× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00675ff4119dee81da1310161b0aef47f0ded4f489e833a344e3d90d429ac4b8
File name: UnHackMe
Detection ratio: 0 / 57
Analysis date: 2015-01-30 22:15:05 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20150130
AegisLab 20150130
Yandex 20150130
AhnLab-V3 20150130
Alibaba 20150130
ALYac 20150130
Antiy-AVL 20150130
Avast 20150130
AVG 20150130
Avira (no cloud) 20150130
AVware 20150130
Baidu-International 20150130
BitDefender 20150130
Bkav 20150130
ByteHero 20150130
CAT-QuickHeal 20150130
ClamAV 20150130
CMC 20150129
Comodo 20150130
Cyren 20150130
DrWeb 20150130
Emsisoft 20150130
ESET-NOD32 20150130
F-Prot 20150130
F-Secure 20150130
Fortinet 20150130
GData 20150130
Ikarus 20150130
Jiangmin 20150129
K7AntiVirus 20150130
K7GW 20150130
Kaspersky 20150130
Kingsoft 20150130
Malwarebytes 20150130
McAfee 20150130
McAfee-GW-Edition 20150130
Microsoft 20150130
eScan 20150130
NANO-Antivirus 20150130
Norman 20150130
nProtect 20150130
Panda 20150130
Qihoo-360 20150130
Rising 20150129
Sophos AV 20150130
SUPERAntiSpyware 20150130
Symantec 20150130
Tencent 20150130
TheHacker 20150130
TotalDefense 20150130
TrendMicro 20150130
TrendMicro-HouseCall 20150130
VBA32 20150129
VIPRE 20150130
ViRobot 20150130
Zillya 20150129
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Greatis Software (c)

Publisher Greatis Software LLC
Product UnHackMe
Original name UnHackMe.exe
Internal name UnHackMe
File version 7.60.0.460
Description Detects and removes rootkits
Comments http://www.greatis.com
Signature verification Signed file, verified signature
Signing date 1:09 PM 12/29/2014
Signers
[+] Greatis Software LLC
Status Valid
Issuer None
Valid from 1:00 AM 6/2/2011
Valid to 12:59 AM 6/2/2016
Valid usage Code Signing
Algorithm SHA1
Thumbprint 119AF5ED3B1B7ACA667C4A13603AA77C9984DE15
Serial number 57 54 25 92 0A 0F A1 10 B2 3C 10 FD 66 9F AE 85
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-29 11:23:45
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
AdjustTokenPrivileges
FlatSB_SetScrollInfo
GetOpenFileNameA
BitBlt
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
CoInitialize
GetErrorInfo
VariantChangeTypeEx
OleLoadPicture
SHGetFileInfoA
SHGetFolderPathA
ActivateKeyboardLayout
GetFileVersionInfoA
HttpOpenRequestA
ClosePrinter
PE exports
Number of PE resources by type
RT_BITMAP 51
RT_RCDATA 24
RT_STRING 18
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 4
RT_MESSAGETABLE 1
RT_MANIFEST 1
AVI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 79
ENGLISH UK 24
RUSSIAN 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
LegalTrademarks
UnHackMe

SubsystemVersion
4.0

Comments
http://www.greatis.com

InitializedDataSize
282624

ImageVersion
0.0

ProductName
UnHackMe

FileVersionNumber
7.60.0.460

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
5.0

OriginalFilename
UnHackMe.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.60.0.460

TimeStamp
2014:12:29 12:23:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
UnHackMe

FileAccessDate
2015:01:30 23:15:13+01:00

ProductVersion
7.6

FileDescription
Detects and removes rootkits

OSVersion
4.0

FileCreateDate
2015:01:30 23:15:13+01:00

FileOS
Win32

LegalCopyright
Greatis Software (c)

MachineType
Intel 386 or later, and compatibles

CompanyName
Greatis Software

CodeSize
1347584

FileSubtype
0

ProductVersionNumber
7.60.0.460

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 9181c4a20aaa02c3c1b8d88b6a8205be
SHA1 def3e9fc475867ab22e2aa70e74117a711992efd
SHA256 00675ff4119dee81da1310161b0aef47f0ded4f489e833a344e3d90d429ac4b8
ssdeep
49152:FpGrQUGGvswk/5t1lM3EyAWOH/JFRPz6jVrG:+rQ4k/5t6EMOHBfPqG

authentihash a7ed226010b6f70fdbb095a8df7e963d5cb30059709943a1fcde9103d18c9b8e
imphash f472b896750d76e05bd86156986f1003
File size 2.0 MB ( 2111760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (60.3%)
Windows Screen Saver (18.3%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Generic Win/DOS Executable (2.8%)
Tags
peexe asprotect aspack signed

VirusTotal metadata
First submission 2015-01-04 12:08:56 UTC ( 2 years, 10 months ago )
Last submission 2015-01-04 12:08:56 UTC ( 2 years, 10 months ago )
File names UnHackMe.exe
UnHackMe
unhackme.exe
Unhackme.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests