× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 158cf9c39d5ce04e4c7c1bc04e48ff62aa4fe59470000d109ba317bc14879ada
File name: data.php2
Detection ratio: 23 / 69
Analysis date: 2018-10-09 15:19:33 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40590504 20181009
AhnLab-V3 Trojan/Win32.Emotet.R238622 20181009
Arcabit Trojan.Generic.D26B5CA8 20181009
BitDefender Trojan.GenericKD.40590504 20181009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20181009
Emsisoft Trojan.Agent (A) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLLO 20181009
F-Secure Trojan.GenericKD.40590504 20181009
Fortinet W32/GenKryptik.CNJW!tr 20181009
GData Win32.Trojan-Spy.Emotet.CO 20181009
Ikarus Trojan.Win32.Krypt 20181009
Kaspersky Trojan-Spy.Win32.Ursnif.aaou 20181009
McAfee Artemis!7E578CAC1F73 20181009
McAfee-GW-Edition Artemis 20181009
eScan Trojan.GenericKD.40590504 20181009
NANO-Antivirus Trojan.Win32.Mlw.fitxcy 20181009
Qihoo-360 Win32/Trojan.Spy.560 20181009
Sophos AV Mal/Generic-S 20181009
VBA32 BScope.Trojan.Gozi 20181009
Webroot W32.Trojan.Gen 20181009
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aaou 20181009
AegisLab 20181009
Alibaba 20180921
ALYac 20181009
Antiy-AVL 20181009
Avast 20181009
Avast-Mobile 20181009
AVG 20181009
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181009
CMC 20181009
Comodo 20181009
Cybereason 20180225
Cyren 20181009
DrWeb 20181009
eGambit 20181009
F-Prot 20181009
Sophos ML 20180717
Jiangmin 20181009
K7AntiVirus 20181009
K7GW 20181009
Kingsoft 20181009
Malwarebytes 20181009
MAX 20181009
Microsoft 20181009
Palo Alto Networks (Known Signatures) 20181009
Panda 20181009
Rising 20181009
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec 20181009
Symantec Mobile Insight 20181001
TACHYON 20181009
Tencent 20181009
TheHacker 20181008
TotalDefense 20181009
TrendMicro 20181009
TrendMicro-HouseCall 20181009
Trustlook 20181009
VIPRE 20181008
ViRobot 20181009
Yandex 20181008
Zillya 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name aspnet_counters.dll
Internal name aspnet_counters.dll
File version 4.0.30319.34209 built by: FX452RTMGDR
Description Microsoft ASP.NET Performance Counter Shim DLL
Comments Flavor=Retail
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 9:35 PM 10/7/2018
Signers
[+] ZK9 LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/14/2018
Valid to 12:59 AM 8/15/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 204761E11DD042023B406AB6F3DA910F8F17FCE0
Serial number 00 AE B6 01 EF C3 F0 4A 41 D6 1F 0F 92 73 27 2D 7D
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 07:56:26
Entry Point 0x000021B0
Number of sections 10
PE sections
Overlays
MD5 a80c1ede8bbbf9cdc8968c9ace80b24f
File type data
Offset 208896
Size 7456
Entropy 7.24
PE imports
CryptDeriveKey
RegSetKeySecurity
AdjustTokenGroups
LocaleNameToLCID
FindFirstFileExW
SetCurrentConsoleFontEx
SetupDiOpenDeviceInfoW
StrChrNW
Ord(30)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.2

Comments
Flavor=Retail

LinkerVersion
7.0

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
4.0.30319.34209

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft ASP.NET Performance Counter Shim DLL

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

PrivateBuild
DDBLD354

EntryPoint
0x21b0

OriginalFileName
aspnet_counters.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
4.0.30319.34209 built by: FX452RTMGDR

TimeStamp
2004:08:04 08:56:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
aspnet_counters.dll

ProductVersion
4.0.30319.34209

UninitializedDataSize
4080

OSVersion
4.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
299936

ProductName
Microsoft .NET Framework

ProductVersionNumber
4.0.30319.34209

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7e578cac1f731691b109f7afd56889c1
SHA1 366e4527fa41785b4cad034ca986ffe7867d8752
SHA256 158cf9c39d5ce04e4c7c1bc04e48ff62aa4fe59470000d109ba317bc14879ada
ssdeep
3072:PPKuHhZ4EuItrK9R/r1ypd+oGmEqYGm+LWrHSkhcOb:q8hCqeFrK0PGmdb

authentihash 6da33095378323fc9309895669cec365e1c3e259c0f539173a8fc375bd74678e
imphash 66b5a60626be1cc1afb4d9f136ce0c80
File size 211.3 KB ( 216352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-10-08 02:04:01 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-08 02:04:01 UTC ( 4 months, 2 weeks ago )
File names aspnet_counters.dll
data.php2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!