× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00bc4a2295cea8600e6ea232afd31818cba46a605a7e30aa3e83ffbb62ed8dc7
File name: 00bc4a2295cea8600e6ea232afd31818cba46a605a7e30aa3e83ffbb62ed8dc7.exe
Detection ratio: 2 / 55
Analysis date: 2015-07-22 12:11:59 UTC ( 3 years ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of MSIL/Injector.KXV 20150722
Kaspersky Trojan.Win32.Agent.ifvd 20150722
Ad-Aware 20150722
AegisLab 20150722
Yandex 20150721
AhnLab-V3 20150722
Alibaba 20150722
ALYac 20150722
Antiy-AVL 20150722
Arcabit 20150722
Avast 20150722
AVG 20150721
Avira (no cloud) 20150722
Baidu-International 20150722
BitDefender 20150722
Bkav 20150721
ByteHero 20150722
CAT-QuickHeal 20150722
ClamAV 20150721
Comodo 20150722
Cyren 20150722
DrWeb 20150722
Emsisoft 20150722
F-Prot 20150722
F-Secure 20150722
Fortinet 20150722
GData 20150722
Ikarus 20150722
Jiangmin 20150720
K7AntiVirus 20150722
K7GW 20150722
Kingsoft 20150722
Malwarebytes 20150722
McAfee 20150722
McAfee-GW-Edition 20150722
Microsoft 20150722
eScan 20150722
NANO-Antivirus 20150722
nProtect 20150722
Panda 20150722
Qihoo-360 20150722
Rising 20150722
Sophos AV 20150722
SUPERAntiSpyware 20150722
Symantec 20150722
Tencent 20150722
TheHacker 20150721
TotalDefense 20150722
TrendMicro 20150722
TrendMicro-HouseCall 20150722
VBA32 20150722
VIPRE 20150722
ViRobot 20150722
Zillya 20150722
Zoner 20150722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Private Person Parobii Yuri Romanovich
Original name AsiansBejewelAuxiliary.exe
Internal name AsiansBejewelAuxiliary.exe
File version 8.4.4.4
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] Private Person Parobii Yuri Romanovich
Status Valid
Issuer None
Valid from 1:00 AM 7/21/2015
Valid to 12:59 AM 7/21/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint F5024C0897EBC1FFE0077B8AC206AEE5498232AD
Serial number 00 94 47 B2 66 8C 60 12 1C E3 4A 77 33 B6 B2 59 AF
[+] COMODO RSA Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.12
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO
Status Valid
Issuer None
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.12
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-07-04 20:50:55
Entry Point 0x00035AFE
Number of sections 3
.NET details
Module Version ID 358751d6-8e69-49dd-9778-c42c4223a54c
PE sections
Overlays
MD5 103c71a69c747b18754adda6bc8c01de
File type data
Offset 239616
Size 6776
Entropy 7.49
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
JAPANESE DEFAULT 1
SAAMI SYS DEFAULT 1
NEUTRAL DEFAULT 1
ENGLISH US 1
NEUTRAL ARABIC EGYPT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
27136

EntryPoint
0x35afe

OriginalFileName
AsiansBejewelAuxiliary.exe

MIMEType
application/octet-stream

FileVersion
8.4.4.4

TimeStamp
2004:07:04 21:50:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AsiansBejewelAuxiliary.exe

ProductVersion
8.4.4.4

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
211968

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
8.4.4.4

File identification
MD5 948c59ea3039951d312fb1190242f20e
SHA1 e75836dd41a47c67eb6d862ec37a7e585006c875
SHA256 00bc4a2295cea8600e6ea232afd31818cba46a605a7e30aa3e83ffbb62ed8dc7
ssdeep
6144:+bGTEXJA10MCHA4HYOQ6SBiuSrfXhlLsCuo:is/4HhbGibrHLsvo

authentihash e7805af983451bcf59a2e6a7c3a2affd7afde6b7144d652d0a927ec98c2e0491
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 240.6 KB ( 246392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (49.5%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2015-07-22 12:11:59 UTC ( 3 years ago )
Last submission 2015-10-28 17:31:19 UTC ( 2 years, 9 months ago )
File names e75836dd41a47c67eb6d862ec37a7e585006c875_crypted.120.ex
AsiansBejewelAuxiliary.exe
00bc4a2295cea8600e6ea232afd31818cba46a605a7e30aa3e83ffbb62ed8dc7.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0FGV15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections