× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f22bce80cd97344e58f3121f0bb445c17d2ed2fcf4e1865c980b5a7a43d2efe
File name: Kankan_Latest.exe
Detection ratio: 34 / 68
Analysis date: 2018-11-02 07:20:11 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40141477 20181102
ALYac Trojan.GenericKD.40141477 20181102
Arcabit Trojan.Generic.D26482A5 20181102
Avast Win32:Malware-gen 20181102
AVG Win32:Malware-gen 20181102
Avira (no cloud) TR/PSW.Stealer.jftiz 20181102
BitDefender Trojan.GenericKD.40141477 20181102
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cybereason malicious.be7b08 20180225
Cyren W32/Trojan.NMEZ-9074 20181102
Emsisoft Trojan.GenericKD.40141477 (B) 20181102
Endgame malicious (high confidence) 20180730
F-Secure Trojan.GenericKD.40141477 20181102
GData Trojan.GenericKD.40141477 20181102
Ikarus Trojan.Win32.CMY3U 20181101
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181102
K7GW Riskware ( 0040eff71 ) 20181102
Kaspersky Trojan.Win32.CMY3U.ve 20181102
MAX malware (ai score=100) 20181102
McAfee Artemis!729B1B8BE7B0 20181102
McAfee-GW-Edition Artemis!Trojan 20181102
Microsoft Trojan:Win32/Occamy.C 20181102
eScan Trojan.GenericKD.40141477 20181102
NANO-Antivirus Trojan.Win32.CMY3U.fcboxc 20181102
Palo Alto Networks (Known Signatures) generic.ml 20181102
Panda Trj/CI.A 20181101
Sophos AV Mal/Generic-S 20181101
Symantec ML.Attribute.HighConfidence 20181102
Tencent Win32.Trojan.Cmy3u.Agvb 20181102
TrendMicro-HouseCall TROJ_GEN.R002H0CIL18 20181102
VBA32 Trojan.CMY3U 20181101
VIPRE Trojan.Win32.Generic!BT 20181101
ZoneAlarm by Check Point Trojan.Win32.CMY3U.ve 20181102
AegisLab 20181102
AhnLab-V3 20181101
Alibaba 20180921
Antiy-AVL 20181102
Avast-Mobile 20181101
Babable 20180918
Baidu 20181102
Bkav 20181101
CAT-QuickHeal 20181031
ClamAV 20181102
CMC 20181101
Cylance 20181102
DrWeb 20181102
eGambit 20181102
ESET-NOD32 20181102
F-Prot 20181102
Fortinet 20181102
Jiangmin 20181102
Kingsoft 20181102
Malwarebytes 20181102
Qihoo-360 20181102
Rising 20181102
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181102
TheHacker 20181031
TotalDefense 20181102
TrendMicro 20181102
Trustlook 20181102
ViRobot 20181102
Webroot 20181102
Yandex 20181101
Zillya 20181101
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2017 风尚云起文化传媒(北京)有限公司

Product 看看头条
File version 1.3.0.1
Description 看看头条
Signature verification Signed file, verified signature
Signing date 7:21 AM 1/18/2018
Signers
[+] 风尚云起文化传媒(北京)有限公司
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer WoSign Class 3 Code Signing CA G2
Valid from 05:46 AM 03/07/2017
Valid to 04:46 AM 04/07/2018
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha256RSA
Thumbprint 98254CBE6ABC5913B6A025134478ACA2B208B393
Serial number 49 1C B6 5F 40 56 41 87 3F 04 DA A3 D4 1F 89 C5
[+] WoSign Class 3 Code Signing CA G2
Status Valid
Issuer Certification Authority of WoSign
Valid from 12:58 AM 11/08/2014
Valid to 12:58 AM 11/08/2029
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha256RSA
Thumbprint FDF066448E05E060B1B14E542F6DE002B59B0C71
Serial number 37 A6 0E 92 5F 23 F8 0C FD CD 97 65 92 98 C3 54
[+] WoSign
Status Valid
Issuer Certification Authority of WoSign
Valid from 12:00 AM 08/08/2009
Valid to 12:00 AM 08/08/2039
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint B94294BF91EA8FB64BE61097C7FB001359B676CB
Serial number 5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT NSIS, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-01 00:33:55
Entry Point 0x0000330D
Number of sections 5
PE sections
Overlays
MD5 607b7ed59ea36aa9e7ea7af16ca8eafa
File type data
Offset 106496
Size 2895032
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 13
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
1.3.0.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
118784

EntryPoint
0x330d

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.0.1

TimeStamp
2017:08:01 02:33:55+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (c) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
25088

FileSubtype
0

ProductVersionNumber
1.3.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 729b1b8be7b08ae589bd494b91d4ca95
SHA1 50d32a486412fab0acce59afcb049c460f4bf0da
SHA256 1f22bce80cd97344e58f3121f0bb445c17d2ed2fcf4e1865c980b5a7a43d2efe
ssdeep
49152:OJrkIEkResx0jmCY+uGqmBkngleE2ypTbSmfDUl7bE15o0HlnCo6eu:aXEMeUcmC5imkqT2yJmmf4VEfocCo63

authentihash f1e3043d5d32053368c7ec90ffe52e31eccfad2ccc145869d1f7e77605770dc7
imphash 57e98d9a5a72c8d7ad8fb7a6a58b3daf
File size 2.9 MB ( 3001528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2018-02-04 18:05:15 UTC ( 1 year ago )
Last submission 2019-02-13 02:19:19 UTC ( 4 days, 19 hours ago )
File names 5.exe_x86.exe
Kankan_Latest.exe
output.115160812.txt
Kankan_Latest.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications