× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 011fcfeb8ccb6f9b3f65b4f82259f97b69b480e2d38409ec6b35e6be6e43fa2b
File name: vt-upload-vuUAgm
Detection ratio: 1 / 51
Analysis date: 2014-04-13 10:29:32 UTC ( 4 years, 10 months ago )
Antivirus Result Update
CMC Packed.Win32.Obfuscated.10!O 20140411
Ad-Aware 20140413
AegisLab 20140413
Yandex 20140412
AhnLab-V3 20140412
AntiVir 20140412
Antiy-AVL 20140413
Avast 20140413
AVG 20140412
Baidu-International 20140413
BitDefender 20140413
Bkav 20140412
ByteHero 20140413
CAT-QuickHeal 20140412
ClamAV 20140413
Commtouch 20140413
Comodo 20140413
DrWeb 20140413
Emsisoft 20140413
ESET-NOD32 20140412
F-Prot 20140413
F-Secure 20140413
Fortinet 20140413
GData 20140413
Ikarus 20140413
Jiangmin 20140413
K7AntiVirus 20140411
K7GW 20140411
Kaspersky 20140413
Kingsoft 20140413
Malwarebytes 20140413
McAfee 20140413
McAfee-GW-Edition 20140413
Microsoft 20140413
eScan 20140413
NANO-Antivirus 20140413
Norman 20140412
nProtect 20140411
Panda 20140412
Qihoo-360 20140413
Rising 20140412
Sophos AV 20140413
SUPERAntiSpyware 20140412
Symantec 20140413
TheHacker 20140411
TotalDefense 20140413
TrendMicro 20140413
TrendMicro-HouseCall 20140413
VBA32 20140411
VIPRE 20140413
ViRobot 20140412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Crawler.com

Publisher Crawler
Product Spyware Terminator 2012
Original name SpywareTerminatorShield.exe
File version 3.0.0.43
Description Spyware Terminator 2012 Realtime Shield
Signature verification Signed file, verified signature
Signing date 12:03 PM 4/3/2013
Signers
[+] Crawler
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/10/2010
Valid to 12:59 AM 12/12/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 45E8211F586D7F8AC98105498D4C21167507D351
Serial number 15 35 ED A3 C8 F2 FE D3 0D 44 97 57 27 60 F2 40
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-06 08:12:47
Entry Point 0x000EDCA8
Number of sections 9
PE sections
PE imports
SHGetFolderPathA
GetTokenInformation
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupAccountSidA
LookupPrivilegeNameA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
InitCommonControls
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
GetWindowOrgEx
PatBlt
GetClipBox
GetRgnBox
SaveDC
ResizePalette
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
Rectangle
BitBlt
GetObjectA
GetCurrentPositionEx
PlayEnhMetaFile
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
DeleteObject
SetPaletteEntries
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
IntersectClipRect
ExcludeClipRect
CreateBitmap
ExtTextOutW
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
GetDCOrgEx
RoundRect
StretchBlt
StretchDIBits
GetBitmapBits
CreateCompatibleDC
SetROP2
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
GetNearestPaletteIndex
GetWinMetaFileBits
SetDIBColorTable
CreateCompatibleBitmap
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
Polyline
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
GetTextExtentPoint32W
Ellipse
CreatePenIndirect
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DisconnectNamedPipe
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
GetFileInformationByHandle
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
FormatMessageW
GetDiskFreeSpaceA
ConnectNamedPipe
GetFullPathNameA
SetEvent
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GetStringTypeExW
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
GetStringTypeExA
SetLastError
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
DeleteCriticalSection
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
GetFileSize
CreateDirectoryA
DeleteFileA
GetProcAddress
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
GetComputerNameA
FindNextFileA
GlobalLock
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
IsEqualGUID
CoTaskMemFree
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
GetActiveObject
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
ShellExecuteExA
ExtractIconExA
Shell_NotifyIconW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
RedrawWindow
GetMessagePos
CharLowerBuffA
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
CharUpperBuffW
VkKeyScanW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
GetClassInfoA
SendMessageW
UnregisterClassA
IsDialogMessageW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DrawTextW
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
GetKeyboardLayoutNameA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
PostMessageW
GetKeyNameTextW
DrawTextExW
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
SetWindowTextW
CreateWindowExA
CharLowerBuffW
ScreenToClient
GetClassLongA
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
SetWindowsHookExW
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
CreateIcon
GetCapture
WaitMessage
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
EnableMenuItem
GetKeyNameTextA
IsWindowVisible
CharToOemA
GetDCEx
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CharNextW
CallWindowProcW
GetClassNameW
GetClassInfoW
IsRectEmpty
GetCursor
GetFocus
CreateMenu
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 20
RT_ICON 12
RT_BITMAP 11
RT_RCDATA 10
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 40
NEUTRAL 31
CZECH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.43

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
1800192

FileOS
Unknown (0)

MIMEType
application/octet-stream

LegalCopyright
Crawler.com

FileVersion
3.0.0.43

TimeStamp
2012:09:06 09:12:47+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:13 11:30:03+01:00

ProductVersion
3.0.0.0

FileDescription
Spyware Terminator 2012 Realtime Shield

OSVersion
4.0

FileCreateDate
2014:04:13 11:30:03+01:00

OriginalFilename
SpywareTerminatorShield.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crawler.com

CodeSize
968704

ProductName
Spyware Terminator 2012

ProductVersionNumber
3.0.0.0

EntryPoint
0xedca8

ObjectFileType
Unknown

File identification
MD5 a179b0c739ff08cf11fbb2595e8d133f
SHA1 357c529bafff45588d44ab3becf2cdb4022fc0b1
SHA256 011fcfeb8ccb6f9b3f65b4f82259f97b69b480e2d38409ec6b35e6be6e43fa2b
ssdeep
24576:OZfLoPRvlKNQjwKHGSAsLF0CJNvDuTs75oQTn0qDQ47SLEfV:O5LMBF/TyTs7NT0qDQnLEfV

imphash cb6ff0c6777929597124e3936c805939
File size 2.6 MB ( 2777736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (55.3%)
Win32 Executable (generic) (19.0%)
Win16/32 Executable Delphi generic (8.7%)
Generic Win/DOS Executable (8.4%)
DOS Executable Generic (8.4%)
Tags
peexe bobsoft signed

VirusTotal metadata
First submission 2013-06-26 20:04:59 UTC ( 5 years, 8 months ago )
Last submission 2014-04-13 10:29:32 UTC ( 4 years, 10 months ago )
File names SpywareTerminatorShield.exe
vt-upload-vuUAgm
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.