× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c539da666591a58d4cc8074ca3fe22ab1a95a3818da6b029e62ba7eb26a8c53
File name: chr3.exe
Detection ratio: 8 / 67
Analysis date: 2018-07-03 09:24:06 UTC ( 10 months, 4 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180703
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cylance Unsafe 20180703
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Panda Trj/Genetic.gen 20180702
Qihoo-360 HEUR/QVM19.1.40D7.Malware.Gen 20180703
Rising Malware.Heuristic!ET#83% (RDM+:cmRtazqqu87Wxq/6F6pggvneKEJN) 20180703
Ad-Aware 20180703
AegisLab 20180703
AhnLab-V3 20180703
Alibaba 20180703
ALYac 20180703
Antiy-AVL 20180703
Arcabit 20180703
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
BitDefender 20180703
Bkav 20180702
CAT-QuickHeal 20180702
ClamAV 20180703
CMC 20180702
Comodo 20180703
Cybereason 20180225
Cyren 20180703
DrWeb 20180703
eGambit 20180703
Emsisoft 20180703
ESET-NOD32 20180703
F-Prot 20180703
F-Secure 20180703
Fortinet 20180703
GData 20180703
Ikarus 20180703
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180703
Kaspersky 20180703
Kingsoft 20180703
Malwarebytes 20180703
MAX 20180703
McAfee 20180703
McAfee-GW-Edition 20180703
Microsoft 20180703
eScan 20180703
NANO-Antivirus 20180703
Palo Alto Networks (Known Signatures) 20180703
SentinelOne (Static ML) 20180701
Sophos AV 20180703
SUPERAntiSpyware 20180703
Symantec 20180702
TACHYON 20180703
Tencent 20180703
TheHacker 20180628
TrendMicro 20180703
TrendMicro-HouseCall 20180703
Trustlook 20180703
VBA32 20180629
VIPRE 20180703
ViRobot 20180703
Webroot 20180703
Yandex 20180702
Zillya 20180702
ZoneAlarm by Check Point 20180703
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 11:12 AM 7/3/2018
Signers
[+] CFES Projects Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 04/06/2018
Valid to 11:59 PM 04/06/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3CE43B9DC8F9EA4C35282BA9C813B9EDDFA485B3
Serial number 7C 7F C3 61 6F 31 57 A2 8F 70 2C C1 DF 27 5D CD
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] Sectigo (formerly Comodo CA)
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 01:00 AM 01/19/2010
Valid to 12:59 AM 01/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x000030D2
Number of sections 4
PE sections
Overlays
MD5 f92a55d862cfd6ed6270a30cda849fa5
File type data
Offset 96256
Size 8576
Entropy 7.53
PE imports
CmFree
CmMalloc
CmMoveMemory
CmRealloc
GetVolumePathNameW
HeapFree
lstrlen
CreateJobObjectW
GetTickCount
IsBadWritePtr
LoadLibraryA
WaitForSingleObjectEx
lstrlenW
GetLocalTime
LoadLibraryExA
GetPrivateProfileStringA
GetCommandLineW
OpenFileMappingA
GetConsoleTitleA
GetProcAddress
OpenMutexA
GlobalAddAtomW
CreateSemaphoreA
CloseHandle
CreateFileMappingA
HeapReAlloc
ReadConsoleA
CreateProcessA
CreateEventA
SleepEx
InsertMenuA
DispatchMessageA
IsDialogMessageW
PostMessageA
CharUpperW
LoadBitmapA
GetClassLongW
MessageBoxA
DrawStateW
LoadMenuW
CharToOemA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:17 20:24:07+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
46080

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x30d2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 24e6bebbd87f4e6af36a6de399a9c48c
SHA1 2fe84d47d4a0c10779dba5fd5b358c18387d81b9
SHA256 0c539da666591a58d4cc8074ca3fe22ab1a95a3818da6b029e62ba7eb26a8c53
ssdeep
1536:pBr4Optcft0DSQJOIZtOUwUygE4syfNij:fkOqtCSYOUiOJ2

authentihash 7522f08f47598a62fafa7b5a0d4061104a09b7e9e7efcb44d5d446334abb8a46
imphash fd8d6b6bd96f3adb38e440404270f569
File size 102.4 KB ( 104832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-07-03 09:23:48 UTC ( 10 months, 4 weeks ago )
Last submission 2018-07-04 11:26:13 UTC ( 10 months, 3 weeks ago )
File names chr3.exe_
chr3.exe
69338a5109d01c9071cf1f93e09fe3e5da44b065
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs