× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 238af9d18374f15e393ed12963f5daef6f01e933d0d1a618cc248120fcfb931e
File name: exyoo.kaf
Detection ratio: 13 / 67
Analysis date: 2018-06-20 13:27:40 UTC ( 8 months ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20180620
AVG FileRepMetagen [Malware] 20180620
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180620
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CDCN 20180620
Fortinet W32/Kryptik.GEYH!tr 20180620
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180620
Qihoo-360 HEUR/QVM20.1.F877.Malware.Gen 20180620
Symantec ML.Attribute.HighConfidence 20180620
Webroot W32.Trojan.Gen 20180620
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180620
Ad-Aware 20180620
AegisLab 20180620
AhnLab-V3 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Arcabit 20180620
Avast-Mobile 20180620
Avira (no cloud) 20180620
AVware 20180618
Babable 20180406
BitDefender 20180620
Bkav 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
Cylance 20180620
Cyren 20180620
DrWeb 20180620
eGambit 20180620
Emsisoft 20180620
F-Prot 20180620
F-Secure 20180620
GData 20180620
Ikarus 20180620
Jiangmin 20180620
K7AntiVirus 20180620
K7GW 20180620
Kingsoft 20180620
Malwarebytes 20180620
MAX 20180620
McAfee 20180620
McAfee-GW-Edition 20180620
Microsoft 20180620
eScan 20180620
NANO-Antivirus 20180620
Palo Alto Networks (Known Signatures) 20180620
Panda 20180620
Rising 20180620
SentinelOne (Static ML) 20180618
Sophos AV 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TrendMicro 20180620
TrendMicro-HouseCall 20180620
Trustlook 20180620
VBA32 20180620
VIPRE 20180620
ViRobot 20180620
Yandex 20180620
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Texas Corporation. All rights reserved.

Product Texas Instruments®
Original name cgreas.exe
Internal name cgreas.exe
File version 6.3.9600.17415 (winblue_r4.141028-1500)
Description Mbduhi uwicu iu IIIP
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:41 AM 6/20/2018
Signers
[+] INFIINET LTD
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 5/18/2018
Valid to 12:59 AM 5/19/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint C2975B3D0ABB5659930D45F576C3A9FF4327A458
Serial number 4E AB BF E0 07 5A 8D AA A7 26 C9 F6 6D 55 66 5A
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2021-09-27 11:23:39
Entry Point 0x00002C71
Number of sections 5
PE sections
Overlays
MD5 9cf784b8001961088e4af21787733c6e
File type data
Offset 237568
Size 5304
Entropy 7.45
PE imports
GetFileSecurityW
RegDisablePredefinedCache
LookupAccountSidW
DeleteAce
MakeAbsoluteSD
CryptVerifySignatureA
UnlockServiceDatabase
GetEventLogInformation
OpenClusterResource
CommDlgExtendedError
CryptMemAlloc
GetObjectA
PolylineTo
CreateEllipticRgn
DescribePixelFormat
CombineRgn
CreateDIBSection
ImmSetConversionStatus
GetTcpStatistics
GetQueuedCompletionStatus
GetUserDefaultLangID
ScrollConsoleScreenBufferA
WriteFile
HeapDestroy
FoldStringW
GetHandleInformation
GetUserDefaultLCID
FlushViewOfFile
MprConfigServerConnect
ICCompressorChoose
NetShareEnumSticky
NetApiBufferFree
VarDateFromR8
RpcEpResolveBinding
I_RpcNsBindingSetEntryNameW
SetupDiCancelDriverInfoSearch
SetupDiDrawMiniIcon
SetupDiGetClassDevsA
SetupDuplicateDiskSpaceListW
CM_Locate_DevNodeW
wnsprintfW
PathFindExtensionA
PathCommonPrefixW
PathIsRelativeA
UrlCanonicalizeW
CreateDialogParamW
GetCaretBlinkTime
GetForegroundWindow
DestroyIcon
IntersectRect
SetClassLongW
GetLastActivePopup
MessageBoxIndirectA
DestroyCaret
PrivacyGetZonePreferenceW
midiInGetNumDevs
CryptCATPutCatAttrInfo
iswupper
CoFreeAllLibraries
CoIsHandlerConnected
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Mbduhi uwicu iu IIIP

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
221184

EntryPoint
0x2c71

OriginalFileName
cgreas.exe

MIMEType
application/octet-stream

LegalCopyright
Texas Corporation. All rights reserved.

FileVersion
6.3.9600.17415 (winblue_r4.141028-1500)

TimeStamp
2021:09:27 12:23:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cgreas.exe

ProductVersion
6.3.9600.17415

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Texas Instruments

CodeSize
285939417

ProductName
Texas Instruments

ProductVersionNumber
6.3.9600.17415

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f7809b17ed9a8ec4082259079e4f617e
SHA1 e785fbe79a6cd0ce9a68bfb3e6b56cb6fb7f4d8b
SHA256 238af9d18374f15e393ed12963f5daef6f01e933d0d1a618cc248120fcfb931e
ssdeep
3072:1MismR4I01QJQItATBYFgJsrYO5bt1Z6ZbrV9Hrt0e/h4QHCbu:XR4I0UtAT+gyZ6Zbp9LWI

authentihash e3c5022ab736635b4e5848064efb7e3925ae384252e30a82d7d7e3650fb958ab
imphash 4b8c93eeeaf92f596eac6e02a9d39206
File size 237.2 KB ( 242872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2018-06-20 13:27:40 UTC ( 8 months ago )
Last submission 2018-06-27 14:07:30 UTC ( 7 months, 4 weeks ago )
File names exyoo.kaf
output.113493918.txt
output.113494441.txt
fc47c82c78ff4ba31aa74005a5316ca6af65b858
cgreas.exe
exyoo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Opened service managers
Opened services
Runtime DLLs