× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0abffef0349b3f0deac9ed3ed133f70526926a84371ac293e8164b2f35860de7
File name: 0abffef0349b3f0deac9ed3ed133f70526926a84371ac293e8164b2f35860de7
Detection ratio: 4 / 46
Analysis date: 2013-06-21 19:33:20 UTC ( 4 years ago ) View latest
Antivirus Result Update
Antiy-AVL Worm/Win32.WhiteIce.gen 20130621
ByteHero Virus.Win32.Part.a 20130613
TrendMicro PAK_Generic.016 20130621
TrendMicro-HouseCall PAK_Generic.016 20130621
Yandex 20130621
AhnLab-V3 20130621
AntiVir 20130621
Avast 20130621
AVG 20130621
BitDefender 20130621
CAT-QuickHeal 20130621
ClamAV 20130621
Commtouch 20130620
Comodo 20130621
DrWeb 20130621
Emsisoft 20130621
eSafe 20130620
ESET-NOD32 20130621
F-Prot 20130620
F-Secure 20130621
Fortinet 20130621
GData 20130621
Ikarus 20130621
Jiangmin 20130621
K7AntiVirus 20130621
K7GW 20130621
Kaspersky 20130621
Kingsoft 20130506
Malwarebytes 20130621
McAfee 20130621
McAfee-GW-Edition 20130621
Microsoft 20130621
eScan 20130621
NANO-Antivirus 20130621
Norman 20130621
nProtect 20130621
Panda 20130621
PCTools 20130521
Rising 20130621
Sophos 20130621
SUPERAntiSpyware 20130621
Symantec 20130621
TheHacker 20130621
TotalDefense 20130621
VBA32 20130621
VIPRE 20130621
ViRobot 20130621
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) China University of Technology

Product TWIDS for Windows
Original name suf_launch.exe
Internal name sf_rt
File version 1.0.0.0
Description TWIDS for Windows Installer
Comments China University of Technology
Signature verification Signed file, verified signature
Signing date 11:32 AM 4/27/2013
Signers
[+] China University of Technology
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 4:21 AM 7/26/2012
Valid to 10:31 AM 10/7/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C3576A1510C621A3405373F7FF3CA9DDCE2D6D30
Serial number 11 21 C0 51 41 45 74 5F 38 95 7F 00 D4 E5 7B 15 54 2A
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 11:00 AM 4/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-07 16:05:53
Entry Point 0x000029C1
Number of sections 5
PE sections
Overlays
MD5 032b0cd8db23fc3fbcaeafe1cfbaf2a6
File type data
Offset 71680
Size 2540896
Entropy 7.90
PE imports
GetTokenInformation
OpenProcessToken
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetFileAttributesA
GetExitCodeProcess
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetTempPathA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
HeapSetInformation
GetCurrentProcess
_lwrite
GetFileType
GetStringTypeW
InterlockedIncrement
lstrcatA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
_llseek
HeapSize
FreeEnvironmentStringsW
GetCPInfo
MultiByteToWideChar
GetProcAddress
_lread
EncodePointer
GetStartupInfoW
GetModuleFileNameW
_lclose
WideCharToMultiByte
LoadLibraryW
TlsFree
_lcreat
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
lstrcpyA
_lopen
DecodePointer
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetACP
GetDiskFreeSpaceA
MoveFileExA
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
GetOEMCP
CompareStringA
ShellExecuteExA
wsprintfA
LoadCursorA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
SetCursor
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
FileDescription
TWIDS for Windows Installer

Comments
China University of Technology

InitializedDataSize
48128

ImageVersion
0.0

ProductName
TWIDS for Windows

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
suf_launch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2011:01:07 17:05:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sf_rt

SubsystemVersion
5.1

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) China University of Technology

MachineType
Intel 386 or later, and compatibles

CompanyName
China University of Technology

CodeSize
22528

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x29c1

ObjectFileType
Executable application

File identification
MD5 48635b999d1edb831957f24a0ba1992a
SHA1 32e2611ee1066f4d1990a3d80476c475308ad643
SHA256 0abffef0349b3f0deac9ed3ed133f70526926a84371ac293e8164b2f35860de7
ssdeep
49152:tKoRfMF6idZ6DiAMIUefWIVWgamS+d6uIccBcVn2PdJeub:tpMF6idZOiiWIaMd6uxcBcV2Pd9b

authentihash eb2eb81c4317cbe1742201a1fa256bf7889b7d8fc7d3e12d96cbdd3602a07227
imphash d3f487c6c23e9d9845b2eca3fbdd93dd
File size 2.5 MB ( 2612576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.8%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-06-21 19:33:20 UTC ( 4 years ago )
Last submission 2016-06-26 03:41:10 UTC ( 12 months ago )
File names suf_launch.exe
TWIDS-2.0-Installer.exe
12738365
output.12738365.txt
sf_rt
0ABFFEF0349B3F0DEAC9ED3ED133F70526926A84371AC293E8164B2F35860DE7
TWIDS-2.0-Installer.exe
TWIDS-2.0-Installer.exe
file-5893950_exe
0abffef0349b3f0deac9ed3ed133f70526926a84371ac293e8164b2f35860de7
TWIDS-2.0-Installer.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications