× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d88311a61cd977fe0b23f7f0ea79e4d8179fea2742990d5168304f9fac0dc01
File name: TevPortLimited.exe
Detection ratio: 6 / 68
Analysis date: 2018-08-01 15:44:05 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Agent.deobf 20180801
Cylance Unsafe 20180801
DrWeb Trojan.Siggen7.56110 20180801
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJKO 20180801
Microsoft Trojan:Win32/Fuery.B!cl 20180801
Ad-Aware 20180801
AegisLab 20180801
AhnLab-V3 20180801
Alibaba 20180713
ALYac 20180801
Antiy-AVL 20180801
Arcabit 20180801
Avast 20180801
Avast-Mobile 20180801
AVG 20180801
AVware 20180727
Babable 20180725
Baidu 20180801
BitDefender 20180801
Bkav 20180801
CAT-QuickHeal 20180801
ClamAV 20180801
CMC 20180801
Comodo 20180801
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180801
eGambit 20180801
Emsisoft 20180801
F-Prot 20180801
F-Secure 20180801
Fortinet 20180801
GData 20180801
Ikarus 20180801
Sophos ML 20180717
Jiangmin 20180801
K7AntiVirus 20180801
K7GW 20180801
Kaspersky 20180801
Kingsoft 20180801
Malwarebytes 20180801
MAX 20180801
McAfee 20180801
McAfee-GW-Edition 20180801
eScan 20180801
NANO-Antivirus 20180801
Palo Alto Networks (Known Signatures) 20180801
Panda 20180801
Qihoo-360 20180801
Rising 20180801
SentinelOne (Static ML) 20180701
Sophos AV 20180801
SUPERAntiSpyware 20180801
Symantec 20180731
Symantec Mobile Insight 20180801
TACHYON 20180801
Tencent 20180801
TheHacker 20180730
TotalDefense 20180801
TrendMicro 20180801
TrendMicro-HouseCall 20180801
Trustlook 20180801
VBA32 20180801
VIPRE 20180801
ViRobot 20180801
Webroot 20180801
Yandex 20180731
Zillya 20180731
ZoneAlarm by Check Point 20180801
Zoner 20180801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright ©Tev Port Limited

Product Tev Port
Original name Tev Port
Internal name Tev Port
Description Layer Invite Gemlight
Signature verification Signed file, verified signature
Signing date 12:57 AM 8/1/2018
Signers
[+] TOV PORT-SERVIS LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 11:42 AM 06/06/2018
Valid to 11:42 AM 06/07/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 0A4A3D99BF01390AA76619017832C3DA14577789
Serial number 12 5B B2 DA 01 D4 0D DB F2 E6 C5 67
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 12:00 AM 06/15/2016
Valid to 12:00 AM 06/15/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 03/18/2009
Valid to 11:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-31 17:05:39
Entry Point 0x0004A078
Number of sections 5
PE sections
Overlays
MD5 fbdcc31c38dc2672ea516d2373d17413
File type data
Offset 614400
Size 8128
Entropy 7.25
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_Draw
ImageList_DragMove
ImageList_Create
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetWindowExtEx
SetMapMode
CreatePen
GetRgnBox
SaveDC
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
EnumFontFamiliesA
SetTextColor
GetDeviceCaps
CreateFontA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetFontData
ExtTextOutA
PtVisible
ExtSelectClipRgn
CreateCompatibleDC
ScaleViewportExtEx
GetBkColor
SetWindowExtEx
GetTextColor
CreateSolidBrush
Polyline
Escape
GetViewportExtEx
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
ImmGetDescriptionA
ImmGetConversionStatus
ImmGetContext
ImmSetCompositionFontA
ImmGetOpenStatus
ImmReleaseContext
ImmSetOpenStatus
ImmIsIME
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetProcAddress
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
DuplicateHandle
GlobalLock
GlobalAlloc
GetTimeZoneInformation
GetConsoleWindow
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GradientFill
NetFileEnum
NetAuditClear
NetApiBufferFree
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
wglMakeCurrent
wglCreateContext
SHQueryRecycleBinA
ShellExecuteA
SHEmptyRecycleBinA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
DdeCreateStringHandleA
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
AllowSetForegroundWindow
GetNextDlgTabItem
CallNextHookEx
CopyAcceleratorTableA
GetActiveWindow
LoadImageA
GetTopWindow
GetWindowTextA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
GetKeyboardLayout
SetWindowContextHelpId
GetSysColorBrush
ReleaseDC
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
SetCapture
BeginPaint
OffsetRect
DrawIcon
CharNextA
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
IsRectEmpty
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
MapDialogRect
IntersectRect
EndDialog
CopyRect
GetCapture
MessageBeep
DrawTextExA
GetWindowThreadProcessId
AppendMenuA
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
SetRect
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
ScriptShape
ScriptRecordDigitSubstitution
OpenPrinterA
DocumentPropertiesA
ClosePrinter
gethostname
socket
bind
WSAStartup
gethostbyname
htons
GetFileTitleA
DeleteIpNetEntry
DeleteProxyArpEntry
DeleteIpForwardEntry
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
RevokeDragDrop
StgOpenStorageOnILockBytes
CoRevokeClassObject
CLSIDFromProgID
CoLockObjectExternal
CoFreeUnusedLibraries
GetHGlobalFromStream
CoRegisterMessageFilter
OleFlushClipboard
OleInitialize
CLSIDFromString
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
CoGetClassObject
PdhBrowseCountersA
PdhCollectQueryData
Number of PE resources by type
RT_ICON 7
RT_STRING 4
RT_RCDATA 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
FileDescription
Layer Invite Gemlight

Languages
English

InitializedDataSize
196608

ImageVersion
0.0

ProductName
Tev Port

FileVersionNumber
3.4.18.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Tev Port

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:07:31 19:05:39+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tev Port

SubsystemVersion
4.0

ProductVersion
3.4.18.9

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Tev Port Limited

MachineType
Intel 386 or later, and compatibles

CompanyName
Tev Port Limited

CodeSize
413696

FileSubtype
0

ProductVersionNumber
3.4.18.9

EntryPoint
0x4a078

ObjectFileType
Executable application

File identification
MD5 f69408ccd0633f53eb84ac923de4753f
SHA1 d4bca2a5f587a9a0b5aa76bf7c3e0ddf6e9fbea3
SHA256 0d88311a61cd977fe0b23f7f0ea79e4d8179fea2742990d5168304f9fac0dc01
ssdeep
6144:2L7TXrxQzI0kDObBeKc8ZDxEAve1m80tmDgZ22Jlf8aUYvNbebdqCrMdesHgr8I3:2L7T2WKNE11Kt9Z2MfdQbREevr8I1OK

authentihash f434e7027c9b9e06aa3bfae0cde72957002372f3c5d01b788b752e441f459579
imphash 0f0bb2a426998331b4ca4a4680c1c459
File size 607.9 KB ( 622528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-08-01 15:44:05 UTC ( 9 months, 3 weeks ago )
Last submission 2018-08-01 15:44:05 UTC ( 9 months, 3 weeks ago )
File names Tev Port
TevPortLimited.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.