× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 175254e80bf60e1096108c65b27e5bec598d7c565c194d5faf6c5aeeaef603ff
File name: cryptoheaven-windows.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-01 10:40:16 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160322
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160331
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160331
Panda 20160331
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160331
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
CryptoHeaven Corp.

Product CryptoHeaven
Original name cryptoheaven-windows.exe
Internal name cryptoheaven
File version 3.9.1
Description CryptoHeaven
Signature verification Signed file, verified signature
Signing date 8:34 PM 1/15/2016
Signers
[+] CryptoHeaven Corp.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 8/25/2011
Valid to 12:59 AM 8/25/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7FC992CAF5DCABF17BE73E7749E2C48BBF4DD42A
Serial number 1D 36 31 B3 6E 30 A5 11 87 25 90 36 F4 B7 51 07
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-24 08:15:38
Entry Point 0x0001AA54
Number of sections 5
PE sections
Overlays
MD5 57e7435a634f642160263264eaa25e90
File type data
Offset 283648
Size 12355200
Entropy 7.98
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
GetOpenFileNameA
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
FindNextFileA
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
AllocConsole
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
SearchPathA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
FindFirstFileA
CompareStringA
GetTempFileNameA
FindFirstFileW
DuplicateHandle
GetUserDefaultLCID
GetLongPathNameW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetShortPathNameA
GetCPInfo
VirtualFree
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
GetLongPathNameA
Sleep
FindResourceA
VirtualAlloc
GetParent
EndDialog
EnumWindows
ShowWindow
FindWindowA
SetWindowPos
GetWindowThreadProcessId
SendDlgItemMessageA
MessageBoxW
GetWindowRect
SetDlgItemTextA
MessageBoxA
DialogBoxParamA
SetWindowTextA
GetLastActivePopup
IsWindowVisible
OffsetRect
GetDlgItem
IsIconic
RegisterClassA
LoadCursorA
LoadIconA
DefDlgProcA
CopyRect
GetDesktopWindow
SetForegroundWindow
ExitWindowsEx
Number of PE resources by type
RT_ICON 10
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.9.1.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
179200

EntryPoint
0x1aa54

OriginalFileName
cryptoheaven-windows.exe

MIMEType
application/octet-stream

LegalCopyright
CryptoHeaven Corp.

FileVersion
3.9.1

TimeStamp
2014:09:24 09:15:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cryptoheaven

ProductVersion
3.9.1

FileDescription
CryptoHeaven

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CryptoHeaven Corp.

CodeSize
183296

ProductName
CryptoHeaven

ProductVersionNumber
3.9.1.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 ce35b8e327252fd6b8e581645a72247f
SHA1 00f68646bcf637fa74e5a24928066b3a6573d1de
SHA256 175254e80bf60e1096108c65b27e5bec598d7c565c194d5faf6c5aeeaef603ff
ssdeep
196608:2yhCCUkzv3vqlewu6QO5CKgzMAXrLlhhd3UeLnTsh6kMRJo6kOZfhyznc:2sCCLvvqlewueyRXf/46F7/kOZfhy

authentihash e4ddc67ed0b3a4ce35a76bc84e0ff4c95f24938046f50a7b3163bcdc71844cf3
imphash 22e18d4ac150fe4d5cc0880b1be0feb4
File size 12.1 MB ( 12638848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-01-18 20:23:56 UTC ( 2 years, 6 months ago )
Last submission 2018-05-28 07:03:25 UTC ( 1 month, 3 weeks ago )
File names 788587
cryptoheaven-windowsтриал.exe
VirusShare_ce35b8e327252fd6b8e581645a72247f
cryptoheaven
cryptoheaven-windows.exe
cryptoheaven-windows.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications