× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1cb838ae7942a4bab815334cb2729ebbee56c5e7bbaa490d8dfbe5687b6e2454
File name: tryewdgh.exe
Detection ratio: 8 / 57
Analysis date: 2015-06-08 11:38:20 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
AVware Trojan.Compcert.51415 (fs) 20150608
ESET-NOD32 a variant of MSIL/Injector.KBN 20150608
Kaspersky UDS:DangerousObject.Multi.Generic 20150608
Malwarebytes Trojan.Agent.qry 20150608
Panda Trj/Chgt.O 20150607
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20150608
Tencent Trojan.Win32.YY.Gen.18 20150608
VIPRE Trojan.Compcert.51415 (fs) 20150608
Ad-Aware 20150608
AegisLab 20150608
Yandex 20150607
AhnLab-V3 20150608
Alibaba 20150608
ALYac 20150608
Antiy-AVL 20150608
Arcabit 20150608
Avast 20150608
AVG 20150608
Avira (no cloud) 20150608
Baidu-International 20150608
BitDefender 20150608
Bkav 20150608
ByteHero 20150608
CAT-QuickHeal 20150608
ClamAV 20150606
CMC 20150604
Comodo 20150608
Cyren 20150608
DrWeb 20150608
Emsisoft 20150608
F-Prot 20150608
F-Secure 20150608
Fortinet 20150608
GData 20150608
Ikarus 20150608
Jiangmin 20150607
K7AntiVirus 20150608
K7GW 20150608
Kingsoft 20150608
McAfee 20150608
McAfee-GW-Edition 20150607
Microsoft 20150608
eScan 20150608
NANO-Antivirus 20150608
nProtect 20150605
Rising 20150608
Sophos AV 20150608
SUPERAntiSpyware 20150606
Symantec 20150608
TheHacker 20150607
TotalDefense 20150608
TrendMicro 20150608
TrendMicro-HouseCall 20150608
VBA32 20150605
ViRobot 20150608
Zillya 20150607
Zoner 20150605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher 3 AM CHP
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] 3 AM CHP
Status Valid
Issuer None
Valid from 1:00 AM 5/11/2015
Valid to 12:59 AM 5/11/2016
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.11
Thumbprint 3D8D283756A8F97A1313C3155CF330CEE5DFBC0B
Serial number 00 9E 9F 13 B0 85 D5 B6 14 8E CF EB C6 DF D1 EC F0
[+] COMODO RSA Code Signing CA
Status Valid
Issuer None
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm 1.2.840.113549.1.1.12
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO
Status Valid
Issuer None
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm 1.2.840.113549.1.1.12
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust
Status Valid
Issuer None
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm SHA1
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-20 23:13:41
Entry Point 0x0003C06E
Number of sections 3
.NET details
Module Version ID fb1eb6ff-8551-4379-828f-cf4f20f2f17b
PE sections
Overlays
MD5 48f0a376c6b7782dd84d04b0bfff8899
File type data
Offset 240640
Size 3816
Entropy 7.38
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x3c06e

OriginalFileName
DenizenFaringGrist

MIMEType
application/octet-stream

TimeStamp
2006:12:21 00:13:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DenizenFaringGrist

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
238080

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 53b47c9eb1750c4ee7c4cd0f83a56f30
SHA1 a81384a7cb9e272aed18a2e5553c480c09bba5ef
SHA256 1cb838ae7942a4bab815334cb2729ebbee56c5e7bbaa490d8dfbe5687b6e2454
ssdeep
6144:5l1uHLY+FRvPDhs6t1HPU2NLwywrn5kbygRZwJwNvvmKi0u2i:EnrGnaUMu2i

authentihash f4a0eeec89c09c088147b1b5b47ba42b1c7c9e4a7b6ffb32b33a73bf13b362f8
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 238.7 KB ( 244456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay assembly signed via-tor

VirusTotal metadata
First submission 2015-06-08 09:21:11 UTC ( 3 years, 11 months ago )
Last submission 2015-06-09 09:01:49 UTC ( 3 years, 11 months ago )
File names crypted.120.exe
tryewdgh.exe
crypted.120[1].exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections