× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 363903b389384d878043105eef2dd5b8f5aacfa1ba7e3a2a2afc00c586b0e636
File name: 28f1d7b7f70d26266cba1a1e72865fe9b24c1907
Detection ratio: 14 / 55
Analysis date: 2014-09-21 04:24:11 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140921
AVG Crypt3.APZU 20140921
Avira (no cloud) TR/Zbot.A.1190 20140920
AVware Trojan.Compcert.090914 (fs) 20140920
ESET-NOD32 a variant of Win32/Kryptik.CLQW 20140920
Ikarus Trojan-Spy.Win32.Zbot 20140920
Kaspersky Trojan-Spy.Win32.Zbot.ueke 20140920
Kingsoft Win32.Troj.Zbot.ue.(kcloud) 20140921
Malwarebytes Trojan.Agent.ED 20140921
McAfee Artemis!14FD8F2600BE 20140921
McAfee-GW-Edition Artemis!Trojan 20140921
Panda Trj/Chgt.G 20140920
Sophos AV Mal/Generic-S 20140921
VIPRE Trojan.Compcert.090914 (fs) 20140921
Ad-Aware 20140921
AegisLab 20140921
Yandex 20140920
AhnLab-V3 20140920
Antiy-AVL 20140921
Baidu-International 20140920
BitDefender 20140921
Bkav 20140920
ByteHero 20140921
CAT-QuickHeal 20140920
ClamAV 20140920
CMC 20140918
Comodo 20140921
Cyren 20140921
DrWeb 20140921
Emsisoft 20140921
F-Prot 20140920
F-Secure 20140921
Fortinet 20140921
GData 20140921
Jiangmin 20140920
K7AntiVirus 20140919
K7GW 20140919
Microsoft 20140921
eScan 20140921
NANO-Antivirus 20140921
Norman 20140920
nProtect 20140920
Qihoo-360 20140921
Rising 20140920
SUPERAntiSpyware 20140920
Symantec 20140921
Tencent 20140921
TheHacker 20140919
TotalDefense 20140920
TrendMicro 20140921
TrendMicro-HouseCall 20140921
VBA32 20140919
ViRobot 20140921
Zillya 20140920
Zoner 20140919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 1995-2014

Publisher Sparkus
Product Command Bar Express
Original name cmdbar.exe
Internal name barexp
File version 1.0.0.18
Description Command Bar Express
Signature verification A certificate was explicitly revoked by its issuer.
Signers
[+] Sparkus
Status A certificate was explicitly revoked by its issuer.
Issuer None
Valid from 1:00 AM 8/19/2014
Valid to 12:59 AM 8/20/2015
Valid usage Code Signing
Algorithm SHA1
Thumbprint B7C5D687C3D5D84E6844A0EDFAC8BE2998EE35A2
Serial number 00 CB BD 5A 5B 69 02 ED 2C 16 2E 29 77 D2 01 12 28
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Valid
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-19 14:54:20
Entry Point 0x000044BB
Number of sections 5
PE sections
PE imports
GetTokenInformation
OpenProcessToken
ImageList_LoadImageA
ImageList_EndDrag
ChooseFontA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
GetCharWidth32A
SelectObject
AddFontResourceA
ChoosePixelFormat
SetBkColor
CreateDIBSection
EnumFontFamiliesExA
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsSetValue
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
lstrlenW
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
WriteConsoleW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetModuleHandleW
EncodePointer
GetLocaleInfoW
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
InterlockedIncrement
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
HeapAlloc
TerminateProcess
TlsGetValue
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
GetConsoleWindow
GetVolumeInformationA
Sleep
GetFileType
SetEndOfFile
LeaveCriticalSection
CreateFileA
ExitProcess
OutputDebugStringA
GetProcessHeap
GetProcAddress
SetLastError
MulDiv
GradientFill
RegisterActiveObject
EndDialog
HideCaret
EnumWindowStationsW
FindWindowA
ShowWindow
GetWindowThreadProcessId
IsWindow
AppendMenuA
InsertMenuItemW
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
IsWindowEnabled
GetDC
GetCursorPos
ReleaseDC
CreatePopupMenu
CheckMenuItem
GetWindowLongA
IsWindowVisible
SendMessageA
GetDlgItem
RegisterRawInputDevices
MessageBoxW
IsIconic
GetThreadDesktop
GetSubMenu
CreateMenu
GetMenuItemCount
EnableWindow
GetWindowTextA
PtInRect
closesocket
WTSQuerySessionInformationA
WTSFreeMemory
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_ICON 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.18

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
183296

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-2014

FileVersion
1.0.0.18

TimeStamp
2014:09:19 15:54:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
barexp

FileAccessDate
2014:10:10 12:03:50+01:00

ProductVersion
1.0.0.18

FileDescription
Command Bar Express

OSVersion
5.1

FileCreateDate
2014:10:10 12:03:50+01:00

OriginalFilename
cmdbar.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Free Software Foundation

CodeSize
84992

ProductName
Command Bar Express

ProductVersionNumber
1.0.0.18

EntryPoint
0x44bb

ObjectFileType
Executable application

File identification
MD5 14fd8f2600befa5cee27699d161fb6ba
SHA1 476c68bdef3342244b8c066da944ac12c80ba46a
SHA256 363903b389384d878043105eef2dd5b8f5aacfa1ba7e3a2a2afc00c586b0e636
ssdeep
6144:w86fbAqE6yGF18gGznqf6KNPbvV0CJUzuH8Qkrcd:wtfb/EDMy7bqf62bvV1UzOt

authentihash e75985eb3adefbf65948c12cedd65184d2124e7571f2e5bdf4d4e1a194955585
imphash 549014cb5df75f17d4efd2713ee4fbeb
File size 267.9 KB ( 274360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-09-19 17:38:17 UTC ( 4 years, 6 months ago )
Last submission 2014-09-21 04:24:11 UTC ( 4 years, 6 months ago )
File names 28f1d7b7f70d26266cba1a1e72865fe9b24c1907
14fd8f2600befa5cee27699d161fb6ba.kaf
cmdbar.exe
barexp
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
TCP connections
UDP communications