× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 246e6f8fdcaf04bcef9b67f483b3a2c7a4f5d9fbb16961d70516eb41c90538e7
File name: zoc7224.exe
Detection ratio: 0 / 70
Analysis date: 2019-01-15 10:45:05 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis 20190111
Ad-Aware 20190115
AegisLab 20190115
AhnLab-V3 20190114
Alibaba 20180921
ALYac 20190115
Antiy-AVL 20190115
Arcabit 20190115
Avast 20190115
Avast-Mobile 20190115
AVG 20190115
Avira (no cloud) 20190115
Babable 20180918
Baidu 20190115
BitDefender 20190115
Bkav 20190108
CAT-QuickHeal 20190114
ClamAV 20190115
CMC 20190114
Comodo 20190114
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190115
Cyren 20190114
DrWeb 20190114
eGambit 20190115
Emsisoft 20190114
Endgame 20181108
ESET-NOD32 20190114
F-Prot 20190114
F-Secure 20190114
Fortinet 20190114
GData 20190114
Ikarus 20190114
Sophos ML 20181128
Jiangmin 20190114
K7AntiVirus 20190114
K7GW 20190114
Kaspersky 20190114
Kingsoft 20190115
Malwarebytes 20190114
MAX 20190115
McAfee 20190114
McAfee-GW-Edition 20190114
Microsoft 20190114
eScan 20190114
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190115
Panda 20190114
Qihoo-360 20190115
Rising 20190115
SentinelOne (Static ML) 20181223
Sophos AV 20190115
SUPERAntiSpyware 20190109
Symantec 20190115
TACHYON 20190115
Tencent 20190115
TheHacker 20190115
Trapmine 20190103
TrendMicro 20190115
TrendMicro-HouseCall 20190115
Trustlook 20190115
VBA32 20190115
VIPRE 20190115
ViRobot 20190115
Webroot 20190115
Yandex 20190111
Zillya 20190115
ZoneAlarm by Check Point 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 11:37 AM 1/15/2019
Signers
[+] Markus Schmidt
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 11:00 PM 07/08/2018
Valid to 11:00 AM 09/08/2021
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 199477DADF1F89683AC3E59BD3DD846D330CC508
Serial number 0F 59 9A 52 08 BD 8C C5 0E 4B A7 B8 93 BF A8 07
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 11:00 AM 10/22/2013
Valid to 11:00 AM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
F-PROT appended, Unicode, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-18 11:02:56
Entry Point 0x0000299C
Number of sections 5
PE sections
Overlays
MD5 527b7b03bc06a11322e60b1bfce40a6c
File type data
Offset 72192
Size 5502080
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetFileAttributesA
WaitForSingleObject
GetModuleHandleW
GetOEMCP
IsDebuggerPresent
ExitProcess
SetFileTime
FlushFileBuffers
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
GetACP
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetPrivateProfileStringA
DecodePointer
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
GetConsoleCP
SetStdHandle
GetModuleFileNameW
GetModuleHandleA
GetTempPathA
WriteConsoleW
GetConsoleMode
CreateThread
LoadLibraryW
SetFilePointer
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetTempFileNameA
GetSystemDirectoryA
GetStringTypeW
ExpandEnvironmentStringsA
GetFullPathNameA
HeapAlloc
TerminateProcess
CreateProcessA
WideCharToMultiByte
IsValidCodePage
WriteFile
CreateFileW
VirtualFree
LocalFileTimeToFileTime
TlsGetValue
Sleep
FormatMessageA
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
wsprintfA
SetWindowTextA
EndDialog
SetDlgItemTextA
PostMessageA
SendMessageA
MessageBoxA
GetDlgItem
DialogBoxParamA
ShowWindow
DestroyWindow
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:18 12:02:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
35328

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x299c

InitializedDataSize
61440

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 52b20a1ada5cdc7710887da4919bbbe5
SHA1 9970d40d38e7738a771d24ba97a077de3bfad42b
SHA256 246e6f8fdcaf04bcef9b67f483b3a2c7a4f5d9fbb16961d70516eb41c90538e7
ssdeep
98304:Su/Du3Cuz6gZp/qWKydk4owu4LS7UoIMdnnMLO+3MN3IBS+bMLhveKQ9DBBKdv:SwDuSuz6gZp/qWfkRwp2UoI2f+3MlIBE

authentihash 6e66231a32cc0f0b69f31729cf0c376ba3d9695b4bf7a5ab38123d8a73d54867
imphash 68c1cca8cda6c71e092901162f01b22f
File size 5.3 MB ( 5574272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-15 10:45:05 UTC ( 1 month ago )
Last submission 2019-01-15 10:45:05 UTC ( 1 month ago )
File names 246E6F8FDCAF04BCEF9B67F483B3A2C7A4F5D9FBB16961D70516EB41C90538E7.exe
zoc7224.exe
zoc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.