× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1200fccdf18e7b947e296898e22c1a6e2a0557aaf9d6503918115ebce82965c2
File name: e76aad569fea27cdf4cc76580923fba1.sample.unscrambled
Detection ratio: 1 / 54
Analysis date: 2014-10-29 19:37:22 UTC ( 4 years, 4 months ago )
Antivirus Result Update
CMC Trojan.Win32.Swizzor.3!O 20141029
Ad-Aware 20141029
AegisLab 20141029
Yandex 20141028
AhnLab-V3 20141029
Antiy-AVL 20141029
Avast 20141029
AVG 20141029
Avira (no cloud) 20141029
AVware 20141029
Baidu-International 20141027
BitDefender 20141029
Bkav 20141027
ByteHero 20141029
CAT-QuickHeal 20141029
ClamAV 20141029
Comodo 20141029
Cyren 20141029
DrWeb 20141029
Emsisoft 20141029
ESET-NOD32 20141029
F-Prot 20141029
F-Secure 20141029
Fortinet 20141029
GData 20141029
Ikarus 20141029
Jiangmin 20141028
K7AntiVirus 20141029
K7GW 20141029
Kaspersky 20141029
Kingsoft 20141029
Malwarebytes 20141029
McAfee 20141029
McAfee-GW-Edition 20141028
Microsoft 20141029
eScan 20141029
NANO-Antivirus 20141029
Norman 20141029
nProtect 20141029
Qihoo-360 20141029
Rising 20141029
Sophos AV 20141029
SUPERAntiSpyware 20141029
Symantec 20141029
Tencent 20141029
TheHacker 20141028
TotalDefense 20141029
TrendMicro 20141029
TrendMicro-HouseCall 20141029
VBA32 20141029
VIPRE 20141029
ViRobot 20141029
Zillya 20141029
Zoner 20141029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Emurasoft
Signature verification Signed file, verified signature
Signing date 6:30 PM 5/29/2010
Signers
[+] Emurasoft
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 11/16/2009
Valid to 12:59 AM 5/27/2011
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm SHA1
Thumbprint EA471E16AF71F0541E1BD1D8E367E24FF6832A2D
Serial number 5A 43 45 0B A4 AC 88 AE 10 A0 B1 18 69 66 25 62
[+] Thawte Code Signing CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/6/2003
Valid to 12:59 AM 8/6/2013
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] Thawte Premium Server CA (SHA1)
Status Valid
Issuer None
Valid from 1:00 AM 8/1/1996
Valid to 12:59 AM 1/2/2021
Valid usage Server Auth, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbprint E0AB059420725493056062023670F7CD2EFC6666
Serial number 36 12 22 96 C5 E3 38 A5 20 A1 D2 5F 4C D7 09 54
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-29 17:30:47
Entry Point 0x0000770A
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetPrivateProfileStructW
FreeEnvironmentStringsA
DeleteCriticalSection
WritePrivateProfileStructW
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetAtomNameW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
GetSystemDirectoryW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetLastError
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GlobalDeleteAtom
GetProcAddress
GetPrivateProfileIntW
FindNextFileW
FindFirstFileW
lstrcmpW
GlobalLock
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GlobalGetAtomNameW
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ExtractIconExW
Shell_NotifyIconW
SHAppBarMessage
PathIsNetworkPathW
PathCombineW
PathStripPathW
PathRemoveFileSpecW
PathIsURLW
PathAppendW
PathCanonicalizeW
PathIsRelativeW
PathIsDirectoryW
PathCompactPathExW
EmptyClipboard
RegisterWindowMessageW
UnregisterHotKey
PostQuitMessage
EnumWindows
DefWindowProcW
FindWindowW
KillTimer
DestroyMenu
GetClipboardOwner
GetMessageW
ShowWindow
LoadMenuW
GetClipboardData
GetSystemMetrics
EnableMenuItem
IsWindow
SendMessageW
SetClipboardViewer
AppendMenuW
ChangeClipboardChain
TranslateMessage
PostMessageW
GetLastActivePopup
DispatchMessageW
GetCursorPos
GetMenuItemID
CreatePopupMenu
CheckMenuItem
DestroyIcon
EndMenu
SetClipboardData
IsWindowVisible
LoadStringW
SetTimer
SetForegroundWindow
SetMenuDefaultItem
MessageBoxW
IsIconic
DeleteMenu
TrackPopupMenuEx
GetSubMenu
CreateMenu
LoadImageW
GetClassNameW
RegisterClassW
GetMenuItemCount
GetMenuItemInfoW
RegisterHotKey
ModifyMenuW
RegisterClipboardFormatW
SendMessageTimeoutW
CreateWindowExW
InsertMenuW
CloseClipboard
DestroyWindow
OpenClipboard
CoUninitialize
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:05:29 18:30:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
64512

LinkerVersion
9.0

FileAccessDate
2014:10:29 20:39:29+01:00

EntryPoint
0x770a

InitializedDataSize
40960

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:10:29 20:39:29+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e76aad569fea27cdf4cc76580923fba1
SHA1 415c3ed4b4f57447e4518c0dbadccd502186048e
SHA256 1200fccdf18e7b947e296898e22c1a6e2a0557aaf9d6503918115ebce82965c2
ssdeep
1536:x6BpkPLGIakEXeWRqpLvd7GnOoiTpDsMVXY7iel9+Mh3g:xuS7HvTpTpDsMVXG9+MW

authentihash b0b2880bfea44ce474b86617e3bbe456939bf54522e5f958076c56dd148d2447
imphash f7f497dea6c70ff4cd0e29b3b0e52484
File size 97.9 KB ( 100232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2010-06-02 05:54:29 UTC ( 8 years, 9 months ago )
Last submission 2010-10-22 11:37:27 UTC ( 8 years, 4 months ago )
File names e76aad569fea27cdf4cc76580923fba1.sample.unscrambled
FAB099E688A4FFCD879201634702FC00A16E49F9.exe
emedtray.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!