× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 263141a23ff146f7f5ec425d42e9eeae40d3d9d5e283033e96b9b4c83b3c303e
File name: development.png
Detection ratio: 13 / 67
Analysis date: 2019-02-15 19:29:34 UTC ( 1 month ago ) View latest
Antivirus Result Update
Avast Win32:DangerousSig [Trj] 20190215
AVG Win32:DangerousSig [Trj] 20190215
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
DrWeb BackDoor.Qbot.447 20190215
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.CZMW 20190215
Fortinet W32/GenKryptik.CZMW!tr 20190215
Sophos ML heuristic 20181128
Malwarebytes Backdoor.Qbot 20190215
Rising Trojan.GenKryptik!8.AA55/N3#76% (RDM+:cmRtazoucqS3nYKG4Wa8kGTp8uAh) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190215
Webroot W32.Trojan.Gen 20190215
Acronis 20190213
Ad-Aware 20190215
AegisLab 20190215
AhnLab-V3 20190215
Alibaba 20180921
ALYac 20190215
Antiy-AVL 20190215
Arcabit 20190215
Avast-Mobile 20190215
Avira (no cloud) 20190215
Babable 20180918
Baidu 20190215
BitDefender 20190215
Bkav 20190215
CAT-QuickHeal 20190215
ClamAV 20190215
CMC 20190215
Comodo 20190215
Cybereason 20190109
Cyren 20190215
eGambit 20190215
Emsisoft 20190215
F-Prot 20190215
F-Secure 20190215
GData 20190215
Ikarus 20190215
Jiangmin 20190215
K7AntiVirus 20190215
K7GW 20190215
Kaspersky 20190215
Kingsoft 20190215
MAX 20190221
McAfee 20190215
McAfee-GW-Edition 20190215
Microsoft 20190215
eScan 20190215
NANO-Antivirus 20190215
Palo Alto Networks (Known Signatures) 20190215
Panda 20190215
Qihoo-360 20190215
SUPERAntiSpyware 20190213
Symantec 20190215
Symantec Mobile Insight 20190207
TACHYON 20190215
Tencent 20190215
TheHacker 20190215
Trapmine 20190123
Trustlook 20190215
VBA32 20190215
VIPRE 20190215
ViRobot 20190215
Yandex 20190215
Zillya 20190220
ZoneAlarm by Check Point 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 3:19 PM 2/14/2019
Signers
[+] Edsabame Consultants Ltd
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Sectigo RSA Code Signing CA
Valid from 12:00 AM 01/21/2019
Valid to 11:59 PM 01/21/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint BBD680C56731AB7CF1711F44427A604C6AFA80F8
Serial number 00 F1 86 BB F2 BF 36 9D 36 0A 09 02 A0 66 A4 76 2A
[+] Sectigo RSA Code Signing CA
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 12:00 AM 11/02/2018
Valid to 11:59 PM 12/31/2030
Valid usage Code Signing, Timestamp Signing
Algorithm sha384RSA
Thumbprint 94C95DA1E850BD85209A4A2AF3E1FB1604F9BB66
Serial number 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
[+] USERTrust Secure™
Status Valid
Issuer USERTrust RSA Certification Authority
Valid from 12:00 AM 02/01/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Serial number 01 FD 6D 30 FC A3 CA 51 A8 1B BC 64 0E 35 03 2D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/31/2015
Valid to 05:40 PM 07/09/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 05:31 PM 07/09/1999
Valid to 05:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1994-07-23 14:01:55
Entry Point 0x0005A5A5
Number of sections 6
PE sections
Overlays
MD5 c11695f473a6bb8e3899d5f5add59075
File type data
Offset 1302528
Size 5360
Entropy 7.42
PE imports
LookupPrivilegeNameW
SaferIdentifyLevel
OpenThreadToken
RegDeleteKeyW
CreateProcessAsUserW
IsValidSecurityDescriptor
AuthzFreeContext
ImageList_GetImageInfo
ImageList_SetOverlayImage
CryptMsgVerifyCountersignatureEncoded
CertNameToStrW
SetDCPenColor
SetBkMode
GetTextMetricsA
GetKerningPairsA
SetBkColor
CreateCompatibleDC
ImmGetProperty
GetBestRoute
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCommModemStatus
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
InterlockedDecrement
OutputDebugStringA
SetLastError
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetFilePointer
SetUnhandledExceptionFilter
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetProcessShutdownParameters
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetProcAddress
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetUserDefaultLCID
GetPrivateProfileSectionW
GetTimeZoneInformation
OpenJobObjectW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
CreateThreadpoolCleanupGroup
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
GetCurrentThread
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetConsoleCtrlHandler
VirtualAlloc
GetTimeFormatA
NetServerGetInfo
NetGroupDel
VariantCopy
VarI4FromDate
VarDateFromCy
I_RpcAllocate
RpcServerRegisterIf2
I_RpcServerUseProtseq2W
NdrConvert
SetupDiCreateDevRegKeyW
CM_Free_Res_Des_Handle
SetupDiSetSelectedDevice
SetupDiGetDeviceInfoListDetailA
SHEnumerateUnreadMailAccountsW
DragQueryFileA
PathGetCharTypeA
PathQuoteSpacesA
SHDeleteValueA
HashData
PathParseIconLocationW
PathRemoveArgsW
wnsprintfA
PathFileExistsA
VerifySignature
EndDeferWindowPos
OemToCharBuffA
SetMessageExtraInfo
RegisterClipboardFormatA
SetWindowContextHelpId
CreateCaret
GetWindowContextHelpId
MessageBoxIndirectW
GetSysColor
CallNextHookEx
midiStreamPosition
sndPlaySoundW
EnumPrinterDataExW
AddMonitorW
SCardListReaderGroupsA
SCardListReaderGroupsW
OleSave
BindMoniker
CoAllowSetForegroundWindow
Number of PE resources by type
TEXT 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1994:07:23 16:01:55+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
557056

LinkerVersion
12.1

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x5a5a5

InitializedDataSize
761856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7f5a9da3d5890ab7d27cc0f73b7520f8
SHA1 10c540521ae79a8631daa3db4ab958744ffc3f39
SHA256 263141a23ff146f7f5ec425d42e9eeae40d3d9d5e283033e96b9b4c83b3c303e
ssdeep
12288:qNvZkRRtnJgsa/Sill5a+wLBXcS6OUrDcgSgZ2GbCegyjY3KY5R2EOTRrc/OzIMT:MwXJriDBDuSrTSAlnMB5AEdwIMZRr

authentihash 266cc1ba303677a5709bd8d54ce4f1a0734190bc0d32bab014620c9a70d1236d
imphash a0bd0d772497778640fc0f196e29ca0f
File size 1.2 MB ( 1307888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2019-02-15 19:29:34 UTC ( 1 month ago )
Last submission 2019-02-15 19:29:34 UTC ( 1 month ago )
File names development.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!