× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0458aae969b5e8da81f8db283d4706d146b62dbdacc45a4ea28b9c5af9ac2ea7
File name: 0806.exe
Detection ratio: 19 / 68
Analysis date: 2018-06-11 18:05:39 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast Win32:MdeClass 20180611
AVG Win32:MdeClass 20180611
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20180611
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.9351c1 20180225
Cylance Unsafe 20180611
DrWeb Trojan.MulDrop8.25847 20180611
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180601
Jiangmin Trojan.Ekstak.cag 20180611
Kaspersky UDS:DangerousObject.Multi.Generic 20180611
McAfee Artemis!1BCE40D8B18F 20180611
McAfee-GW-Edition Artemis!Trojan 20180611
Palo Alto Networks (Known Signatures) generic.ml 20180611
Qihoo-360 HEUR/QVM19.1.C614.Malware.Gen 20180611
Symantec ML.Attribute.HighConfidence 20180611
VBA32 Heur.Trojan.Hlux 20180611
Webroot W32.Trojan.Trickbot 20180611
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180611
Ad-Aware 20180611
AegisLab 20180611
AhnLab-V3 20180611
Alibaba 20180611
ALYac 20180611
Antiy-AVL 20180611
Arcabit 20180611
Avast-Mobile 20180611
Avira (no cloud) 20180611
AVware 20180611
Babable 20180406
BitDefender 20180611
Bkav 20180611
CAT-QuickHeal 20180611
ClamAV 20180611
CMC 20180611
Comodo 20180611
Cyren 20180611
eGambit 20180611
Emsisoft 20180611
ESET-NOD32 20180611
F-Prot 20180611
F-Secure 20180611
Fortinet 20180611
GData 20180611
Ikarus 20180611
K7AntiVirus 20180611
K7GW 20180611
Kingsoft 20180611
Malwarebytes 20180611
MAX 20180611
Microsoft 20180611
eScan 20180611
NANO-Antivirus 20180611
Panda 20180611
Rising 20180611
SentinelOne (Static ML) 20180225
Sophos AV 20180611
SUPERAntiSpyware 20180611
Symantec Mobile Insight 20180605
TACHYON 20180611
Tencent 20180611
TheHacker 20180608
TotalDefense 20180611
TrendMicro 20180611
TrendMicro-HouseCall 20180611
Trustlook 20180611
VIPRE 20180611
ViRobot 20180611
Yandex 20180609
Zillya 20180611
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] CFES Projects Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 4/6/2018
Valid to 12:59 AM 4/7/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3CE43B9DC8F9EA4C35282BA9C813B9EDDFA485B3
Serial number 7C 7F C3 61 6F 31 57 A2 8F 70 2C C1 DF 27 5D CD
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x0000241B
Number of sections 4
PE sections
Overlays
MD5 ac17a7263072bb86c7450bc1e4d46ed8
File type raw G3 data
Offset 121856
Size 5120
Entropy 7.54
PE imports
OpenMutexW
CreateJobObjectW
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
lstrlenW
GetLocalTime
LoadLibraryExA
GetPrivateProfileStringA
GetShortPathNameA
GetConsoleTitleA
GetProcAddress
GlobalAddAtomW
FindNextFileW
FindResourceExW
CloseHandle
GetTempFileNameA
ReadConsoleA
CreateProcessA
GetLogicalDriveStringsA
TlsGetValue
FormatMessageA
CreateFileA
InterlockedIncrement
CPGenKey
CPDecrypt
CPCreateHash
CPDeriveKey
InsertMenuA
MessageBoxExA
LoadImageW
LoadIconA
GetClassLongW
CharToOemW
GetPropW
CharUpperW
LoadMenuW
MessageBoxA
GetWindow
GetMessageW
GetDlgItemTextW
DrawStateW
LoadBitmapA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:17 19:24:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56832

LinkerVersion
7.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x241b

InitializedDataSize
64000

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1bce40d8b18f4dae0ff9b98cdc761149
SHA1 6c912f99351c109d8459f3bd900293accec2da26
SHA256 0458aae969b5e8da81f8db283d4706d146b62dbdacc45a4ea28b9c5af9ac2ea7
ssdeep
768:RUiXUtnyzIgpcoGSE9fxm105z8VTIQnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnk:RzUnylc4wEmqxfd+Yy30JsB3tcm8NiX

authentihash abf166cb5f56d7b72805a67a35e6e864486cd6000510b2173b6f87ba7e2a792c
imphash 5dee8d3fea73436636e5645d69f0bc71
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-06-11 15:31:23 UTC ( 11 months, 2 weeks ago )
Last submission 2018-06-12 22:46:04 UTC ( 11 months, 2 weeks ago )
File names 0806.exe
5049bb779f3730c0b67893ff60b785f71f46b2ff
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs