× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07448b813b92fefd5b89386cd7a8438829ef573dd10b8ce8e853fe3c66f19550
File name: council.php2.bin
Detection ratio: 7 / 66
Analysis date: 2018-12-13 12:20:22 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181213
AVG FileRepMalware 20181213
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.D670.Malware.Gen 20181213
Rising Malware.Heuristic!ET#88% (RDM+:cmRtazqUo+g4eSr2IozQcjeflEHp) 20181213
Ad-Aware 20181213
AegisLab 20181213
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181213
Antiy-AVL 20181213
Arcabit 20181213
Avast-Mobile 20181213
Avira (no cloud) 20181213
Babable 20180918
Baidu 20181207
BitDefender 20181213
Bkav 20181213
CAT-QuickHeal 20181212
ClamAV 20181213
CMC 20181212
Comodo 20181213
Cyren 20181213
DrWeb 20181213
eGambit 20181213
Emsisoft 20181213
ESET-NOD32 20181213
F-Prot 20181213
F-Secure 20181213
Fortinet 20181213
GData 20181213
Ikarus 20181213
Jiangmin 20181213
K7AntiVirus 20181213
K7GW 20181213
Kaspersky 20181213
Kingsoft 20181213
Malwarebytes 20181213
MAX 20181213
McAfee 20181213
McAfee-GW-Edition 20181213
Microsoft 20181213
eScan 20181213
NANO-Antivirus 20181213
Palo Alto Networks (Known Signatures) 20181213
Panda 20181212
SentinelOne (Static ML) 20181011
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec 20181213
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181213
TheHacker 20181210
Trapmine 20181205
TrendMicro 20181213
TrendMicro-HouseCall 20181213
Trustlook 20181213
VBA32 20181212
ViRobot 20181213
Webroot 20181213
Yandex 20181213
Zillya 20181212
ZoneAlarm by Check Point 20181213
Zoner 20181213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) INCA Internet. 2000-2003

Product nProtect KeyCrypt Program Database DLL
Original name npkpdb.dll
Internal name npkpdb.dll
File version 2003, 10, 1, 1
Description nProtect KeyCrypt Program Database DLL
Comments nProtect KeyCrypt Program Database DLL
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 6:40 AM 12/13/2018
Signers
[+] TERRACOYA LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/19/2018
Valid to 11:59 PM 11/19/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 24CB0D9CB7F9571BC5BE6218FB96BA03240F0957
Serial number 00 E2 6B E0 0F FA D0 65 52 13 61 6E 67 E2 B8 7E EC
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 06:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-03-25 23:01:31
Entry Point 0x00002600
Number of sections 10
PE sections
Overlays
MD5 9a9977c6cbe498dd5667e6fcdd6cdfed
File type data
Offset 155648
Size 5336
Entropy 7.44
PE imports
GetServiceKeyNameW
GetEventLogInformation
FileEncryptionStatusW
GetFileTitleW
GetObjectA
GdiFlush
GetStretchBltMode
GetObjectW
FindResourceExA
GetSystemInfo
GetDefaultCommConfigW
GetPrivateProfileIntA
GetDateFormatW
Sleep
GetCompressedFileSizeA
GetCommandLineA
FlushViewOfFile
SafeArrayGetElemsize
SysAllocStringLen
CanUserWritePwrScheme
AssocIsDangerous
GetOpenClipboardWindow
ShowOwnedPopups
GetMenuStringA
EnumWindows
GetDlgItemTextA
DrawTextW
InsertMenuItemW
Number of PE resources by type
RT_VERSION 1
RC_BINARY 1
Number of PE resources by language
KOREAN 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
nProtect KeyCrypt Program Database DLL

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2003.10.1.1

LanguageCode
Korean

FileFlagsMask
0x003f

FileDescription
nProtect KeyCrypt Program Database DLL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x2600

OriginalFileName
npkpdb.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) INCA Internet. 2000-2003

FileVersion
2003, 10, 1, 1

TimeStamp
1993:03:26 00:01:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npkpdb.dll

ProductVersion
4, 0, 0, 0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
INCA Internet Co., Ltd.

CodeSize
40960

ProductName
nProtect KeyCrypt Program Database DLL

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 80a21d16e315f9b4bf32e300e5101c75
SHA1 ebd498016e7b6489f51406906ff1f69217ee6545
SHA256 07448b813b92fefd5b89386cd7a8438829ef573dd10b8ce8e853fe3c66f19550
ssdeep
3072:8SKptzCCsH5BO5IavyZB8746YdOxyNRynwnD//4:8dSHPEpyZa74Jd3vyb

authentihash 7bab510c7ebaf30c0f96803e4700ed9cba2dc810e74162e88f40033737f6745f
imphash 78988f93269998154945dbaf44432d07
File size 157.2 KB ( 160984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-12-13 12:20:22 UTC ( 2 months, 1 week ago )
Last submission 2019-01-22 04:31:12 UTC ( 4 weeks ago )
File names 80a21d16e315f9b4bf32e300e5101c75
council.php2
council.php2.bin
npkpdb.dll
bit78c8.tmp
80a21d16e315f9b4bf32e300e5101c75
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs