× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02e8176291ff43f11355d56a192b1b7715f50abd8ddd83cdb9e4dc87a4d28cb5
File name: 462998
Detection ratio: 0 / 54
Analysis date: 2016-01-31 15:38:06 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160130
AegisLab 20160130
Yandex 20160129
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160130
Antiy-AVL 20160130
Arcabit 20160130
Avast 20160130
AVG 20160130
Avira (no cloud) 20160130
Baidu-International 20160129
BitDefender 20160130
Bkav 20160129
ByteHero 20160131
CAT-QuickHeal 20160129
ClamAV 20160130
CMC 20160130
Comodo 20160130
Cyren 20160129
DrWeb 20160130
Emsisoft 20160130
ESET-NOD32 20160130
F-Prot 20160129
F-Secure 20160129
Fortinet 20160130
GData 20160130
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160130
McAfee 20160130
McAfee-GW-Edition 20160130
Microsoft 20160130
eScan 20160130
NANO-Antivirus 20160130
nProtect 20160129
Panda 20160129
Qihoo-360 20160131
Rising 20160129
Sophos AV 20160130
SUPERAntiSpyware 20160130
Symantec 20160129
TheHacker 20160130
TotalDefense 20160129
TrendMicro 20160130
TrendMicro-HouseCall 20160130
VBA32 20160128
VIPRE 20160130
ViRobot 20160129
Zillya 20160130
Zoner 20160130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2005-2012 Vlastimil Miléř

Product Picture Resizer
Original name PhotoResize.exe
Internal name PhotoResize
File version 6.0.1
Description Resize JPEG photos and pictures.
Comments Latest version at http://www.rw-designer.com/picture-resize
Signature verification Certificate out of its validity period
Signers
[+] Vlastimil Miléř
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Class 2 Primary Intermediate Object CA
Valid from 5:48 AM 8/3/2012
Valid to 6:33 PM 8/4/2014
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.21, Lifetime Signing
Algorithm sha1RSA
Thumbprint 5E18E1CAF9ABCCA0496BDF2E1BC16CC10D2C458B
Serial number 06 DE
[+] StartCom Class 2 Primary Intermediate Object CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer StartCom Certification Authority
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm sha1RSA
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer StartCom Certification Authority
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-15 07:33:52
Entry Point 0x0000AA49
Number of sections 4
PE sections
Overlays
MD5 db6cb03b00c99a6a10a8e5a74702a23f
File type data
Offset 398336
Size 7072
Entropy 7.27
PE imports
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
InterlockedDecrement
MoveFileW
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
CompareStringW
FindNextFileW
CompareStringA
FreeConsole
FindFirstFileW
WaitForMultipleObjects
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 2
RT_DIALOG 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 2
CZECH DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
Latest version at http://www.rw-designer.com/picture-resize

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.1.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Resize JPEG photos and pictures.

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0xaa49

OriginalFileName
PhotoResize.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2012 Vlastimil Mil

FileVersion
6.0.1

TimeStamp
2013:04:15 08:33:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PhotoResize

ProductVersion
6.0.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
RealWorld Graphics

CodeSize
311296

ProductName
Picture Resizer

ProductVersionNumber
6.0.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

PE resource-wise parents
Compressed bundles
File identification
MD5 fa95ee38ca2dc179fe600905fab6440b
SHA1 680357a088ce0361f2246062e773c8274751ce2f
SHA256 02e8176291ff43f11355d56a192b1b7715f50abd8ddd83cdb9e4dc87a4d28cb5
ssdeep
6144:NKTMD/l/gLefabKHCQfQv3br2Sr96GfTKSZLnsuwZRPLOTvwVAOtrUWI:4T0/loCfabKijXZ6GfTfZEvjJV4

authentihash 2864b31923b1de261f6c7e593a356394d84f1fa33d3769560823cbd87a983904
imphash 5dace138aecd344759e642e010d55b9a
File size 395.9 KB ( 405408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-04-22 12:41:23 UTC ( 5 years, 2 months ago )
Last submission 2018-01-15 06:52:13 UTC ( 6 months ago )
File names PhotoResize400.exe
400IROUEH.exe
PhotoResize400.exe
file-5690213_exe
scan_file
output.19654608.txt
1c71941b-93ef-4856-8226-6bb69048856f
PhotoResize.exe
19654608
PhotoResize1024D72Q50 O.exe
PhotoResize
PhotoResize2000MSH.exe
462998
PhotoResize1024MSOEH.exe
PhotoResize105x120ROH.exe
PhotoResize400.exe
PhotoResize.exe
PhotoResize400.exe
PhotoResize6400.exe
PhotoResize1600h.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!