
PtInRect
GetLastActivePopup
UnhookWindowsHookEx
DispatchMessageW
DestroyWindow
HttpQueryInfoW
InternetQueryDataAvailable
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenUrlW
InternetAttemptConnect
InternetOpenW
HttpOpenRequestW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
50688

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
5,2, 0, 12

TimeStamp
2013:10:29 11:31:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wincert

FileAccessDate
2014:12:18 22:49:25+01:00

ProductVersion
5,2, 0, 12

FileDescription
Windows NT Application

OSVersion
5.0

FileCreateDate
2014:12:18 22:49:25+01:00

OriginalFilename
wincert.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Organization

CodeSize
198656

ProductName
Windows NT Application

ProductVersionNumber
1.0.0.1

EntryPoint
0x10e58

ObjectFileType
Executable application

File identification
MD5 920fefdc36da03ce9b06fc5267664406
SHA1 dc68022183db24c996707445c602e61a7b45980c
SHA256 006118bf1ea457baa2c10a851fcd9628c323e4970ff2319f1789062b88fff389
ssdeep
6144:PxaYJlEnFBbSaDZAJR/I6E+i7IPpDrB9T6pFzmEMN3Qm8ENv:PxaYJlEbhZAJNrL4F6EMNaE1

authentihash 2482faf7c78e4b99db8a5cd29ce1119515ca69da96bf1dbb4a68673280aab9a3
imphash 063af06032084dad2689673d33265bb4
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-05 23:02:29 UTC ( 3 years, 9 months ago )
Last submission 2014-03-31 21:22:57 UTC ( 3 years, 4 months ago )
File names 12
vti-rescan
Updates.exe
wincert.exe
dc68022183db24c996707445c602e61a7b45980c_Updates.ex
wincert
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections