× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c910fb08d46bc613812c9802bbaf9ef9811faf2d633f7ebe45074dae2c1410d
File name: english.php2
Detection ratio: 4 / 66
Analysis date: 2018-12-12 12:39:36 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Webroot W32.Trojan.Ursnif 20181212
Ad-Aware 20181212
AegisLab 20181212
AhnLab-V3 20181212
Alibaba 20180921
ALYac 20181212
Antiy-AVL 20181212
Arcabit 20181212
Avast 20181212
Avast-Mobile 20181211
AVG 20181212
Avira (no cloud) 20181211
Babable 20180918
Baidu 20181207
BitDefender 20181212
Bkav 20181211
CAT-QuickHeal 20181211
ClamAV 20181212
CMC 20181212
Comodo 20181212
Cybereason 20180225
Cylance 20181212
Cyren 20181212
DrWeb 20181212
eGambit 20181212
Emsisoft 20181212
ESET-NOD32 20181212
F-Prot 20181212
F-Secure 20181212
Fortinet 20181212
GData 20181212
Jiangmin 20181212
K7AntiVirus 20181212
K7GW 20181212
Kaspersky 20181212
Kingsoft 20181212
Malwarebytes 20181212
MAX 20181212
McAfee 20181212
McAfee-GW-Edition 20181212
Microsoft 20181212
eScan 20181212
NANO-Antivirus 20181212
Palo Alto Networks (Known Signatures) 20181212
Panda 20181211
Qihoo-360 20181212
Rising 20181212
SentinelOne (Static ML) 20181011
Sophos AV 20181211
SUPERAntiSpyware 20181212
Symantec 20181212
Symantec Mobile Insight 20181207
TACHYON 20181212
Tencent 20181212
TheHacker 20181210
Trapmine 20181205
TrendMicro-HouseCall 20181212
Trustlook 20181212
VBA32 20181212
ViRobot 20181212
Yandex 20181212
Zillya 20181211
ZoneAlarm by Check Point 20181212
Zoner 20181212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© 1984-2002 Adobe Systems Incorporated

Product BIB
Original name BIB.dll
Internal name BIB
File version 6.1.
Description Bravo Interface Binder
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:15 AM 12/12/2018
Signers
[+] SYMVC LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 11/28/2018
Valid to 11:59 PM 11/28/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 1661EB0EEC374D082720EAA3AA733AF1B5D2D0E1
Serial number 00 E5 4E F8 43 12 7B 7A DA 05 AC EE FC AA 9D 46 FF
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 12:00 AM 05/24/2016
Valid to 12:00 AM 06/24/2027
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 63B82FAB61F583909695050B00249C502933EC79
Serial number 11 21 D6 99 A7 64 97 3E F1 F8 42 7E E9 19 CC 53 41 14
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 12:00 PM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-03-25 23:01:31
Entry Point 0x00002660
Number of sections 10
PE sections
Overlays
MD5 af7d088252b2a5b260d06807d720880a
File type data
Offset 155648
Size 6472
Entropy 7.46
PE imports
GetServiceKeyNameW
GetEventLogInformation
FileEncryptionStatusW
GetFileTitleW
GdiFlush
GetObjectA
GetStretchBltMode
GetObjectW
FindResourceExA
GetSystemInfo
GetDefaultCommConfigW
GetPrivateProfileIntA
GetDateFormatW
Sleep
GetCommandLineA
GetCompressedFileSizeA
FlushViewOfFile
SafeArrayGetElemsize
SysAllocStringLen
CanUserWritePwrScheme
AssocIsDangerous
GetOpenClipboardWindow
ShowOwnedPopups
InsertMenuItemW
DrawTextW
EnumWindows
GetDlgItemTextA
GetMenuStringA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.8.1

LanguageCode
Neutral 2

FileFlagsMask
0x003f

BuildDate
Wed Feb 27 2002 00:03:05

FileDescription
Bravo Interface Binder

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x2660

OriginalFileName
BIB.dll

MIMEType
application/octet-stream

LegalCopyright
1984-2002 Adobe Systems Incorporated

FileVersion
6.1.

TimeStamp
1993:03:26 00:01:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BIB

ProductVersion
1.1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

BuildVersion
24.66485

CodeSize
40960

ProductName
BIB

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 583e5a920d427f90c544f5c3e2ba35b7
SHA1 7d118b7bde5d5e5068e23c852e31d7d99e85f643
SHA256 0c910fb08d46bc613812c9802bbaf9ef9811faf2d633f7ebe45074dae2c1410d
ssdeep
3072:v4naYP8HhQ+Ji68PA3UxMVb7S9uihsBKypiF688ymT+fG:wn5P8H5ijmV68ihsBKypiF6afG

authentihash a568e71d5722804fd59f6c542f5461d4dfc1cdd80067db2540389d8cc2dfced9
imphash a6579afce62891af77918276baa27495
File size 158.3 KB ( 162120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-12-12 12:39:36 UTC ( 2 months, 1 week ago )
Last submission 2018-12-22 07:38:17 UTC ( 2 months ago )
File names 583e5a920d427f90c544f5c3e2ba35b7
english.php2
583e5a920d427f90c544f5c3e2ba35b7_exe
BIB.dll
bit5a58.tmp
BIB
583e5a920d427f90c544f5c3e2ba35b7
bit98f9.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs