× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32dc0c2c664231bfddc03a8f1dca7e22aaa86a53e803aee3f0211436f636b34e
File name: out
Detection ratio: 23 / 68
Analysis date: 2018-11-04 18:22:48 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/PSW.Stealer.rkuyh 20181104
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cyren W32/Trojan.GKXM-3456 20181104
Endgame malicious (high confidence) 20180730
Fortinet W32/CMY3U.ACY!tr 20181104
Ikarus Trojan.Win32.CMY3U 20181104
K7AntiVirus Riskware ( 0040eff71 ) 20181104
K7GW Riskware ( 0040eff71 ) 20181104
Kaspersky Trojan.Win32.CMY3U.acy 20181104
MAX malware (ai score=98) 20181104
McAfee Artemis!EA8B62621FF8 20181104
McAfee-GW-Edition BehavesLike.Win32.SSProtect.vc 20181104
Microsoft Trojan:Win32/Occamy.C 20181104
NANO-Antivirus Trojan.Win32.CMY3U.fcboxc 20181104
Panda Trj/CI.A 20181104
Sophos AV Mal/Generic-S 20181104
Symantec Trojan.FakeAV 20181103
Tencent Win32.Trojan.Cmy3u.Amch 20181104
TrendMicro TROJ_GEN.R001C0OF518 20181104
TrendMicro-HouseCall TROJ_GEN.R001C0OF518 20181104
VBA32 Trojan.CMY3U 20181102
VIPRE Trojan.Win32.Generic!BT 20181103
ZoneAlarm by Check Point Trojan.Win32.CMY3U.acy 20181104
Ad-Aware 20181104
AegisLab 20181104
AhnLab-V3 20181104
Alibaba 20180921
ALYac 20181104
Antiy-AVL 20181104
Arcabit 20181104
Avast 20181104
Avast-Mobile 20181104
AVG 20181104
Babable 20180918
Baidu 20181102
BitDefender 20181104
Bkav 20181102
CAT-QuickHeal 20181104
ClamAV 20181104
CMC 20181104
Cybereason 20180225
Cylance 20181104
DrWeb 20181104
eGambit 20181104
Emsisoft 20181104
ESET-NOD32 20181104
F-Prot 20181104
F-Secure 20181104
GData 20181104
Sophos ML 20180717
Jiangmin 20181104
Kingsoft 20181104
Malwarebytes 20181104
eScan 20181104
Palo Alto Networks (Known Signatures) 20181104
Qihoo-360 20181104
Rising 20181104
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181104
TheHacker 20181104
TotalDefense 20181104
Trustlook 20181104
ViRobot 20181104
Webroot 20181104
Yandex 20181102
Zillya 20181102
Zoner 20181104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2017 风尚云起文化传媒(北京)有限公司

Product 看看头条
File version 1.3.0.6
Description 看看头条
Signature verification Signed file, verified signature
Signing date 2:01 AM 4/27/2018
Signers
[+] 风尚云起文化传媒(北京)有限公司
Status Valid
Issuer WoSign Code Signing CA
Valid from 11:30 AM 03/08/2018
Valid to 11:30 AM 03/08/2019
Valid usage Code Signing, 1.3.6.1.4.1.311.61.1.1
Algorithm sha256RSA
Thumbprint FFF43F9C88A869B7A1161117A2127713B5F44BA1
Serial number 4F 29 27 F8 68 20 C4 6E B0 09 87 7D A2 C1 E4 A7
[+] WoSign Code Signing CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 08:45 AM 11/09/2016
Valid to 08:45 AM 11/09/2026
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8EE115F1DBDF2F334F3917BBC09C684474A8A65D
Serial number 17 EF 72 B4 15 7D 6F 4B 68 E4 BD D5 75 E5 CC AE
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 11:07 AM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-01 00:33:55
Entry Point 0x0000330D
Number of sections 5
PE sections
Overlays
MD5 1ae85b99f70f069f086e350e17e2a324
File type data
Offset 106496
Size 2937672
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 13
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
1.3.0.6

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
118784

EntryPoint
0x330d

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.3.0.6

TimeStamp
2017:08:01 02:33:55+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.0.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (c) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
25088

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ea8b62621ff812ea4e99d888004bbaba
SHA1 647db6bec5220c21a62aae64440fb5405d43ce12
SHA256 32dc0c2c664231bfddc03a8f1dca7e22aaa86a53e803aee3f0211436f636b34e
ssdeep
49152:EemJrw7TR+REZXGBCmarw6TC1ZNVWlw+65y6SVw3kwIkl66B7WICDaVS:BaMTR+m1SXGVgLVWl0y6SVwUUB7ZCDb

authentihash 2098db76808b3e12d96d9c3f4516d6f7ac65c58b1a397eab8d099639acf07248
imphash 57e98d9a5a72c8d7ad8fb7a6a58b3daf
File size 2.9 MB ( 3044168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2018-05-18 07:41:16 UTC ( 9 months, 1 week ago )
Last submission 2019-02-14 06:01:42 UTC ( 5 days, 9 hours ago )
File names 6789News_49.exe
output.115243112.txt
out
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections