× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19f58fdb5a83eb7dd5101706faa6f4c8b4e4fd2ff3d97ecd7d5eb0b3970a13da
File name: KLPassDecryptSetup
Detection ratio: 0 / 70
Analysis date: 2019-03-13 00:27:07 UTC ( 1 week ago )
Antivirus Result Update
Acronis 20190222
Ad-Aware 20190312
AegisLab 20190312
AhnLab-V3 20190312
Alibaba 20190306
ALYac 20190313
Antiy-AVL 20190312
Arcabit 20190312
Avast 20190313
Avast-Mobile 20190312
AVG 20190313
Avira (no cloud) 20190313
Babable 20180918
Baidu 20190306
BitDefender 20190313
Bkav 20190312
CAT-QuickHeal 20190312
ClamAV 20190312
CMC 20190312
Comodo 20190313
Cybereason 20190109
Cylance 20190313
Cyren 20190313
DrWeb 20190313
eGambit 20190313
Emsisoft 20190313
Endgame 20190215
ESET-NOD32 20190313
F-Prot 20190312
F-Secure 20190313
Fortinet 20190313
GData 20190312
Ikarus 20190312
Sophos ML 20181128
Jiangmin 20190313
K7AntiVirus 20190312
K7GW 20190312
Kaspersky 20190312
Kingsoft 20190313
Malwarebytes 20190312
MAX 20190313
McAfee 20190312
McAfee-GW-Edition 20190312
Microsoft 20190312
eScan 20190312
NANO-Antivirus 20190312
Palo Alto Networks (Known Signatures) 20190313
Panda 20190312
Qihoo-360 20190313
Rising 20190312
SentinelOne (Static ML) 20190311
Sophos AV 20190312
SUPERAntiSpyware 20190307
Symantec 20190311
Symantec Mobile Insight 20190220
TACHYON 20190312
Tencent 20190313
TheHacker 20190308
TotalDefense 20190312
Trapmine 20190301
TrendMicro 20190312
TrendMicro-HouseCall 20190312
Trustlook 20190313
VBA32 20190312
VIPRE 20190311
ViRobot 20190313
Webroot 20190313
Yandex 20190312
Zillya 20190312
ZoneAlarm by Check Point 20190312
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2016 KRyLack Software

Product Asterisk Password Decryptor
Original name KLPassDecryptSetup.exe
Internal name KLPassDecryptSetup
File version 3.20.105
Description Asterisk Password Decryptor
Signature verification Signed file, verified signature
Signing date 9:26 AM 7/5/2016
Signers
[+] Serhii Horobets
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Certum Code Signing CA SHA2
Valid from 11:00 PM 06/29/2016
Valid to 11:00 PM 06/29/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B18695EA7C93FBCD759FFA55F3EE87161EFFD7B5
Serial number 27 65 6E 9E 9E E8 66 59 53 13 CC 87 05 A4 BD 94
[+] Certum Code Signing CA SHA2
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:30 AM 10/29/2015
Valid to 10:30 AM 06/09/2027
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 905DE119F6A0118CFFBF8B69463EFE5BD0C1D322
Serial number 6B 32 6A 0F 03 28 D3 7A 1D 53 0B FD 23 BD 48 E2
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:07 AM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-30 10:15:19
Entry Point 0x0003237B
Number of sections 7
PE sections
Overlays
MD5 b1b2945e46a6736ef460ff473c6ad0cb
File type application/x-ms-dos-executable
Offset 430592
Size 2884960
Entropy 7.75
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
LoadLibraryExA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateNamedPipeW
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
FindFirstFileExW
GlobalLock
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
Process32NextW
VirtualFree
WaitForSingleObjectEx
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
SetStdHandle
GetCommandLineA
CopyFileExW
Process32FirstW
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_DIALOG 12
RT_STRING 10
RT_ICON 5
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
129024

ImageVersion
0.0

ProductName
Asterisk Password Decryptor

FileVersionNumber
3.20.105.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
KLPassDecryptSetup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.20.105

TimeStamp
2016:05:30 12:15:19+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
KLPassDecryptSetup

ProductVersion
3.20.105

FileDescription
Asterisk Password Decryptor

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 2016 KRyLack Software

MachineType
Intel 386 or later, and compatibles

CompanyName
KRyLack Software

CodeSize
300544

FileSubtype
0

ProductVersionNumber
3.20.105.0

EntryPoint
0x3237b

ObjectFileType
Dynamic link library

File identification
MD5 59bb9391ff00f6ac5749bdf954d51170
SHA1 f3dcedc869d10b1852743eb2956d60812ac51078
SHA256 19f58fdb5a83eb7dd5101706faa6f4c8b4e4fd2ff3d97ecd7d5eb0b3970a13da
ssdeep
49152:JDLC7VZHOmxsx0uQemFx3FR0CxO9BIkpSLyptlkBqcUvcwmgXqbBz0W5FX39NVuo:pLC7y5IkZp+q10tV0SjyFXprLTqiix

authentihash 72aad9ed6b4a12d535fcc858b42e63c503c6d70ad542bb4192a9f27867414890
imphash 5c9d977787afdcd935336353f79d206f
File size 3.2 MB ( 3315552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2016-07-06 16:23:39 UTC ( 2 years, 8 months ago )
Last submission 2017-06-28 17:52:32 UTC ( 1 year, 8 months ago )
File names 19F58FDB5A83EB7DD5101706FAA6F4C8B4E4FD2FF3D97ECD7D5EB0B3970A13DA.exe
KLPassDecryptSetup.exe
KLPassDecryptSetup
887884
19f58fdb5a83eb7dd5101706faa6f4c8b4e4fd2ff3d97ecd7d5eb0b3970a13da
KLPassDecryptSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs
UDP communications