× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ad8bd51580989ffbafa72eb887319bad6a190a47382ef117ea6ed4684709b23
File name: 43765
Detection ratio: 4 / 57
Analysis date: 2016-04-01 23:39:05 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Crypt.Zpack!c 20160401
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20160402
Ikarus Trojan.Crypt 20160401
Zillya Adware.BrowseFox.Win32.269148 20160401
Ad-Aware 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160401
BitDefender 20160402
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160402
CMC 20160401
Comodo 20160401
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160402
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160402
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2001-2008

Product Flashcard Tables Demo
Original name flashcrdD.exe
Internal name flashcrdD
File version 1.11.0.0
Description Flashcard Tables Demo Installer
Signature verification Signed file, verified signature
Signing date 7:33 PM 6/18/2008
Signers
[+] Wieser Software Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 02/02/2008
Valid to 11:59 PM 02/01/2011
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F12DE1FE20E11DB9219750626556F1A2A93FCFF9
Serial number 00 BA F8 7F 94 15 2C D7 1D E0 15 EC A9 50 A6 2D 34
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] Comodo Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 11:00 PM 05/16/2005
Valid to 10:59 PM 05/16/2010
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 95B2B8E34EB2CB768144ED07433EF0A3AFCAEEC0
Serial number 4F 63 D0 30 F8 15 A3 A5 B3 44 69 40 06 3D 16 89
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-16 08:43:30
Entry Point 0x0000A4AA
Number of sections 4
PE sections
Overlays
MD5 4bc6fc4222d012fb2ed06a16aadc7335
File type data
Offset 532992
Size 3848
Entropy 7.35
PE imports
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
OpenProcess
CreateDirectoryA
DeleteFileA
SetEvent
GetProcAddress
GetProcessHeap
lstrcmpA
lstrcpyA
EnumResourceNamesA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalAlloc
SizeofResource
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
FreeResource
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SysFreeString
VariantClear
SysAllocString
UuidFromStringA
ShellExecuteA
MapWindowPoints
GetParent
UpdateWindow
EndDialog
KillTimer
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetWindowRect
EnableWindow
UnregisterClassA
PostMessageA
GetDlgItemTextA
MessageBoxA
SetWindowLongA
wvsprintfA
DialogBoxParamA
GetWindow
SystemParametersInfoA
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
GetDlgItem
wsprintfA
SetTimer
LoadIconA
GetActiveWindow
CharNextA
LoadImageA
WinVerifyTrust
CoUninitialize
CoInitialize
Number of PE resources by type
RT_DIALOG 4
RT_ICON 4
HELP 1
RT_MANIFEST 1
RT_STRING 1
EXTERNAL 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
ENGLISH NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
452608

ImageVersion
0.0

ProductName
Flashcard Tables Demo

FileVersionNumber
1.11.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
flashcrdD.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.11.0.0

TimeStamp
2007:05:16 10:43:30+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
flashcrdD

ProductVersion
1.11.0.0

FileDescription
Flashcard Tables Demo Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2001-2008

MachineType
Intel 386 or later, and compatibles

CompanyName
Wieser Software Ltd

CodeSize
79360

FileSubtype
0

ProductVersionNumber
1.11.0.0

EntryPoint
0xa4aa

ObjectFileType
Executable application

File identification
MD5 9cf951d360c001913693eb5c06fdbee0
SHA1 69995a322326e398b91583dc14f0a210e123016c
SHA256 1ad8bd51580989ffbafa72eb887319bad6a190a47382ef117ea6ed4684709b23
ssdeep
12288:o3KlTPlyXMw9Z1zkoEcyyETdhBMjv8JgNj0D+FmCoomp52:o3KlTk8w9rqXJavPNj0D+gCjm+

authentihash fb2a500c56d2ec6754202fcef56fa779da46d3965f32fde54924a55597e25b61
imphash 5354a14a535cb3f7768768824aead167
File size 524.3 KB ( 536840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2010-03-28 20:32:13 UTC ( 8 years, 11 months ago )
Last submission 2016-04-17 01:25:40 UTC ( 2 years, 10 months ago )
File names 9cf951d360c001913693eb5c06fdbee0.exe
4290562208F04EDE315708F6E341B400356492C5.exe
aa
octet-stream
flashcrd.exe
flashcrdD
"flashcrd.exe"
flashcrd.exe
9cf951d360c001913693eb5c06fdbee0
12636353
pXs9eETR.doc
43765
flashcrdD.exe
output.12636353.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!