× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3738d11d8649a8f93bf1894edad2abc5fdd908da8fd58d8058a46aa60171c5d7
File name: lkmn895_sos.exe
Detection ratio: 0 / 57
Analysis date: 2015-03-17 06:36:29 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20150317
AegisLab 20150317
Yandex 20150316
AhnLab-V3 20150317
Alibaba 20150317
ALYac 20150317
Antiy-AVL 20150317
Avast 20150317
AVG 20150317
Avira (no cloud) 20150317
AVware 20150317
Baidu-International 20150316
BitDefender 20150317
Bkav 20150317
ByteHero 20150317
CAT-QuickHeal 20150317
ClamAV 20150316
CMC 20150316
Comodo 20150317
Cyren 20150317
DrWeb 20150317
Emsisoft 20150317
ESET-NOD32 20150317
F-Prot 20150317
F-Secure 20150317
Fortinet 20150317
GData 20150317
Ikarus 20150317
Jiangmin 20150316
K7AntiVirus 20150317
K7GW 20150317
Kaspersky 20150317
Kingsoft 20150317
Malwarebytes 20150317
McAfee 20150317
McAfee-GW-Edition 20150317
Microsoft 20150317
eScan 20150317
NANO-Antivirus 20150317
Norman 20150317
nProtect 20150316
Panda 20150316
Qihoo-360 20150317
Rising 20150316
Sophos AV 20150317
SUPERAntiSpyware 20150317
Symantec 20150317
Tencent 20150317
TheHacker 20150316
TotalDefense 20150316
TrendMicro 20150317
TrendMicro-HouseCall 20150317
VBA32 20150315
VIPRE 20150317
ViRobot 20150317
Zillya 20150316
Zoner 20150316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 4:27 PM 3/3/2015
Signers
[+] Outertech e.K.
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 1/7/2013
Valid to 12:59 AM 1/8/2018
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 291139B44C94CD89FEB18D67868453E2246B51AF
Serial number 21 81 D4 D0 A0 8F 78 15 53 C0 F2 45 70 7C 33 BF
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, UPX_LZMA, UPX, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:20:04
Entry Point 0x000038AF
Number of sections 6
PE sections
Overlays
MD5 cd747e101b88cf310e5cf41089ba07f9
File type data
Offset 459776
Size 6851272
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
LoadLibraryA
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
lstrcpynA
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
DeleteFileW
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 12
RT_DIALOG 7
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:24 20:20:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
10.0

EntryPoint
0x38af

InitializedDataSize
489984

SubsystemVersion
5.0

ImageVersion
6.0

OSVersion
5.0

UninitializedDataSize
16896

File identification
MD5 90e8d6efc15aab7e0d547f615497593b
SHA1 ec2773e8face8cf66dd1b572cfee11f03a3e7fb9
SHA256 3738d11d8649a8f93bf1894edad2abc5fdd908da8fd58d8058a46aa60171c5d7
ssdeep
196608:38FuhmHm14e5URHczjz4/fSdA9uhIa//QYSn7:sghmHdUr4/khIawYSn7

authentihash 41f57843b4987d5115f7ecbecfbb573f891fd765c63e0dc6e94a4ed6ec483e28
imphash be41bf7b8cc010b614bd36bbca606973
File size 7.0 MB ( 7311048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay revoked-cert signed nsis upx via-tor

VirusTotal metadata
First submission 2015-03-17 06:36:29 UTC ( 4 years, 1 month ago )
Last submission 2016-09-05 05:46:25 UTC ( 2 years, 7 months ago )
File names lkmn895_sos.exe
lkmn895_sos.exe
3738d11d8649a8f93bf1894edad2abc5fdd908da8fd58d8058a46aa60171c5d7.file
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.