× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29acafffb14bbae1edbd385ef9ae7438ec816cb29def076b4f51755fef980d79
File name: smfree_dm.exe
Detection ratio: 0 / 57
Analysis date: 2015-05-07 15:10:11 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150507
AegisLab 20150507
Yandex 20150506
AhnLab-V3 20150507
Alibaba 20150507
ALYac 20150507
Antiy-AVL 20150507
Avast 20150507
AVG 20150507
Avira (no cloud) 20150512
AVware 20150507
Baidu-International 20150507
BitDefender 20150507
Bkav 20150507
ByteHero 20150507
CAT-QuickHeal 20150507
ClamAV 20150507
CMC 20150506
Comodo 20150507
Cyren 20150507
DrWeb 20150507
Emsisoft 20150507
ESET-NOD32 20150507
F-Prot 20150507
F-Secure 20150507
Fortinet 20150507
GData 20150507
Ikarus 20150507
Jiangmin 20150506
K7AntiVirus 20150507
K7GW 20150507
Kaspersky 20150507
Kingsoft 20150507
Malwarebytes 20150507
McAfee 20150507
McAfee-GW-Edition 20150507
Microsoft 20150507
eScan 20150507
NANO-Antivirus 20150507
Norman 20150507
nProtect 20150507
Panda 20150506
Qihoo-360 20150507
Rising 20150507
Sophos AV 20150507
SUPERAntiSpyware 20150507
Symantec 20150507
Tencent 20150507
TheHacker 20150505
TotalDefense 20150507
TrendMicro 20150507
TrendMicro-HouseCall 20150507
VBA32 20150507
VIPRE 20150507
ViRobot 20150507
Zillya 20150507
Zoner 20150507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 5:35 PM 9/22/2011
Signers
[+] iolo technologies, LLC
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 8/27/2009
Valid to 12:59 AM 10/7/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E75CBB37D2764416C3BCA0A44FDFF9B586F56D4F
Serial number 7B AD F1 1B 0F 2C 98 4A 7E 65 DA 07 30 65 ED 8F
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT Aspack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0018F001
Number of sections 10
PE sections
Overlays
MD5 2bdb2e8c102725a7ed5d581695e55e99
File type data
Offset 579072
Size 6840
Entropy 7.28
PE imports
SetSecurityDescriptorDacl
CloseServiceHandle
SetNamedSecurityInfoA
RegQueryValueExA
GetKernelObjectSecurity
ImageList_Write
ImageList_SetIconSize
GetSaveFileNameA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
CreateStreamOnHGlobal
CoTaskMemFree
GetHGlobalFromStream
CreateErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SHGetSpecialFolderPathA
Shell_NotifyIconA
CreateWindowExA
GetKeyboardType
VerQueryValueW
InternetQueryOptionA
timeGetTime
Number of PE resources by type
RT_STRING 34
RT_BITMAP 25
RT_GROUP_CURSOR 9
RT_ICON 9
RT_CURSOR 9
RT_RCDATA 7
UNICODEDATA 6
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 102
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
1214464

SubsystemVersion
4.0

Comments
iolo Download Manager

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
iolo Download Manager

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
ASCII

InitializedDataSize
380928

EntryPoint
0x18f001

MIMEType
application/octet-stream

LegalCopyright
Copyright 2010 iolo technologies, LLC

FileVersion
1.0.0.8

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.8

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
iolo technologies, LLC

LegalTrademarks
iolo technologies, LLC

ProductName
iolo Download Manager

ProductVersionNumber
1.0.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 b54c49047c65c768a430d41b54878a9f
SHA1 1bce10b7e10c932501c0f04d5b8b361bfa354122
SHA256 29acafffb14bbae1edbd385ef9ae7438ec816cb29def076b4f51755fef980d79
ssdeep
12288:jqATpPItCRb1+OLpGQvD0XScFe7pDGyT2lER+3hd:/T9R5+xolC1hd

authentihash c701f14f62098b312619d176f1aadf14d93ebffcf61cc3e89e6eaee251fd42d1
imphash 0c73c6b8cd86245915c84efb1e626094
File size 572.2 KB ( 585912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe aspack signed overlay

VirusTotal metadata
First submission 2011-10-01 18:35:42 UTC ( 6 years, 10 months ago )
Last submission 2018-07-31 23:27:56 UTC ( 1 week, 6 days ago )
File names smfree_dm.exe?token=1331470416_16c3ce83cd6bac8e615f427dd0e52616
System-Mechanic140152.exe
system-mechanic-11-7-es-en-win.exe
test.exe
System-Mechanic1400152.exe
smfree_dm_iolo.exe
196720
System-Mechanic127039.exe
system_mechanic_11_7_fr_9702.exe
smfree_dm.exe
System Mechanic Free.exe
smfree_dm1270.exe
smfree_dm12.5.exe
system mechanic.exe
smfree_dm.exe
smfree_dm.exe
smfree-dm.exe
iolo system mechanic.exe
smfree_dm.exe
System-Mechanic1400132.exe
1468622703-smfree_dm.exe
System Mechanic Free 16.5.1.27.exe
system-mechanic_17-0-1-11_fr_9702.exe
b54c49047c65c768a430d41b54878a9f
SystemMechanic6.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!