× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 266359038416a1c10058f7f223c57d4dd185718469d8d73fdf42bca6f5a4ebc1
File name: 488465
Detection ratio: 1 / 57
Analysis date: 2016-05-14 19:19:12 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.DB74 20160514
Ad-Aware 20160514
AegisLab 20160514
AhnLab-V3 20160514
Alibaba 20160513
ALYac 20160514
Antiy-AVL 20160514
Arcabit 20160514
Avast 20160514
AVG 20160514
Avira (no cloud) 20160514
AVware 20160511
Baidu 20160514
Baidu-International 20160514
BitDefender 20160514
CAT-QuickHeal 20160514
ClamAV 20160514
CMC 20160510
Comodo 20160514
Cyren 20160514
DrWeb 20160514
Emsisoft 20160514
ESET-NOD32 20160514
F-Prot 20160514
F-Secure 20160514
Fortinet 20160514
GData 20160514
Ikarus 20160514
Jiangmin 20160514
K7AntiVirus 20160514
K7GW 20160514
Kaspersky 20160514
Kingsoft 20160514
Malwarebytes 20160514
McAfee 20160514
McAfee-GW-Edition 20160514
Microsoft 20160514
eScan 20160514
NANO-Antivirus 20160514
nProtect 20160513
Panda 20160514
Qihoo-360 20160514
Rising 20160514
Sophos AV 20160514
SUPERAntiSpyware 20160514
Symantec 20160514
Tencent 20160514
TheHacker 20160514
TotalDefense 20160514
TrendMicro 20160514
TrendMicro-HouseCall 20160514
VBA32 20160513
VIPRE 20160514
ViRobot 20160514
Yandex 20160513
Zillya 20160514
Zoner 20160514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 6:47 PM 5/13/2014
Signers
[+] RFF Electronics
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Go Daddy Secure Certificate Authority - G2
Valid from 9:30 PM 5/9/2014
Valid to 10:20 PM 6/22/2016
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 39D6290B09D357D0A033F3F404ABFF48A5DDD57F
Serial number 2B 44 32 99 11 9A B7
[+] Go Daddy Secure Certificate Authority - G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 8:00 AM 5/3/2011
Valid to 8:00 AM 5/3/2031
Valid usage All
Algorithm sha256RSA
Thumbprint 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
Serial number 07
[+] Go Daddy Root Certificate Authority – G2
Status Valid
Issuer Go Daddy Root Certificate Authority - G2
Valid from 1:00 AM 9/1/2009
Valid to 12:59 AM 1/1/2038
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint 47BEABC922EAE80E78783462A79F45C254FDE68B
Serial number 00
Counter signers
[+] Starfield Timestamp Authority - G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 8:00 AM 4/1/2014
Valid to 8:00 AM 4/1/2019
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint C1ECE31AD10ED55433A735AAE0295AB82E3D0B0C
Serial number 1E 8D FE
[+] Starfield Root Certificate Authority – G2
Status Valid
Issuer Starfield Root Certificate Authority - G2
Valid from 1:00 AM 9/1/2009
Valid to 12:59 AM 1/1/2038
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
Serial number 00
Packers identified
F-PROT appended, Unicode, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-02 20:24:29
Entry Point 0x0001479F
Number of sections 5
PE sections
Overlays
MD5 a2468432c8c62f6ceaf6334489404ad0
File type data
Offset 5595136
Size 5408
Entropy 7.30
PE imports
GetDeviceCaps
ExtTextOutW
DeleteDC
CreateFontIndirectW
GetBkColor
SetBkColor
SelectObject
DeleteObject
CreateDCW
SetTextAlign
GetTextExtentPoint32W
SetTextColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
InitializeCriticalSection
GlobalHandle
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GlobalMemoryStatus
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
CreateProcessW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
GetParent
UpdateWindow
EndDialog
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowWord
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
EndPaint
DialogBoxParamW
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
DispatchMessageW
SendMessageW
RegisterClassW
GetWindowLongW
SetActiveWindow
SendDlgItemMessageW
GetClientRect
GetDlgItem
SetRect
InvalidateRect
SetTimer
OemToCharA
LoadStringW
GetTopWindow
SetWindowTextW
GetWindowWord
LoadCursorW
LoadIconW
EnableWindow
SetForegroundWindow
GetLastActivePopup
SetCursor
Number of PE resources by type
RT_STRING 9
RT_DIALOG 2
RT_ICON 2
RT_MANIFEST 1
WZ_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:11:02 21:24:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147456

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
57344

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1479f

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 31dc036151d9174ca946ae1a25cdf960
SHA1 43a86794f2102ad5c09093d7a5c9ace0355576c6
SHA256 266359038416a1c10058f7f223c57d4dd185718469d8d73fdf42bca6f5a4ebc1
ssdeep
98304:5cvNPsv5JZEatjoFLE9DT62ksgu50ja1qxQzswjBC6sI6ojNux5jC:5cvpi3ZEaZjNLgP21u6sIdNuq

authentihash 902d8e87c0171f467d3c011a3e538ef016e9e3f2ec05e5ba5f28c4decf239331
imphash c37a0cf32fb77a9ca8948933d9037856
File size 5.3 MB ( 5600544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (31.5%)
Win64 Executable (generic) (27.9%)
Winzip Win32 self-extracting archive (generic) (23.2%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-05-18 05:59:27 UTC ( 4 years, 10 months ago )
Last submission 2018-05-09 00:01:16 UTC ( 10 months, 1 week ago )
File names RFFTrial.exe
RFFTrial(1).exe
RFFTrial.exe
rfftrial.exe
488465
rfflow_5-06_fr_64984.exe
RFFTrial.exe
266359038416A1C10058F7F223C57D4DD185718469D8D73FDF42BCA6F5A4EBC1
31dc036151d9174ca946ae1a25cdf960.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs