× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29a0af328b686b4850706e82e638ce64810870b9d97331b3e6b26fa4e7e94581
File name: upit.exe
Detection ratio: 12 / 67
Analysis date: 2018-11-16 03:35:31 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.2214f3 20180225
Cylance Unsafe 20181116
Emsisoft Application.AdFile (A) 20181116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.FYRM 20181116
Ikarus PUA.FileTour 20181115
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181116
Microsoft Trojan:Win32/Fuerboos.E!cl 20181116
Qihoo-360 Win32/Trojan.0fe 20181116
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181116
Ad-Aware 20181116
AegisLab 20181116
AhnLab-V3 20181115
Alibaba 20180921
ALYac 20181116
Antiy-AVL 20181116
Arcabit 20181115
Avast 20181116
Avast-Mobile 20181115
AVG 20181116
Avira (no cloud) 20181115
Babable 20180918
Baidu 20181115
BitDefender 20181116
Bkav 20181115
CAT-QuickHeal 20181115
ClamAV 20181116
CMC 20181115
Cyren 20181116
DrWeb 20181116
eGambit 20181116
F-Prot 20181116
F-Secure 20181116
Fortinet 20181116
GData 20181116
Jiangmin 20181116
K7AntiVirus 20181113
K7GW 20181115
Kingsoft 20181116
Malwarebytes 20181116
MAX 20181116
McAfee 20181116
McAfee-GW-Edition 20181116
eScan 20181116
NANO-Antivirus 20181116
Palo Alto Networks (Known Signatures) 20181116
Panda 20181115
Rising 20181116
SentinelOne (Static ML) 20181011
Sophos AV 20181115
SUPERAntiSpyware 20181114
Symantec 20181116
Symantec Mobile Insight 20181108
TACHYON 20181116
Tencent 20181116
TheHacker 20181113
TotalDefense 20181115
TrendMicro 20181116
TrendMicro-HouseCall 20181116
Trustlook 20181116
VBA32 20181115
ViRobot 20181115
Webroot 20181116
Yandex 20181115
Zillya 20181115
Zoner 20181116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Certificate out of its validity period
Signers
[+] LYUBAVA,OOO
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 07/09/2018
Valid to 10:59 PM 07/20/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8A8B939C031A85567D0486C0E51F43A764C90A58
Serial number 00 F7 DC 16 91 C7 76 FA 28 14 DC CE 9E 8D 51 ED AC
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-22 19:44:15
Entry Point 0x000041FE
Number of sections 4
PE sections
Overlays
MD5 a9e9a73dac8b6d351e141e80e2376561
File type data
Offset 293888
Size 5056
Entropy 7.54
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FatalExit
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetThreadSelectorEntry
TerminateProcess
WriteConsoleA
GlobalAlloc
FindAtomA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
AddAtomA
GetCommProperties
GetProcAddress
CompareStringW
GetTimeFormatA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetLocaleInfoW
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
WriteConsoleOutputCharacterW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
GradientFill
GetMonitorInfoW
BeginPaint
PeekMessageA
UpdateWindow
LookupIconIdFromDirectory
LoadIconW
GetRawInputDeviceInfoA
ScrollWindow
SetThreadDesktop
GetNextDlgTabItem
GetParent
WinHttpCloseHandle
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit, System file

CharacterSet
Unknown (A56B)

InitializedDataSize
346624

EntryPoint
0x41fe

MIMEType
application/octet-stream

FileVersion
1.0.0.1

TimeStamp
2017:08:22 21:44:15+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
tregohilla

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
107008

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 897f041dcef4aee894031a4172721e4c
SHA1 426e7e42214f303549cebee6f2b15705a6ffee99
SHA256 29a0af328b686b4850706e82e638ce64810870b9d97331b3e6b26fa4e7e94581
ssdeep
6144:nGvIVXKtFKmlk2KdXKCj+vb5cccccccccccccccccccce1cccCcccsccccccccca:nGvIe+j6Cj+vb5cccccccccccccccccT

authentihash 3dde5cec6286bf18279d539451558bc209bcec78fe86b3b43c056bcce526e9c9
imphash a97e45f32903fd16dc5f886f6f61eb93
File size 291.9 KB ( 298944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-11-16 03:35:31 UTC ( 4 months, 1 week ago )
Last submission 2018-11-16 03:35:31 UTC ( 4 months, 1 week ago )
File names upit.exe
srjsuves.exe
rdtaessu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs