× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 011bacd4abcff47c6218c2d110f7c0c5b4032a0af9bfc4dd16acc511981a66a8
File name: SpywareTerminatorUpdate.exe
Detection ratio: 4 / 68
Analysis date: 2018-09-02 08:51:13 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Bkav W32.HfsAdware.463B 20180831
DrWeb Program.Unwanted.340 20180902
Emsisoft Application.Toolbar (A) 20180902
Microsoft PUA:Win32/CrawlerToolbar 20180902
Ad-Aware 20180902
AegisLab 20180902
AhnLab-V3 20180902
Alibaba 20180713
ALYac 20180902
Antiy-AVL 20180902
Arcabit 20180902
Avast 20180902
Avast-Mobile 20180902
AVG 20180902
Avira (no cloud) 20180902
AVware 20180823
Babable 20180822
Baidu 20180830
BitDefender 20180902
CAT-QuickHeal 20180901
ClamAV 20180902
CMC 20180901
Comodo 20180902
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180902
Cyren 20180902
eGambit 20180902
Endgame 20180730
ESET-NOD32 20180902
F-Prot 20180902
F-Secure 20180831
Fortinet 20180902
GData 20180902
Ikarus 20180901
Sophos ML 20180717
Jiangmin 20180902
K7AntiVirus 20180902
K7GW 20180902
Kaspersky 20180902
Kingsoft 20180902
Malwarebytes 20180902
MAX 20180902
McAfee 20180902
McAfee-GW-Edition 20180902
eScan 20180902
NANO-Antivirus 20180902
Palo Alto Networks (Known Signatures) 20180902
Panda 20180902
Qihoo-360 20180902
Rising 20180902
SentinelOne (Static ML) 20180830
Sophos AV 20180902
SUPERAntiSpyware 20180902
Symantec 20180901
Symantec Mobile Insight 20180831
TACHYON 20180902
Tencent 20180902
TheHacker 20180902
TotalDefense 20180902
TrendMicro 20180902
TrendMicro-HouseCall 20180902
Trustlook 20180902
VBA32 20180831
VIPRE 20180902
ViRobot 20180901
Webroot 20180902
Yandex 20180831
Zillya 20180831
ZoneAlarm by Check Point 20180902
Zoner 20180901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Crawler.com

Product Spyware Terminator 2012
Original name SpywareTerminatorUpdate.exe
File version 3.0.0.41
Description Spyware Terminator 2012 Update Support
Signature verification Signed file, verified signature
Signing date 12:04 PM 4/3/2013
Signers
[+] Crawler, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 12/10/2010
Valid to 12:59 AM 12/12/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 45E8211F586D7F8AC98105498D4C21167507D351
Serial number 15 35 ED A3 C8 F2 FE D3 0D 44 97 57 27 60 F2 40
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-01 09:41:52
Entry Point 0x0011DD2C
Number of sections 9
PE sections
Overlays
MD5 0fc27c47994cbb541632bae7f95ced1f
File type data
Offset 3676672
Size 7816
Entropy 7.33
PE imports
GetRandomRgn
SHGetFolderPathA
GetTokenInformation
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupAccountSidA
LookupPrivilegeNameA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
InitCommonControls
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
SetMapMode
GetWindowOrgEx
ResizePalette
SetTextAlign
GetPaletteEntries
CombineRgn
SetPixel
SetPaletteEntries
CopyEnhMetaFileA
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
StretchDIBits
GetTextMetricsA
SetBkColor
SetWinMetaFileBits
GetBkColor
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
GetCurrentPositionEx
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
GetDeviceCaps
CreateBrushIndirect
SelectPalette
CreateEnhMetaFileA
CloseEnhMetaFile
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
DeleteObject
CreatePenIndirect
PatBlt
CreatePen
SetStretchBltMode
Rectangle
GetObjectA
LineTo
DeleteDC
GetMapMode
GetEnhMetaFileDescriptionA
RealizePalette
CreatePatternBrush
SetEnhMetaFileBits
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
GetClipBox
GetCurrentObject
MoveToEx
SetViewportOrgEx
ExtTextOutW
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateSolidBrush
Polyline
CreateCompatibleBitmap
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
GetFileInformationByHandle
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
FormatMessageW
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
GetStringTypeExA
SetLastError
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
GetFileSize
CreateDirectoryA
DeleteFileA
GetUserDefaultLCID
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
lstrlenW
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
GetCurrentThread
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
OleUninitialize
CoUninitialize
DoDragDrop
CoInitialize
CreateStreamOnHGlobal
StringFromCLSID
IsAccelerator
RegisterDragDrop
RevokeDragDrop
OleGetClipboard
CoGetClassObject
ProgIDFromCLSID
OleDraw
IsEqualGUID
OleInitialize
CoCreateInstance
OleSetClipboard
CreateDataAdviseHolder
CoTaskMemAlloc
ReleaseStgMedium
OleSetMenuDescriptor
CoTaskMemFree
LresultFromObject
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
GetActiveObject
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
Shell_NotifyIconW
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder
RedrawWindow
GetMessagePos
SetWindowRgn
CharLowerBuffA
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
GetMessageTime
ChildWindowFromPoint
VkKeyScanW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
SendMessageW
UnregisterClassA
IsDialogMessageW
SendMessageA
UnregisterClassW
GetClientRect
ToAscii
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetMenuState
GetClipboardFormatNameA
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ScrollDC
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
CopyImage
GetIconInfo
LoadStringA
SetParent
RegisterClassW
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
PostMessageW
GetKeyNameTextW
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateWindowExA
CharLowerBuffW
ScreenToClient
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
BeginDeferWindowPos
ValidateRect
SetWindowsHookExW
GetSystemMenu
GetDC
SetForegroundWindow
NotifyWinEvent
GetMenuStringW
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
CreateIcon
GetCapture
WaitMessage
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
EndDeferWindowPos
SystemParametersInfoA
EnableMenuItem
CreateMDIWindowW
GetKeyNameTextA
DefFrameProcW
IsWindowVisible
GetDesktopWindow
SubtractRect
CharToOemA
GetDCEx
UnionRect
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CharNextW
CallWindowProcW
GetClassNameW
GetClassInfoW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
GetMenuItemInfoW
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
HttpQueryInfoA
timeEndPeriod
timeGetTime
timeBeginPeriod
Number of PE resources by type
RT_BITMAP 23
RT_STRING 21
RT_GROUP_CURSOR 19
RT_CURSOR 19
RT_ICON 18
RT_RCDATA 10
RT_GROUP_ICON 4
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 56
ENGLISH US 49
GERMAN 12
CZECH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.41

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
2510336

EntryPoint
0x11dd2c

OriginalFileName
SpywareTerminatorUpdate.exe

MIMEType
application/octet-stream

LegalCopyright
Crawler.com

FileVersion
3.0.0.41

TimeStamp
2013:03:01 10:41:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.0.0.0

FileDescription
Spyware Terminator 2012 Update Support

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crawler.com

CodeSize
1165312

ProductName
Spyware Terminator 2012

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 e6a2593ad58d205535f5ba0aeb231dc1
SHA1 8a0974bbe75ecce3f9dbcac243c9738504ef2975
SHA256 011bacd4abcff47c6218c2d110f7c0c5b4032a0af9bfc4dd16acc511981a66a8
ssdeep
49152:NWeKJ9aIbzCEdypOTecipZPMa4LJ2HeVN3ijNXgFKqaKlUTRovbN:NFjNEacipZEfLL2NxqaKlN

authentihash 197df6e4d8a4eb1820fa99ffa5149eb26dc3e8d2f32c44d788b5606c384a8738
imphash 23c8b9c63c1e598f7fce71fc86c989c5
File size 3.5 MB ( 3684488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (38.5%)
DOS Borland compiled Executable (generic) (27.1%)
Win32 Executable (generic) (12.2%)
Win16/32 Executable Delphi generic (5.6%)
OS/2 Executable (generic) (5.5%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2013-04-12 09:59:04 UTC ( 5 years, 10 months ago )
Last submission 2014-04-11 18:50:54 UTC ( 4 years, 10 months ago )
File names SpywareTerminatorUpdate.exe
SpywareTerminatorUpdate.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications