× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d1fa86d688efe5dfb978b6e09ed86efcae22f1946e934222b8e6d1a5e43f3c8
File name: home.php2
Detection ratio: 11 / 65
Analysis date: 2018-11-13 08:12:54 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Generic.llEj 20181113
Avast Win32:DangerousSig [Trj] 20181113
AVG Win32:DangerousSig [Trj] 20181113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181113
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQVF 20181113
Sophos ML heuristic 20181108
Kaspersky Trojan-Spy.Win32.Ursnif.aeog 20181113
Qihoo-360 HEUR/QVM20.1.2C90.Malware.Gen 20181113
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181113
Ad-Aware 20181112
AhnLab-V3 20181112
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Arcabit 20181113
Avast-Mobile 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181113
Bkav 20181113
CAT-QuickHeal 20181112
ClamAV 20181113
CMC 20181113
Cybereason 20180225
Cyren 20181113
DrWeb 20181113
Emsisoft 20181113
F-Prot 20181113
F-Secure 20181113
Fortinet 20181113
GData 20181113
Ikarus 20181112
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181112
Kingsoft 20181113
Malwarebytes 20181113
MAX 20181113
McAfee 20181113
McAfee-GW-Edition 20181113
Microsoft 20181113
eScan 20181113
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
Panda 20181112
Rising 20181113
SentinelOne (Static ML) 20181011
Sophos AV 20181113
SUPERAntiSpyware 20181107
Symantec 20181113
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TrendMicro-HouseCall 20181113
Trustlook 20181113
VBA32 20181112
VIPRE 20181111
ViRobot 20181113
Webroot 20181113
Yandex 20181112
Zillya 20181112
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2008

Product itunescpy Application
Original name itunescpy.EXE
Internal name itunescpy
File version 1, 0, 0, 1
Description itunescpy
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:42 AM 11/12/2018
Signers
[+] Shrivatsa Tech Service Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 10/14/2018
Valid to 10:59 PM 10/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint CBF64801EE4820C4E326B402D04AA75F33DBFB36
Serial number 00 A3 FE E7 F8 3D D1 B8 D7 BF 1F C6 F7 0C BE 8B 55
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Certum EV TSA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 01:10 PM 03/08/2016
Valid to 12:10 PM 05/30/2027
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 4F8D4C480649426AEF8B86D4D5FC7932E7142D85
Serial number 00 FE 67 E4 F1 5A 24 E3 C6 0D 54 7C A0 20 C2 76 70
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:07 AM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-25 20:22:27
Entry Point 0x00004C98
Number of sections 5
PE sections
Overlays
MD5 287a5de8260794f4a24ca238bc14dd1a
File type data
Offset 155648
Size 5648
Entropy 7.41
PE imports
GetServiceKeyNameW
GetSidSubAuthority
LookupPrivilegeDisplayNameW
GetPrivateObjectSecurity
InitiateSystemShutdownExW
EnumServicesStatusW
GetServiceKeyNameA
LookupAccountNameW
GetLengthSid
GetClusterFromResource
FindTextA
GetBrushOrgEx
GetTextMetricsW
DeleteColorSpace
GetStockObject
GetStretchBltMode
ExtCreateRegion
GetTextAlign
GetDeviceGammaRamp
GetSystemTime
DefineDosDeviceW
LocalLock
WriteProcessMemory
DeleteTimerQueueEx
lstrcmpiW
lstrlenW
GetLocalTime
GetVolumePathNamesForVolumeNameW
FindFirstFileExW
GetVolumeInformationA
LockFileEx
lstrcatA
GetVolumeInformationW
GetStartupInfoW
RequestWakeupLatency
GetConsoleScreenBufferInfo
FindNextChangeNotification
GlobalAddAtomW
GetCPInfo
GetStringTypeA
GetSystemDirectoryW
GetProfileStringA
GetCommConfig
GetModuleHandleW
GetThreadSelectorEntry
LoadResource
FormatMessageA
GetPrivateProfileSectionA
ExitProcess
GetVersion
GetRecordInfoFromGuids
ExtractIconExA
GetUserNameExW
DecryptMessage
InsertMenuA
LoadAcceleratorsA
GetClipboardViewer
GetLastInputInfo
GetParent
DrawTextExW
GetMenuStringA
LookupIconIdFromDirectory
GetMessageW
DrawIconEx
LoadKeyboardLayoutW
GetClassLongW
LockWindowUpdate
GetComboBoxInfo
LookupIconIdFromDirectoryEx
GetNextDlgTabItem
DeregisterShellHookWindow
GetClipboardData
InsertMenuItemA
GetFileVersionInfoSizeW
fputc
ftell
Number of PE resources by type
RT_ICON 2
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
itunescpy

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
28416

EntryPoint
0x4c98

OriginalFileName
itunescpy.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008

FileVersion
1, 0, 0, 1

TimeStamp
2013:04:25 22:22:27+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
itunescpy

ProductVersion
1, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
eTinySoft Inc.

CodeSize
795242121

ProductName
itunescpy Application

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a33ba0744264de1d3e6765a80c3131d1
SHA1 9499ed414b3b6b768965d7ae4d95fa400452f81a
SHA256 0d1fa86d688efe5dfb978b6e09ed86efcae22f1946e934222b8e6d1a5e43f3c8
ssdeep
1536:mCV/icnXJ/IbVNnkFw1cCgjOSWl1rRHNHjDg7XKrPzXqYCEIQ3iu:TiOyNnkFccC9rRHRj66rPzXXC/Qr

authentihash f5db25c99a261fc3aaad51f3837ab098437ada18c850ca87d07f06b47c4c260e
imphash a01c7f9db4347468d2f521e5dba50b93
File size 157.5 KB ( 161296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (50.5%)
Microsoft Visual C++ compiled executable (generic) (30.2%)
Win32 Executable (generic) (8.2%)
OS/2 Executable (generic) (3.7%)
Generic Win/DOS Executable (3.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-11-13 08:12:54 UTC ( 5 months, 1 week ago )
Last submission 2018-11-13 08:12:54 UTC ( 5 months, 1 week ago )
File names itunescpy
home.php2
itunescpy.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.